HW#5 - Hints, Suggestions, and Warnings

General

• Raptor - working with strings.

Passwords

• Question #1: No hard and fast correct answer - we are looking for something reasonable. Be sure to cite your reference in your answer.
• Question #3: Consider the following: Would the answer be more, less, or the same if the problems specified that passwords had to be exactly 10 characters long?

Dictionary Attack

• You must copy the files to your local machine before running them. Otherwise the Raptor program will not be able to find the dictionary file.

Security Goals/Threats

• The answers to some of these can be quite subjective, however just putting down multiple goals hoping that you've included the right one won't get you anywhere.
• For each attack, list the goal that is being attacked and a very short (a few words or one sentence) on why or how that attack is threatening the listed goal. Try to decide on the single goal that is most directly threatened, although feel free to mention other goals that are indirectly threatened. What I am looking for are reasonable answers - if you can convince me that a given attack is a threat against a given security goal according to your line of reasoning, you'll get credit even if your answer wasn't the "correct" one.

RSA Public Key Cryptography

• We didn't get a chance to talk about this in class, but there is very little to it.
• Be sure you understand the basic concepts in the Security Supplement reading.
• Don't let the math scare you - because you don't have to do or understand any of it. You are given a link (PKI Page) on the CS110 home page and all you need to do is enter the message (a number) and the selected key (two numbers) and press "calculate".
• When asked which key to use (Q# 14, 16, 18a, 19a) the following identifiers are fine - you don't need to give the actual key values:
  • My Public Key
  • My Private Key
  • AOC's Public Key
  • AOC's Private Key
• The last two questions (18 and 19) involve a two step process. Consider the following analogy: I take my message and lock in an a box. The neat thing about this box is that anyone in the world (specifically including you) can unlock and open it, but I am the only person in the world that was able to close and lock it. The idea being that if you receive this box and open it, you can have a high degree of confidence that I am the one that actually put whatever you find inside in there - this is what we mean by "signing" the message. But since this box can be opened by anyone in the world, I need something more if I want you to be the only person to be able to get the message. So I take the entire box and throw it into another box. The neat thing about this box is that anyone in the world (specifically including me) can close and lock it, but you are the only person in the world that can unlock and open it - this is what we mean by "encrypting" the message. With this in mind, consider the order that things must happen in as we exchange this message. There are two possibilities:
  • Sender: Sign then Encrypt ==> Receiver: Decrypt then Unsign
  • Sender: Encrypt then Sign ==> Receiver: Unsign then Decrypt
• Notice that the key (no pun intended) is that the receiver must undo the sender's actions in the reverse order that the sender applied them - for the same reason that whichever box the sender put things in last is the first box that I have to open.
• What should be true about the answer to Q19b relative to the answer to Q17 that will tell you if you have done things correctly?

Simple Symmetric Cryptography - Caesar Cipher

• REMEMBER: You MUST comment your algorithm or you WILL lose points!
• REMEMBER: You MUST break your algorithm into reasonable pieces and use subcharts accordingly or you WILL lose points!
• If you took good notes in class, then you have most of this problem done (whether you realize it or not).
• When you get done, you will have a fairly involved algorithm. If you insist (and I guarantee that a portion of you will, not matter what advice I give here) on tackling it all in one shot you are very likely to end up spending a lot of extra time on it and may well never get it to work. That's your choice. For those that want to be more systematic in their approach, break the problem down in to simpler pieces and then build up the result. For instance, forget about being able to work for both upper case and lower case, get it to work for just upper case. Once it does that, modify it to also deal with lower case.
• REMEMBER: Partial credit is your friend! If you turn in a program that works completely for upper case but has problems with lower case (or vice-versa) you will get much more credit than if you turn in a program that doesn't work for either.
• REMEMBER: The homework handout includes an example run - be sure that you test that case at the very least.