Hugging Face's logo

Spaces:
CoruNethron
/
openssl-for-restless-souls
Running

App Files Community
CoruNethron commited on
Commit
aa7e62e
Β·
verified Β·
1 Parent(s): 4972b93

Please fix only the part "4. How to Detect Real Success". Instead of visual inspection with `file` add an example with hexdump. Remove "Checksum Verification" and "Structure Validation" blocks. Replace them with another advice - to train and use LLM model to answer YES/NO question about decryption results. - Initial Deployment

Browse files
Files changed (2) hide show
  1. README.md +6 -4
  2. index.html +304 -19
README.md CHANGED
@@ -1,10 +1,12 @@
1
  ---
2
- title: Openssl For Restless Souls
3
- emoji: πŸ†
4
- colorFrom: red
5
  colorTo: green
6
  sdk: static
7
  pinned: false
 
 
8
  ---
9
 
10
- Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
 
1
  ---
2
+ title: openssl-for-restless-souls
3
+ emoji: 🐳
4
+ colorFrom: gray
5
  colorTo: green
6
  sdk: static
7
  pinned: false
8
+ tags:
9
+ - deepsite
10
  ---
11
 
12
+ Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference
index.html CHANGED
@@ -1,19 +1,304 @@
1
- <!doctype html>
2
- <html>
3
- <head>
4
- <meta charset="utf-8" />
5
- <meta name="viewport" content="width=device-width" />
6
- <title>My static Space</title>
7
- <link rel="stylesheet" href="style.css" />
8
- </head>
9
- <body>
10
- <div class="card">
11
- <h1>Welcome to your static Space!</h1>
12
- <p>You can modify this app directly by editing <i>index.html</i> in the Files and versions tab.</p>
13
- <p>
14
- Also don't forget to check the
15
- <a href="https://huggingface.co/docs/hub/spaces" target="_blank">Spaces documentation</a>.
16
- </p>
17
- </div>
18
- </body>
19
- </html>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <!DOCTYPE html>
2
+ <html lang="en">
3
+ <head>
4
+ <meta charset="UTF-8">
5
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
+ <title>OpenSSL for Restless Souls</title>
7
+ <script src="https://cdn.tailwindcss.com"></script>
8
+ <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/styles/atom-one-dark.min.css">
9
+ <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/highlight.min.js"></script>
10
+ <script>hljs.highlightAll();</script>
11
+ <style>
12
+ .code-block {
13
+ border-radius: 0.5rem;
14
+ font-size: 0.9rem;
15
+ }
16
+ .hero-gradient {
17
+ background: linear-gradient(135deg, #1e3a8a 0%, #0ea5e9 100%);
18
+ }
19
+ .section-divider {
20
+ border-bottom: 2px dashed #e2e8f0;
21
+ }
22
+ .info-card {
23
+ transition: transform 0.3s ease, box-shadow 0.3s ease;
24
+ }
25
+ .info-card:hover {
26
+ transform: translateY(-5px);
27
+ box-shadow: 0 10px 15px -3px rgba(0, 0, 0, 0.1);
28
+ }
29
+ </style>
30
+ </head>
31
+ <body class="bg-gray-50 font-sans antialiased">
32
+ <!-- Header -->
33
+ <header class="hero-gradient text-white">
34
+ <div class="container mx-auto px-4 py-16">
35
+ <div class="max-w-3xl mx-auto text-center">
36
+ <h1 class="text-4xl md:text-5xl font-bold mb-6">OpenSSL for Restless Souls</h1>
37
+ <p class="text-xl opacity-90">When your password seems to work, but it's actually wrong</p>
38
+ </div>
39
+ </div>
40
+ </header>
41
+
42
+ <!-- Introduction -->
43
+ <section class="py-12 px-4">
44
+ <div class="container mx-auto max-w-4xl">
45
+ <div class="bg-white rounded-xl shadow-md p-6 md:p-8">
46
+ <h2 class="text-2xl font-bold text-gray-800 mb-4">The Mystery of False Positives</h2>
47
+ <p class="text-gray-700 mb-4">
48
+ Imagine you're trying to unlock a door with a key. You try your key and the door opens - success! But wait...
49
+ when you step inside, you realize this isn't your house at all. That's essentially what can happen with OpenSSL decryption.
50
+ </p>
51
+ <p class="text-gray-700">
52
+ OpenSSL, the popular cryptographic tool, sometimes tells you a password worked when it actually didn't.
53
+ This tutorial will explain why this happens and how to deal with it.
54
+ </p>
55
+ </div>
56
+ </div>
57
+ </section>
58
+
59
+ <!-- Correct Password Example -->
60
+ <section class="py-12 px-4 bg-gray-100">
61
+ <div class="container mx-auto max-w-4xl">
62
+ <h2 class="text-3xl font-bold text-gray-800 mb-8 text-center">1. The Correct Way</h2>
63
+
64
+ <div class="mb-8">
65
+ <h3 class="text-xl font-semibold text-gray-800 mb-3">Encrypting a File</h3>
66
+ <p class="text-gray-700 mb-4">
67
+ First, let's see how to properly encrypt and decrypt a file with OpenSSL using AES-256-CBC encryption:
68
+ </p>
69
+ <pre class="code-block"><code class="language-bash"># Create a file with our secret message
70
+ $ echo -n "hello world" > ./toencrypt.txt
71
+
72
+ # Encrypt it using AES-256-CBC with a password
73
+ $ openssl enc -aes-256-cbc -a -in ./toencrypt.txt \
74
+ -pass pass:`echo -n "correctpass" | shasum -a 256 - | sed -E 's/ -//'` \
75
+ > ./encres.txt</code></pre>
76
+ </div>
77
+
78
+ <div>
79
+ <h3 class="text-xl font-semibold text-gray-800 mb-3">Decrypting Successfully</h3>
80
+ <p class="text-gray-700 mb-4">
81
+ Now let's decrypt it with the correct password:
82
+ </p>
83
+ <pre class="code-block"><code class="language-bash">$ openssl enc -aes-256-cbc -d -a -in ./encres.txt \
84
+ -pass pass:`echo -n "correctpass" | shasum -a 256 - | sed -E 's/ -//'`
85
+
86
+ hello world</code></pre>
87
+ <p class="text-gray-700 mt-4">
88
+ This works exactly as expected - we get back our original "hello world" message.
89
+ </p>
90
+ </div>
91
+ </div>
92
+ </section>
93
+
94
+ <!-- The Problem Section -->
95
+ <section class="py-12 px-4">
96
+ <div class="container mx-auto max-w-4xl">
97
+ <h2 class="text-3xl font-bold text-gray-800 mb-8 text-center">2. The Surprising Behavior</h2>
98
+
99
+ <div class="bg-white rounded-xl shadow-md p-6 md:p-8 mb-8">
100
+ <h3 class="text-xl font-semibold text-gray-800 mb-3">Testing Wrong Passwords</h3>
101
+ <p class="text-gray-700 mb-4">
102
+ Now let's try something interesting. We'll write a script to test many wrong passwords and see what happens:
103
+ </p>
104
+ <pre class="code-block"><code class="language-bash">#!/bin/bash
105
+
106
+ # Encrypted file from our example
107
+ enc_file="./encres.txt"
108
+
109
+ # Loop through 0001 to 9999
110
+ for i in {1..9999}; do
111
+ # Format password as wrongpassXXXX
112
+ pass="wrongpass$(printf "%04d" $i)"
113
+
114
+ # Generate SHA256 hash of password
115
+ pass_hash=$(echo -n "$pass" | shasum -a 256 | sed -E 's/[[:space:]]+-//')
116
+
117
+ # Attempt decryption, suppress error messages
118
+ result=$(openssl enc -aes-256-cbc -d -a -in "$enc_file" -pass pass:"$pass_hash" 2>/dev/null)
119
+ exit_code=$?
120
+
121
+ # Check if OpenSSL reported successful decryption
122
+ if [ $exit_code -eq 0 ]; then
123
+ echo "========================================================"
124
+ echo "False positive found with password: $pass"
125
+ echo "Hexdump of decrypted output:"
126
+ echo -n "$result" | hexdump -C
127
+ echo "========================================================"
128
+ echo
129
+ fi
130
+ done</code></pre>
131
+ </div>
132
+
133
+ <div class="bg-yellow-50 border-l-4 border-yellow-400 p-4 mb-8">
134
+ <div class="flex">
135
+ <div class="ml-3">
136
+ <h3 class="text-lg font-medium text-yellow-800">Unexpected Results</h3>
137
+ <p class="text-yellow-700 mt-2">
138
+ When running this script, you might see output like this:
139
+ </p>
140
+ <pre class="code-block mt-2"><code class="language-text">========================================================
141
+ False positive found with password: wrongpass0030
142
+ Hexdump of decrypted output:
143
+ 00000000 17 c6 30 30 02 9d 94 d1 7d af 12 a7 35 07 71 |..00....}...5.q|
144
+ 0000000f
145
+ ========================================================
146
+
147
+ ========================================================
148
+ False positive found with password: wrongpass1194
149
+ Hexdump of decrypted output:
150
+ 00000000 5b d9 d7 5b ea b9 2b d8 a5 cb e8 b9 f7 a9 e7 |[..[..+........|
151
+ 0000000f
152
+ ========================================================</code></pre>
153
+ </div>
154
+ </div>
155
+ </div>
156
+
157
+ <p class="text-gray-700">
158
+ These are <span class="font-semibold">false positives</span> - OpenSSL reports success with wrong passwords!
159
+ The decrypted output is garbage, but OpenSSL had no way to know it wasn't what we originally encrypted.
160
+ </p>
161
+ </div>
162
+ </section>
163
+
164
+ <!-- Explanation Section -->
165
+ <section class="py-12 px-4 bg-gray-100">
166
+ <div class="container mx-auto max-w-4xl">
167
+ <h2 class="text-3xl font-bold text-gray-800 mb-8 text-center">3. Why This Happens</h2>
168
+
169
+ <div class="grid md:grid-cols-2 gap-6 mb-8">
170
+ <div class="info-card bg-white rounded-xl shadow-md p-6">
171
+ <h3 class="text-xl font-semibold text-gray-800 mb-3">Padding Oracle Mystery</h3>
172
+ <p class="text-gray-700">
173
+ OpenSSL uses <span class="font-semibold">PKCS#7 padding</span> for block ciphers like AES. When decrypting, it checks if the padding is valid, not if the data makes sense.
174
+ </p>
175
+ <p class="text-gray-700 mt-2">
176
+ With a wrong password but correct padding, OpenSSL happily decrypts the data, resulting in garbage output.
177
+ </p>
178
+ </div>
179
+
180
+ <div class="info-card bg-white rounded-xl shadow-md p-6">
181
+ <h3 class="text-xl font-semibold text-gray-800 mb-3">Probability of False Positives</h3>
182
+ <p class="text-gray-700">
183
+ For AES (block size 16 bytes), the chance of random padding being valid is about 1/256. With our 9999 attempts, we'd expect around 39 false positives (9999/256 β‰ˆ 39).
184
+ </p>
185
+ <p class="text-gray-700 mt-2">
186
+ In our test, we found 4 - within expected statistical variation.
187
+ </p>
188
+ </div>
189
+ </div>
190
+
191
+ <div class="bg-white rounded-xl shadow-md p-6 md:p-8">
192
+ <h3 class="text-xl font-semibold text-gray-800 mb-3">The Math Behind It</h3>
193
+ <p class="text-gray-700 mb-4">
194
+ When OpenSSL decrypts, it looks at the last byte to determine padding. Valid padding values are 1 to 16, each with probability 1/256.
195
+ </p>
196
+ <p class="text-gray-700">
197
+ The probability that a random decryption appears valid is:
198
+ <br>
199
+ <span class="font-mono bg-gray-200 px-2 py-1 rounded">P(valid padding) β‰ˆ 1/256 β‰ˆ 0.39%</span>
200
+ </p>
201
+ </div>
202
+ </div>
203
+ </section>
204
+
205
+ <!-- Detection Section -->
206
+ <section class="py-12 px-4">
207
+ <div class="container mx-auto max-w-4xl">
208
+ <h2 class="text-3xl font-bold text-gray-800 mb-8 text-center">4. How to Detect Real Success</h2>
209
+
210
+ <div class="bg-white rounded-xl shadow-md p-6 md:p-8 mb-8">
211
+ <h3 class="text-xl font-semibold text-gray-800 mb-3">Hexdump Analysis</h3>
212
+ <p class="text-gray-700 mb-4">
213
+ Examine the raw bytes of decrypted output. Legitimate text will show readable ASCII characters on the right side:
214
+ </p>
215
+ <pre class="code-block"><code class="language-bash"># Compare good vs bad decryption
216
+ $ openssl enc -aes-256-cbc -d -a -in encres.txt -pass pass:correctpass | hexdump -C
217
+ 00000000 68 65 6c 6c 6f 20 77 6f 72 6c 64 |hello world|
218
+ 0000000b
219
+
220
+ $ openssl enc -aes-256-cbc -d -a -in encres.txt -pass pass:wrongpass | hexdump -C
221
+ 00000000 17 c6 30 30 02 9d 94 d1 7d af 12 a7 35 07 71 |..00....}...5.q|
222
+ 0000000f</code></pre>
223
+ </div>
224
+
225
+ <div class="info-card bg-white rounded-xl shadow-md p-6 mb-8">
226
+ <h3 class="text-xl font-semibold text-gray-800 mb-3">AI Verification (draft)</h3>
227
+ <p class="text-gray-700 mb-4">
228
+ Train a small LLM model to analyze decrypted content and answer "Does this look like valid decryption?":
229
+ </p>
230
+ <pre class="code-block"><code class="language-python">import transformers
231
+
232
+ # Load a pre-trained model
233
+ model = transformers.AutoModelForSequenceClassification.from_pretrained("distilbert-base-uncased")
234
+ tokenizer = transformers.AutoTokenizer.from_pretrained("distilbert-base-uncased")
235
+
236
+ def is_valid_decryption(text):
237
+ inputs = tokenizer(text, return_tensors="pt", truncation=True, max_length=512)
238
+ outputs = model(**inputs)
239
+ prediction = outputs.logits.argmax().item()
240
+ return bool(prediction) # True for valid, False for invalid</code></pre>
241
+ <p class="text-gray-700 mt-4">
242
+ Fine-tune the model on examples of valid vs invalid decryptions to improve accuracy.
243
+ </p>
244
+ </div>
245
+
246
+ <div class="mt-8 bg-blue-50 border-l-4 border-blue-400 p-4">
247
+ <div class="flex">
248
+ <div class="ml-3">
249
+ <h3 class="text-lg font-medium text-blue-800">Best Practice</h3>
250
+ <p class="text-blue-700 mt-2">
251
+ Combine hexdump analysis with AI verification for most reliable results. The human eye can spot patterns while AI handles bulk verification.
252
+ </p>
253
+ </div>
254
+ </div>
255
+ </div>
256
+ </div>
257
+ </section>
258
+
259
+ <!-- Conclusion -->
260
+ <section class="py-12 px-4 bg-gray-900 text-white">
261
+ <div class="container mx-auto max-w-4xl text-center">
262
+ <h2 class="text-3xl font-bold mb-6">Key Takeaways</h2>
263
+
264
+ <div class="grid md:grid-cols-3 gap-6 mb-8">
265
+ <div class="bg-gray-800 p-4 rounded-lg">
266
+ <svg xmlns="http://www.w3.org/2000/svg" class="h-10 w-10 mx-auto mb-3 text-blue-400" fill="none" viewBox="0 0 24 24" stroke="currentColor">
267
+ <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" />
268
+ </svg>
269
+ <h3 class="font-semibold text-lg mb-2">False Positives Happen</h3>
270
+ <p>OpenSSL can report success with wrong passwords due to valid padding</p>
271
+ </div>
272
+
273
+ <div class="bg-gray-800 p-4 rounded-lg">
274
+ <svg xmlns="http://www.w3.org/2000/svg" class="h-10 w-10 mx-auto mb-3 text-green-400" fill="none" viewBox="0 0 24 24" stroke="currentColor">
275
+ <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z" />
276
+ </svg>
277
+ <h3 class="font-semibold text-lg mb-2">Verify Output</h3>
278
+ <p>Always check decrypted content matches expected format</p>
279
+ </div>
280
+
281
+ <div class="bg-gray-800 p-4 rounded-lg">
282
+ <svg xmlns="http://www.w3.org/2000/svg" class="h-10 w-10 mx-auto mb-3 text-yellow-400" fill="none" viewBox="0 0 24 24" stroke="currentColor">
283
+ <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 10V3L4 14h7v7l9-11h-7z" />
284
+ </svg>
285
+ <h3 class="font-semibold text-lg mb-2">Statistics Matter</h3>
286
+ <p>Expect about 1 false positive per 256 wrong password attempts</p>
287
+ </div>
288
+ </div>
289
+
290
+ <p class="text-gray-300">
291
+ OpenSSL is a powerful tool, but like all tools, it's important to understand its quirks. Happy (and careful) encrypting!
292
+ </p>
293
+ </div>
294
+ </section>
295
+
296
+ <!-- Footer -->
297
+ <footer class="bg-gray-800 text-gray-400 py-8 px-4">
298
+ <div class="container mx-auto max-w-4xl text-center">
299
+ <p>CC BY-SA, CoruNethron, 2025: Tutorial for Restless Souls</p>
300
+ <p class="mt-2 text-sm">Note: This tutorial demonstrates basic cryptographic concepts and isn't intended as security advice.</p>
301
+ </div>
302
+ </footer>
303
+ <p style="border-radius: 8px; text-align: center; font-size: 12px; color: #fff; margin-top: 16px;position: fixed; left: 8px; bottom: 8px; z-index: 10; background: rgba(0, 0, 0, 0.8); padding: 4px 8px;">Made with <img src="https://enzostvs-deepsite.hf.space/logo.svg" alt="DeepSite Logo" style="width: 16px; height: 16px; vertical-align: middle;display:inline-block;margin-right:3px;filter:brightness(0) invert(1);"><a href="https://enzostvs-deepsite.hf.space" style="color: #fff;text-decoration: underline;" target="_blank" >DeepSite</a> - 🧬 <a href="https://enzostvs-deepsite.hf.space?remix=CoruNethron/openssl-for-restless-souls" style="color: #fff;text-decoration: underline;" target="_blank" >Remix</a></p></body>
304
+ </html>