(20 points) An affine cipher has the form c = (am + b) mod n. Suppose m is an integer between 0 and 25, each integer representing a letter.
Let n = 26, a = 3, and b = 123. What is the ciphertext corresponding to the phrase THIS IS A CIPHER MESSAGE.
A requirement for a cipher is that every plaintext letter correspond to a different ciphertext letter. If either a and b is not relatively prime to n, does the affine cipher meet this property? Either prove it does or present a counterexample.
(20 points) Alice and Bob are creating RSA public keys. They select different moduli n_{Alice} and n_{Bob}. Unknown to both, n_{Alice} and n_{Bob} have a common factor.
How could Eve determine that n_{Alice} and n_{Bob} have a common factor without factoring those moduli?
Having determined that factor, show how Eve can now obtain the private keys of both Alice and Bob.
(20 points) Needham and Schroeder suggest the following variant of their protocol:
Alice → Bob : Alice
Bob → Alice : { Alice | rand_{3} }k_{Bob}
Alice → Cathy : { Alice | Bob | rand_{1} | { Alice | rand_{3} }k_{Bob} }
Cathy → Alice : { Alice | Bob | rand_{1} | k_{session} | {Alice | rand_{3} | k_{session} }k_{Bob} }k_{Alice}
Alice → Bob : { Alice | rand_{3} | k_{session} }k_{Bob}
Bob → Alice : { rand_{2} }k_{session}
Alice → Bob : { rand_{2} − 1 }k_{session}
Show that this protocol solves the problem of replay as a result of stolen session keys.
Hint: Consider two cases, one in which the attacker does not send an initial message to Bob and one in which the attacker does.
(20 points) Does using passwords with salts make attacking a specific account more difficult than using passwords without salts? Explain why or why not.
(20 points) Suppose a user wishes to edit the file xyzzy in a capability-based system. How can he be sure that the editor cannot access any other file? Could this be done in an ACL-based system? If so, how? If not, why not?