Test II, CSCI 277, Fall 2022
- Please write your name on the blank below.
- The weight for each question is given.
- Use as much paper as you wish, but make your answers are legible.
- Please label your answers with the question number.
- Please answer each question thoughtfully and carefully. Your answers should reflect participation in this class.
- When finished, please staple this page on top of your answer pages.
Name: ________________________________
- Identification/Authorization
- [4 points] Differentiate between identification and authentication.
- [2 points] Which is public, which is private and why?
- [4 points] Give an example of an identification/authorization pair, identify the roll of each.
- Passwords
- [5 points] If passwords are stored in a one way hash that is impossible to reverse, why are stolen password files a problem? (Provide an answer that demonstrates you have participated in this class).
- [5 points] If the "salt" for an encrypted password must be provided to allow password authentication, how can the salt increase security?
- Other Authentication Methods
- [4 points] Discuss one problem when using fingerprints for authentication.
- Symmetric Key Encryption
- [4 points] What makes an encryption scheme a symmetric key encryption?
- [3 points] Name/describe one technical problem with DES.
- [3 points] Name/describe one political problem with DES.
- Public Key/Private Key
- [4 points] RSA encryption uses the fact that $(m^e)^d \equiv (m^d)^e \equiv m \mod n$. What roles do n, d and e play in this encryption scheme?
- [6 points] Bob wishes to prove that he received a message from Alice. How could he do so using RSA encryption? You may assume that Bob and Alice have exchanged public keys. Explain your answer.
- Certificate Authority
- [2 points] What role does a CA play in secure message exchange?
- [4 points] How can a user ensure that they have a legitimate public key for an entity registered at a CA? Provide a algorithm for acquiring such a key.