Notes for October 24, 2000

  1. Greetings and Felicitations!
    1. More questions ... send to cs153@cs.ucdavis.edu the csif address seems to fail intermittently)
    2. Homework #2 will be available tomorrow on the web page
  2. Puzzle of the day
  3. Classical
    1. monoalphabetic (simple substitution): f(a) = a + k mod n
    2. example: Caesar with k = 3, RENAISSANCE -> UHQDLVVDQFH
    3. polyalphabetic: Vigenère, fi(a) = (a + ki) mod n
    4. cryptanalysis: first do index of coincidence to see if it's monoalphabetic or polyalphabetic, then Kasiski method.
    5. problem: eliminate periodicity of key
  4. Long key generation
    1. Running-key cipher: M=THETREASUREISBURIED; K=THESECONDCIPHERISAN; C=MOILVGOFXTMXZFLZAEQ; wedge is that (plaintext,key) letter pairs are not random (T/T, H/H, E/E, T/S, R/E, A/O, S/N, etc.)
    2. Enigma/rotor systems; wheels, 3 rotors and a reflecting one. Go through it; UNIX uses this for crypt(1) command.
    3. Perfect secrecy: when the probability of computing the plaintext message is the same whether or not you have the ciphertext
    4. Only cipher with perfect secrecy: one-time pads; C=AZPR; is that DOIT or DONT?
  5. DES
    1. Go through the algorithm
  6. Public-Key Cryptography
    1. Basic idea: 2 keys, one private, one public
    2. Cryptosystem must satisfy:
      1. given public key, CI to get private key;
      2. cipher withstands chosen plaintext attack;
      3. encryption, decryption computationally feasible [note: commutativity notrequired]
    3. Benefits: can give confidentiality or authentiction or both

Puzzle of the Day

Some programs use passwords for access control, but do not protect the passwords in a very sophisticated manner (for example, by saving them in a file) or make determining the correct password very easy (for example, the Microsoft Word 5.0 encipherment scheme). The argument for using simple passwords and weak encipherment is that the data or programs being protected are of little value and the passwords give a small measure of privacy.

Given that what they are protecting is truly of little value, why is the use of such simple passwords and easily-broken encipherment bad?

Matt Bishop
Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060
Fax: +1 (530) 752-4767
Email: bishop@cs.ucdavis.edu
Copyright Matt Bishop, 2000. All federal and state copyrights reserved for all original material presented in this course through any medium, including lecture or print.
Page last modified on 10/26/2000