Due 11:59PM Friday, March 4. Write up your answers in .txt, .doc(x), or .pdf form, and put this document in a folder called "exam" along with any relevant code or data, and hand in the exam folder via the Courses hand-in system.
This is an open-book, open-Internet, open-library takehome exam. You may not consult with any person other than me (Jeff Ondich, to be precise) about this exam.
(6 points) Suppose we need a block of bytes to be a multiple of 8 bytes long before processing. To achieve this goal, we pad our message M with a pad of between zero and seven null bytes in order to make len(M||pad) mod 8 == 0 (where || means concatenation). Describe simply and in detail an example that shows why this padding scheme is a bad idea.
(10 points) The other day, Rich Graves seemed quite fond of salt. If you haven't already done so, read Password Security: A Case History, Morris and Thompson, Communications of the ACM, 1979.
(8 points) In RSA, we start the whole game by choosing large prime numbers p and q. Then, from p, q, n = p*q, and some small prime number e, we compute d and we're off to the races. But when we use Rabin-Miller, there's a small chance that we'll end up with a p or q that isn't actually prime. Rabin-Miller is great, and as Schneier and his friends point out in the book, the likelihood of your dying while reading this sentence is way higher than the likelihood of getting a composite p or q out of properly implemented Rabin-Miller.
But just for a few minutes, let's pretend that instead of getting nailed by a meteor, we actually did get a composite value for p. What effect would this have on the functioning of RSA? More specifically:
(10 points) Alice is Bob's stockbroker. Since Bob makes lots of moves with his portfolio, they have worked out an electronic system by which Bob will request transactions. At lunch one day, they agree on a system of 10-byte messages like this: "+00250 IBM" (which means "buy 250 shares of IBM") or "-01500APPL" (which means "sell 1500 shares of Apple"). At that lunch, they also generate a 10-byte random key K to be used as a one-time pad. That is, when Bob wants to send Alice one of his 10-byte messages M, he will send M XOR K.
Of course, Bob and Alice don't take the "one-time" part of "one-time pad" seriously, and they use the same K every time. And there's the usual eavesdropper, Eve, able to watch, intercept, and replace messages as they go by, if she feels like it.
(10 points) The group that presented on WEP last week mentioned the RC4 stream cipher. This exercise concerns RC4.