0 valutazioniIl 0% ha trovato utile questo documento (0 voti)
51 visualizzazioni2 pagine
Jeremiah Pierce: Given a single plaintext character p and ciphertext character c, the key is k = (c - p) mod 26. He says the thread model helps us understand the way to approach the security of an application. With the notion of threat model we can identify, quantify, and address security risks.
Jeremiah Pierce: Given a single plaintext character p and ciphertext character c, the key is k = (c - p) mod 26. He says the thread model helps us understand the way to approach the security of an application. With the notion of threat model we can identify, quantify, and address security risks.
Jeremiah Pierce: Given a single plaintext character p and ciphertext character c, the key is k = (c - p) mod 26. He says the thread model helps us understand the way to approach the security of an application. With the notion of threat model we can identify, quantify, and address security risks.
1. a) Given a single plaintext character p and ciphertext character c, the key is
simply k = (c p) mod 26. The encryption of only a single plaintext character thus suffices to recover the key. b) The frequency of used letters remains the same, even when shifted. c) For shift cipher, 1 pair is needed. d) 1/3 mod 10 = 7. Proof 3 * 7 mod 10 = 1. This is the inverse. e) f) The thread model helps us understand the way to approach the security of an application. With the notion of threat model we can identify, quantify, and address security risks associated with an application. 2. a) Bob and Alice share a private key, somehow, used to encrypt and decrypt messages b) SKES = (KeyGen, ENC, DEC) c) IND-CPA and IND-CCA means that no adversary can distinguish between encryptions of different messages, even when allowed to make encryption and decryptions of its choice. e) If the key generation is random, then a private key encryption scheme has an indistinguishable encryption in the presence of an eavesdropper. f) ECB, or electronic code book, messages are encrypted into identical ciphertext blocks. This method does not hide patterns very well. CBC, or cipher block chaning, each block of plaintext is XORed with the previous ciphertext block before being encrypted. 3. Encrypting the same long message M using ECB always produces the same ciphertext. By encrypting the same M twice in a row, you will get two equal ciphertext blocks. No point in doing it. 4. A hacker randomly selects r and sends that to Bob, who would assume it comes from Alice. Bob sends back r XOR Kb. The attacker can XOR his random r value with Bobs message and get Kb. Or the attacker could intercept X and Y and then get Kb = X XOR Y. The attacker could make Alice and Bob believe they do not share the same key. So, the attacker intercepts Bobs response Y and sends anything where r =/= y to Alice. Alice will make the comparison and think that Bob and her do not have the same key. 5. a) The local computer would hash the password and store it on the local machine. Then, when the user tries to login, it will hash the password and check it against the hashed password stored. If the two match, the user can use the computer. A vulnerability here is keeping the hashed password in a secure location on the computer, out of the reach of an attacker. Also keeping someone from attempting an unlimited amount of passwords, in hopes of bruteforcing the real password. b) The local computer would use a key to encrypt the plaintext password, and validate that password with the password stored on the server. If the two password hash matches, the user can login. A vulnerability would be keeping
the central server safe, as it will store everyones hashed password.
Protection against a bruteforce method of guessing passwords would also need to be checked. Given unlimited computational power, if an attacker was allowed to try as many passwords as they want, they could maybe eventually get the password. 6. a) CRYPTOGRAPHYROCKS! b)