This assignment is Homework 15, and is due at classtime on Monday, April 3.

Assignment

  1. This question is about the Caesar cipher. You may wish to use the Caesar cipher Python program.

    1. The following text has been encrypted using a Caesar cipher with shift of 11. What is the plaintext (decrypted) message?

      Tyqzcxletzy dpnfctej td xzcp txazcelye ezolj esly pgpc mpqzcp.
    2. An English sentence has been encrypted using a Caesar cipher with some shift, producing the following ciphertext:

      M riih e vmhi xs xli emvtsvx xsqsvvsa.

      Analyze the letters and spaces to determine the shift. What is the shift? What is the plaintext (decrypted) message?

  2. This question is about using the SHA-1 hash function for password storage. You may wish to use the SHA-1 Python program.

    Suppose you are building a login application that stores user passwords. Rather than storing plaintext passwords, you store the SHA-1 cryptographic hash of each user's password. For example, if a user chooses "password" as his or her password (this is a very poor choice), the system stores the SHA-1 digest of "password", which is:

    5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
    1. Suppose that a certain user chooses "kayak" as his or her password. What will the system store for this password?
    2. Suppose that you suspect that a different user has chosen a weak password. In your system, you can see that the stored digest of this user's password is:

      b1b3773a05c0ed0176787a4f1574ff0075f7521e

      What password did this user choose? Use the list of worst passwords of 2016 and the SHA-1 program to find out.

    Note: The strategy described here is NOT a secure way to store passwords. A better strategy is to use salted hashes; if you want to more, then read this explanation; see also this video.

  3. This question is about digital signatures. You may wish to use the SHA-1 Python program.

    Suppose that you want to send a message to a friend with a digital signature. You and your friend agree on the word "octagon" as your shared secret. You also agree to use the first 8 characters of the SHA-1 cryptographic hash as your message digest.

    Recall that to send a message with a digital signature, you first concatenate a shared secret onto the end of the message. Then compute the digest of message+secret. The transmission consists of message+digest. (The secret is not transmitted!)

    Likewise, when receiving the transmission, first remove the digest, and then add the secret. Then compute the digest of message+secret and see if it matches the received digest.

    1. If your message text is below, what will you send to your friend?

      Where are we meeting?
    2. Now suppose that your friend replies to your message, but an adversary intercepts the reply. The adversary then sends you several messages, trying to fool you. You receive the following four messages, only one of which is from your friend. Where should you plan to meet your friend?

      Meet me at the park.7531a2ad Meet me at the cafeteria.e53b06c8 Meet me at the lab.20132b74 Meet me at the dorm.b15d98c3

Submitting your work

Type your solutions in a single file. Save your file and upload it to the HW15 assignment on Moodle.