Outline for April 26, 2005
Reading: §9, §10.110.2, §10.4.2, §10.5.2, §10.6
Discussion
An attacker has changed the home page of the New York Times. The new version indicates disgust with one of the Times' reporters. Throughout this puzzle, assume that no other damage was done.

If their intent was to show that the New York Times needed better security on their web page, was this an appropriate technique? Why or why not?

The attackers feel that the reporter wronged one of their friends. The Times ignored their letters and protests. So they decided on a more noticeable protest. Was this an appropriate form of protest? Why or why not?
Outline

Cryptographic Checksums

Function y = h(x): easy to compute y given x; computationally infeasible to compute x given y

Variant: given x and y, computationally infeasible to find a second x´ such that y = h(x´).

Keyed vs. keyless

Key Exchange

NeedhamSchroeder and Kerberos

Public key; maninthemiddle attacks

Cryptographic Key Infrastructure

Certificates (X.509, PGP)

Certificate, key revocation

Digital Signatures

Judge can confirm, to the limits of technology, that claimed signer did sign message

RSA digital signatures: sign, then encipher
Here is a PDF version of this document.