Question
Bob runs a social network web server that requires users, such as Alice, to log in. He wants to use cryptography to protect Alices account.
Bob runs a social network web server that requires users, such as Alice, to log in. He wants to use cryptography to protect Alices account. However, he doesnt understand cryptography very well. For each of the below uses of cryptography, identify his mistake, and explain what he should do instead.
(a) [4 points] Bob obtains a public/private encryption key pair using RSA. When Alice visits his site, Alice generates a 128-bit secret key, encrypts it using Bobs 128- bit public key, and sends it to Bob. Alice and Bob can now use AES (128 bits) to communicate, so they can also use a SHA-256 HMAC to authenticate their messages.
(b) [4 points] To establish trust, Bob asks a CA to sign his private RSA key using the CAs private ECC key. The CAs public ECC key is in Alices browser, so Alice can verify Bobs key automatically when she visits his site, even though she does not explicitly know who the CA is.
(c) [4 points] For Alices login, Bob requires Alice to hash and salt her password on the client side using SHA-3, and then send it to Bob using 128-bit AES. Then, Bob will store Alices hashed password and the salt in his database. In future attempts, Alice can use the same hashed password and salt to login.
(d) [4 points] To store Alices password securely, Bob uses AES encryption with a secret key and a 64-bit IV to encrypt her password. A CRC32 checksum is used to ensure correctness against random bit flip errors.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started