Outline for April 26, 2005

Reading: §9, §10.1-10.2, §10.4.2, §10.5.2, §10.6


An attacker has changed the home page of the New York Times. The new version indicates disgust with one of the Times' reporters. Throughout this puzzle, assume that no other damage was done.

  1. If their intent was to show that the New York Times needed better security on their web page, was this an appropriate technique? Why or why not?
  2. The attackers feel that the reporter wronged one of their friends. The Times ignored their letters and protests. So they decided on a more noticeable protest. Was this an appropriate form of protest? Why or why not?


  1. Cryptographic Checksums
    1. Function y = h(x): easy to compute y given x; computationally infeasible to compute x given y
    2. Variant: given x and y, computationally infeasible to find a second x´ such that y = h(x´).
    3. Keyed vs. keyless
  2. Key Exchange
    1. Needham-Schroeder and Kerberos
    2. Public key; man-in-the-middle attacks
  3. Cryptographic Key Infrastructure
    1. Certificates (X.509, PGP)
    2. Certificate, key revocation
  4. Digital Signatures
    1. Judge can confirm, to the limits of technology, that claimed signer did sign message
    2. RSA digital signatures: sign, then encipher

Here is a PDF version of this document.