Lecture 21, May 17
Reading: §10.4, 10.6, 11.3, 11.4.1, 12
Due: Project Teams, due May 20, 2013 at 11:55pm
Homework #4, due May 24, 2013 at 11:55pm
Discussion Problem. Analyzing a cipher requires being able to spot patterns. See how good you are. What is the pattern in the following?
Lecture outline.
- Project information
- Cryptographic Key Infrastructure
- Certificates (X.509, PGP)
- Certificate, key revocation
- Digital Signatures
- Judge can confirm, to the limits of technology, that claimed signer did sign message
- RSA digital signatures: sign, then encipher
- Networks and ciphers
- Where to put the encryption
- Link vs. end-to-end
- PEM, PGP
- Goals: confidentiality, authentication, integrity, non-repudiation (maybe)
- Design goals: drop in (not change), works with any RFC 821-conforment MTA and any UA, and exchange messages without prior interaction
- Use of Data Exchange Key, Interchange Key
- Review of how to do confidentiality, authentication, integrity with public key IKs
- Authentication
- validating client (user) identity
- validating server (system) identity
- validating both (mutual authentication)
- Basis: what you know/have/are, where you are
- Passwords
- Problem: common passwords
- May be pass phrases: goal is to make search space as large as possible, distribution as uniform as possible
- Other ways to force good password selection: random, pronounceable, computer-aided selection
- Password Storage
- In the clear; Multics story
- Enciphered; key must be kept available
- Hashed; show UNIX versions, including salt