Notes for October 31, 2000

  1. Greetings and Felicitations!
    1. Why is homework program useful? If a program deletes an environment variable, which one?
    2. Current grades, etc. now on web page
  2. Puzzle of the day
  3. RSA
    1. Provides both authenticity and confidentiality
    2. Go through algorithm:
      Idea: C = Me mod n, M = Cd mod n, with ed mod PHI(n) = 1.
      Proof: MPHI(n) mod n = 1 [by Fermat's theorem as generalized by Euler]; follows immediately from ed mod PHI(n) = 1.
      Public key is (e, n); private key is d. Choose n = pq; then PHI(n) = (p-1)(q-1).
    3. Example:
      p = 5, q = 7; n = 35, PHI(n) = (5-1)(7-1) = 24. Pick d = 11. Then de mod PHI(n) = 1, so choose e = 11. To encipher 2, C = Me mod n = 211 mod 35 = 2048 mod 35 = 18, and M = Cd mod n = 1811 mod 35 = 2.
    4. Example: p = 53, q = 61, n = 3233, PHI(n) = (53-1)(61-1) = 3120. Take d = 791; then e = 71. Encipher M = RENAISSANCE: A = 00, B = 01, ..., Z = 25, blank = 26. Then:
      M = RE NA IS SA NC Eblank = 1704 1300 0818 1800 1302 0426
      C = (1704)71 mod 3233 = 3106; etc. = 3106 0100 0931 2691 1984 2927
  4. Cryptographic Checksums
    1. Function y = h(x): easy to compute y given x; computationally infeasible to compute x given y
    2. Variant: given x and y, computationally infeasible to find a second x' such that y = h(x').
    3. Keyed vs. keyless
    4. MD5, HMAC
  5. Key Exchange
    1. Needham-Schroeder and Kerberos
    2. Public key; man-in-the-middle attacks
  6. Cryptographic Key Infrastructure
    1. Certificates (X.509, PGP)
    2. Certificate, key revocation
    3. Key Escrow
  7. Digital Signatures
    1. Certificates (X.509, PGP)
    2. Certificate, key revocation
    3. Key Escrow

Puzzle of the Day

The UNIX system reserves network ports numbered 1023 and below for root-owned processes only. User processes must use ports with higher numbers. So, if the source port from a remote host has a source port of 536, it must have originated with a process that was at one time root. This is a UNIX standard, not an Internet one.

What problems can this scheme cause in a heterogeneous network?

Matt Bishop
Office: 3059 Engineering Unit II Phone: +1 (530) 752-8060
Fax: +1 (530) 752-4767
Email: bishop@cs.ucdavis.edu
Copyright Matt Bishop, 2000. All federal and state copyrights reserved for all original material presented in this course through any medium, including lecture or print.
Page last modified on 10/31/2000