Homework 3

This homework is focused on cryptography.

Overview

• Due Date: Friday, November 15, 5pm.
• Group or Individual:  Do this assignment as an individual.  But you are allowed to talk with others in advance of actually doing the assignment.
• How to Submit:  Submit a PDF to Catalyst.  Your assignment does not need to be entirely typed / developed with computer software.  You could hand-write your assignment, and hand-draw some diagrams, and then submit a PDF scan of your hand-written assignment.

Q1.  Describe a “best practice” for how passwords should be stored on a server.  Your answer should use “salt”.  This question simply asks you to describe how the password should be stored.

Q2.  Explain why security experts advocate the method that you describe in your answer to the question above.  In your answer, explain the role of the salt.

Q3.  What is the main concern cryptographers have with the Encrypt-and-MAC method for combining a symmetric encryption scheme with a symmetric MAC to create a symmetric authenticated encryption scheme?

Q4.  You just joined a new company and learned that the company is building a new, custom block cipher for their encryption needs.  They are designing the block cipher themselves, and want to make it ultra-secure, with 512-bit keys and 256-bit blocks.  Based on the discussions in lecture, would you recommend that the company proceed with the design and use of this block cipher?   Justify your answer.

Q5.  This message was encrypted with the RSA primitive, where N=33 and e=3.  Decrypt it and submit the corresponding plaintext.

Tips:  You are welcome to write a program to aid in the decryption, and you might want to compute the private decryption exponent d.

For this cryptogram ‘A’ is encoded as a 1 before encryption, ‘B’ as a 2, and so on.

Here is the cryptogram: 14 17 3 28 27 24 16 4 14 9 13 24 1 19 23 1 28 26 5 27 24 16 4 14 26 31 23 3 14 17 14 17 26 24 28 1 4 24 3 19 3 14 3 22 26 .

Q6.  The following question has you use RSA, but with larger values (but still not anywhere close to the size of the numbers one would use in a secure cryptographic protocol like TLS/SSL).

You may use a program that you write, Wolrfram Alpha, or any other computer program to help you solve this problem.

For all of these, it is sufficient to just include your number in the answer.

Let p = 9497 and  q =7187 and e = 3.

• Compute N = p * q.  What is N?
• Compute Phi(N) = (p-1)(q-1).  What is Phi(N)?
• Verify that e is relatively prime to Phi(N).  What method did you use to verify this?
• Compute d as the inverse of e modulo Phi(N).  What is d?
• Encrypt the value P = 12345678 with the RSA primitive and the values for N and e above.  Let C be the resulting ciphertext.  What is C?
• Verify that you can decrypt C using d as the private exponent to get back P.  What method did you use to verify this?
• Decrypt the value C’ = 12345679 using the RSA primitive and your values for N and d above.  Let P’ be the resulting plaintext.  What is P’?  
• Verify that you can encrypt P’ using e as the public exponent to get back C’.  What method did you use to verify this?

Q7.  The following questions are all related to browser certificates.

• Count the number of root certificates in your browser.  How many do you see?
• Explain the process you used to count the number of root certificates that your browser uses.  In your answer, also describe your operation system and browser, including browser version number.
• Did you find anything surprising when you looked at your browser root certificates?  Explain your answer.