Week 2

Question 1

what 3 attributes should a crypto hash have?

Answer 1

Pre-image resistance (one way function): for a given y, it is
computationally infeasible to find x s.t. h(x) = y.
Second pre-image resistance (weak collision resistance): given input x
and h(x) it is computationally infeasible to find another x’, x <> x
0
with h(x) = h(x’)
Collision resistance (strong collision resistance): it is computationally
infeasible to find any two inputs x and x’, x <> x
0
s.t. h(x) = h(x’).

Question 2

Message Authentication Code

Answer 2

A Message Authentication Code gives assurance about the source
(authentication) and integrity of the message.
A MAC is generated from the message and a cryptographic key and is
essentially a keyed hash function. Authentication occurs through receiver
(Bob) knowing the sender’s (Alice) key

Question 3

digital certificate? must have?

Answer 3

A company or person’s public key is bound up with their identity into a
certificate. The certificate is then verified or authenticated by a Certificate
Authority or Trusted Third Party (TTP). Certificates are valid for only a
short time, and can be revoked.
A Digital Certificate must be shown to be unforgeable, authentic,
unalterable and be non reusable. So, it is a file,
with a hash known as a message digest, (integrity)
with a sender’s private encryption key, (authenticity)
with a label to show the identity of the sender.
A timestamp also helps with non repudiation (where the sender cannot
deny or repudiate it was they who sent the message)

Question 4

what is pgp

Answer 4

Essentially you use PGP to trust someone and give them a key. PGP
became known as the Web of Trust as it used self- signed Certificates and
no-one was trusted to be a high level authority

Question 5

what 4 levels of trsut are there in pgp

Answer 5

n PGP there were four levels of trust:
Implicit trust – reserved for keys that you own. If your “key ring”
contains a private key that signed a public key you trust the public
key.
Full trust – you trust the user to provide other keys to you without
additional verification.
Marginal trust – you do not trust or know the user so require at least
one other user to vouch for any new public key before you accept it
onto your “key ring”
Untrusted – You do not trust a user to introduce you to new keys,
any new keys will be disregarded. This is the default setting.

Question 6

what is a worm

Answer 6

A computer worm is a program that copies itself from one computer to
another. In 1982, Schoch and Hupp discussed a computer worm that they
developed to distribute messages and do computations. They probed
workstations and if the system was idle, the worm did some computation

Question 7

what is a rabbit/bacterium

Answer 7

A rabbit, or a bacterium, multiplies so rapidly it exhausts resources of a
specific type, e.g. disk space or iNode tables. The Internet worm was a
rabbit as it opened ports. The Father Christmas worm, which drew a
Christmas tree and then emailed itself to everyone in the address book was
also a rabbit as it used up mail queues.

Question 8

what is a logic bomb

Answer 8

A Logic Bomb is a program that performs an action that violates The
security policy when a trigger is executed. A logic bomb may be inserted
to go off when someone’s login id has not been executed for a while, or
when a random file is read.