Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Please answer all the questions: Peter Hayes, CFO of Sequential Label and Supply, was working late. He opened an e-mail from the manager of the
Please answer all the questions:
Peter Hayes, CFO of Sequential Label and Supply, was working late. He opened an e-mail from the manager of the accounting department. The e-mail had an attachment-probably a spreadsheet or a report of some kind, and from the file icon he could tell it was encrypted. He saved the file to his computer's hard drive and then double-clicked the icon to open it. His computer operating system recognized that the file was encrypted and started the decryption program, which prompted Peter for his passphrase. Peter's mind went blank. He couldn't remember the passphrase. "Oh, good grief!" he said to himself, reaching for his phone. "Charlie, good, you're still here. I'm having trouble with a file in my e-mail program. My computer is prompting me for my passphrase, and I think I forgot it." "Uh-oh," said Charlie. "What do you mean 'Uh-oh'?" "I mean you're S.O.L. "Charlie replied. Simply gutta lyck. "Out of luck?" said Peter. "Why? Can't you do something? I have quite a few files that are encrypted with this PGP program. I need my files. Charlie let him finish, then said, "Peter, remember how I told you it was important to remember your passphrase?" Charlie heard a sigh on the other end of the line, but decided to ignore it. "And do you remember I said that PGP is only free for individuals and that you weren't to use it for company files since we didn't buy a license for the company? I only set that program up on your personal laptop for your home e-mail-for when your sister wanted to send you some financial records. When did you start using it on SLS systems for company business? "Well," Peter answered, "the manager of my accounting department had some financials that were going to be ready a few weeks ago while I was traveling. I sort of told him that you set me up on this PGP crypto thing and he googled it and set up his own account. Then, I swapped public keys with him before I left, and he sent the files to me securely by e-mail while I was in Dubai. It worked out great. So, the next week I encrypted quite a few files. Now I can't get to any of them because I can't seem to remember my passphrase." There was a long pause, and then he asked, "Can you hack it for me? Charlie chuckled and then said, "Sure, Peter, no problem. Send me the files and I'll put the biggest server we have to work on it. Since we set you up in PGP with 256-bit AES, I should be able to apply a little brute force and crack the key to get the plaintext in a hundred trillion years or so." Charlie was getting ready to head home when the phone rang. Caller ID showed it was Peter. "Hi, Peter," Charlie said into the receiver. "Want me to start the file cracker on your spreadsheet?" "No, thanks," Peter answered, taking the joke well. I remembered my passphrase. But I want to get your advice on what we need to do to make the use of encryption more effective and to get it properly licensed for the whole company. I see the value in using it for certain kinds of information, but I'm worried about forgetting a passphrase again, or even worse, that someone else forgets a passphrase or leaves the company. How would we get their files back? "We need to use a feature called key recovery, which is usually part of PKI software," said Charlie. "Actually, if we invest in PKI software, we could solve that problem as well as several others." "OK," said Peter. "Can you see me tomorrow at 10 o'clock to talk about this PKI solution and how we can make better use of encryption? Questions: 1. Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack? 2. Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase? Suppose Charlie had installed keylogger software on all company computer systems and had made a copy of Peter's encryption key. Suppose that Charlie had this done without policy authority and without anyone's knowledge, including Peter's. 3. Would the use of such a tool be an ethical violation on Charlie's part? Is itillegal? 4. Suppose that Charlie had implemented the keylogger with the knowledge and approval of senior company executives, and that every employee had signed a release that acknowledged the company can record all information enteredon company systems. Two days after Peter's call, Charlie calls back to give Peter his key: "We got lucky and cracked it early." Charlie says this to preserve Peter's illusion of privacy. Is such a little white lie" an ethical action on Charlie's part? Peter Hayes, CFO of Sequential Label and Supply, was working late. He opened an e-mail from the manager of the accounting department. The e-mail had an attachment-probably a spreadsheet or a report of some kind, and from the file icon he could tell it was encrypted. He saved the file to his computer's hard drive and then double-clicked the icon to open it. His computer operating system recognized that the file was encrypted and started the decryption program, which prompted Peter for his passphrase. Peter's mind went blank. He couldn't remember the passphrase. "Oh, good grief!" he said to himself, reaching for his phone. "Charlie, good, you're still here. I'm having trouble with a file in my e-mail program. My computer is prompting me for my passphrase, and I think I forgot it." "Uh-oh," said Charlie. "What do you mean 'Uh-oh'?" "I mean you're S.O.L. "Charlie replied. Simply gutta lyck. "Out of luck?" said Peter. "Why? Can't you do something? I have quite a few files that are encrypted with this PGP program. I need my files. Charlie let him finish, then said, "Peter, remember how I told you it was important to remember your passphrase?" Charlie heard a sigh on the other end of the line, but decided to ignore it. "And do you remember I said that PGP is only free for individuals and that you weren't to use it for company files since we didn't buy a license for the company? I only set that program up on your personal laptop for your home e-mail-for when your sister wanted to send you some financial records. When did you start using it on SLS systems for company business? "Well," Peter answered, "the manager of my accounting department had some financials that were going to be ready a few weeks ago while I was traveling. I sort of told him that you set me up on this PGP crypto thing and he googled it and set up his own account. Then, I swapped public keys with him before I left, and he sent the files to me securely by e-mail while I was in Dubai. It worked out great. So, the next week I encrypted quite a few files. Now I can't get to any of them because I can't seem to remember my passphrase." There was a long pause, and then he asked, "Can you hack it for me? Charlie chuckled and then said, "Sure, Peter, no problem. Send me the files and I'll put the biggest server we have to work on it. Since we set you up in PGP with 256-bit AES, I should be able to apply a little brute force and crack the key to get the plaintext in a hundred trillion years or so." Charlie was getting ready to head home when the phone rang. Caller ID showed it was Peter. "Hi, Peter," Charlie said into the receiver. "Want me to start the file cracker on your spreadsheet?" "No, thanks," Peter answered, taking the joke well. I remembered my passphrase. But I want to get your advice on what we need to do to make the use of encryption more effective and to get it properly licensed for the whole company. I see the value in using it for certain kinds of information, but I'm worried about forgetting a passphrase again, or even worse, that someone else forgets a passphrase or leaves the company. How would we get their files back? "We need to use a feature called key recovery, which is usually part of PKI software," said Charlie. "Actually, if we invest in PKI software, we could solve that problem as well as several others." "OK," said Peter. "Can you see me tomorrow at 10 o'clock to talk about this PKI solution and how we can make better use of encryption? Questions: 1. Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack? 2. Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase? Suppose Charlie had installed keylogger software on all company computer systems and had made a copy of Peter's encryption key. Suppose that Charlie had this done without policy authority and without anyone's knowledge, including Peter's. 3. Would the use of such a tool be an ethical violation on Charlie's part? Is itillegal? 4. Suppose that Charlie had implemented the keylogger with the knowledge and approval of senior company executives, and that every employee had signed a release that acknowledged the company can record all information enteredon company systems. Two days after Peter's call, Charlie calls back to give Peter his key: "We got lucky and cracked it early." Charlie says this to preserve Peter's illusion of privacy. Is such a little white lie" an ethical action on Charlie's partStep by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started