Test I, CSCI 277, Spring 2022
- The weight for each question is given.
- Use as much paper as you wish, but make your answers are legible.
- Please label your answers with the question number.
- Please answer each question thoughtfully and carefully. Your answers should reflect participation in this class.
- Vulnerability, Threat, Control
- [2 points each] Define each.
- C-I-A security triad.
- [2 points each] Name and describe the three components of this triad.
- Passwords
- [4 points] On many systems, a password is stored in a one-way hash. What does this mean and how can a password stored in such a hash be authenticated?
- [3 points] On many systems, a salt is added to a password to produce a password hash. What is the purpose of the salt?
- [4 points] Why is it important to not use the same password on many different systems? Your answer should include relevant information for this class, the book and labs.
- Access Control
- [3 points] At multiple points the book discusses access control. What is access control?
- [3 points] The book states that access policies frequently are, but should not be formed capriciously. Explain this statement.
- Symmetric vs Asymmetric Cipher systems.
- [2 points] What is the difference between a symmetric and an asymmetric encryption system?
- [5 points] Using the book's notation, show how to encrypt and decrypt a message in each. Make sure to label you notation as symmetric or asymmetric. In addition, explain all abbreviations used.
- Work Factor in encryption
- [3 points] Define work factor as it relates to cryptography.
- [3 points] Define an adequate encryption system as it relates to work factor.
- DES/AES
- [8 points] The DES encryption system, while still in use, has a number of problems, both technical and non-technical. Describe one technical and one non-technical problem with DES. How does AES overcome this each of these problems?