Final exam, Part 2

Due 5:00PM Monday, 25 November 2024
Hand in as final2.pdf via Moodle

This is an open-notes, open-Internet, open-book exam. You may post questions about the exam on #general on our Slack workspace, but otherwise you may not discuss the exam with anybody other than Jeff Ondich.

4. Don't write your own cryptography (6 points)

If you happened to read this problem on Friday, it would have looked like a not-quite-finished practical cryptography problem. But in finalizing it, I realized that I wanted to deliver an entirely different message than the original problem was poised to communicate.

All term, we have used RSA with public key (n,e) and private key (n,d). And we have also used generic functional notation like E(S_B, H(M)) to represent the notion of a digital signature (i.e., Bob alone has access to the private key S_B, so E(S_B, H(M)) constitutes a form of digital signature that only Bob could have generated). That's all well and good, and has given you a way of thinking about the roles of asymmetric cryptography and digital signatures in modern security. Our E, H, and their friends have given us a kind of proof-of-concept for the notions of asymmetric crypto and digital signatures.

But it turns out that vanilla RSA and the simplistic digital signature that you can generate with it have mathematical vulnerabilities that make them unsuitable for practical cryptography without modification. Furthermore, if you try to write your own cryptographic primitives, you are almost guaranteed to make mistakes that will undermine your users' security. (If you're interested, listen starting around 38:00 of this podcast for a recent example of a company that made the mistake of implementing their own cryptographic code without enough expertise.)

So instead of a "solve this digital signature puzzle", which is what I started out writing this problem for, I want to communicate a different couple of messages.

First, cryptography is really hard to get right, and if you're writing software with cryptographic requirements, you should use libraries that have been developed and tested by experts.

And second, there's a big literature of mathematical attacks on every kind of cryptographic primitive. If you're interested in cryptography, you should seek out this literature.

So, with that preamble complete, here are a few questions for you.

  1. [2] Do a little research on the term textbook RSA, and give me two reasons why you shouldn't use textbook RSA in practice. You may answer this one by providing short explanatory quotes from sources you find, along with links to those sources.
  2. [2] Identify one specific real-life digital signature algorithm, and give me a brief summary (with suitable links to sources) of how it works.
  3. [2] Show me how to generate a public/private key pair and a digital signature for the message "security is weird" using the openssl command. Include in your submission your key pair, your signature, and the sequence of commands you used to create them.

5. Hacking Jeff's server one more time (8 points)

My new web server, for which I obtained a certificate this morning in class, is to be found at https://intrigue.jeffondich.com/. It contains at least three secrets, all of which can be found in text form that makes it very clear that they are "secrets" for the purpose of this exam.

  1. [3] Whatever secret you found first, and how you found it.
  2. [3] Whatever secret you found second, and how you found it.
  3. [2] Whatever secret you found third, and how you found it. (This one, probably, is gonna be pretty hard for most people. No worries if you can't find it.)

6. Recommendations (3 points)

What should I read or watch or listen to or play over break?

Thanks!

It has been a blast working with all of you. Have a great break.