Homework 2 - Cryptography
Due: Friday April 18, 2014 by 11:55pm
Each question is worth 2 points, 20 points total.
- One-time pads are provably secure. Why are one-time pads so rarely used
in practice?
- What is the purpose of the "real-or-random" evaluation of a cryptographic
algorithm?
- Why does combining substitution and transposition (permutation) result
in a higher level of security than either alone?
- DES was extensively in use for over three decades. Do you think AES will
have this sort of staying power? Explain why or why not.
- Explain why encrypting a message then signing it is not secure. Why does
reversing the order (signing then encrypting) provide security?
- What would be the implication of Jane having the same RSA private key as
Bob's RSA public key? Should Jane change her key pair?
- When websites post large files for users to download, they want to give the
user some assurance that the file is uncorrupted and has not be substituted
with another file. A common method to do this is to list the MD5 hash on
the website with the download link. Is this any better than just having the
download link? Explain why or why not.
- A classic debate among cryptographers (and conspiracy theorists) is how
vulnerable encryption algorithms should be (or actually are for our
conspiracy theorist friends) to government decryption. Explain why having
a "master key" for an encryption algorithm might be a bad idea from a
purely technological perspective (ignoring the government privacy issues
that would also result from such a key).
- A fundamental cryptographic principle states that all messages must have
redundancy. But redundancy can potentially help a cryptanalyst recover
information from the ciphertext. Consider two forms of redundancy. First,
the initial n bits of the plaintext contain a known pattern. Second, the
final n bits of the message contain a hash over the message. From a
security point of view, are these two equivalent? Explain your answer.
- When using Diffie-Hellman key exchange, why is it difficult to protect
against a man-in-the-middle attack when neither party has any a priori
knowledge of each other, such as the server public key in SSH?