ECB mode - unauthenticated Cut and paste blocks Chosen plaintext - use length controlled input for byte at a time decryption
CBC mode - unauthenticated Bitflipping attack to alter message CBC padding oracle decryption
CTR mode Random read/write - set text to find XOR with plaintext Bitflipping
CBC with IV=key Use XOR formula to recover key when in control of message
keyed SHA-1 Length extension attack
Timing attacks on hashes
Diffie Hellman Malicious g values
SRP Break with zero key vulnerable to dictionary attacks
RSA e=3 broadcast attack with CRT Bleichenbacher's e=3, maths regarding padding RSA Padding Oracle
DSA Key recovery from known nonce Key recovery from repeated nonce
NT Hash MD4(UTF-16LE(pass))
NTLMv2 protocol
SC = 8-byte server challenge, random CC = 8-byte client challenge, random CC* = (X, time, CC2, domain name) v2-Hash = HMAC-MD5(NT-Hash, user name, domain name) LMv2 = HMAC-MD5(v2-Hash, SC, CC) NTv2 = HMAC-MD5(v2-Hash, SC, CC*) response = LMv2 | CC | NTv2 | CC
HMAC(K,m) = H((K' ^ opad) || H((K' ^ ipad) || M))
HMAC-KDF PRK = HMAC(source, salt) K(1) = HMAC(PRK, context info || 0) K(i+1) = HMAC(PRK, K(i) || context info || i)