Lecture 21, May 17

Reading: §10.4, 10.6, 11.3, 11.4.1, 12
Due: Project Teams, due May 20, 2013 at 11:55pm
         Homework #4, due May 24, 2013 at 11:55pm

Discussion Problem. Analyzing a cipher requires being able to spot patterns. See how good you are. What is the pattern in the following?

Coded picture

Lecture outline.

  1. Project information
  2. Cryptographic Key Infrastructure
    1. Certificates (X.509, PGP)
    2. Certificate, key revocation
  3. Digital Signatures
    1. Judge can confirm, to the limits of technology, that claimed signer did sign message
    2. RSA digital signatures: sign, then encipher
  4. Networks and ciphers
    1. Where to put the encryption
    2. Link vs. end-to-end
  5. PEM, PGP
    1. Goals: confidentiality, authentication, integrity, non-repudiation (maybe)
    2. Design goals: drop in (not change), works with any RFC 821-conforment MTA and any UA, and exchange messages without prior interaction
    3. Use of Data Exchange Key, Interchange Key
    4. Review of how to do confidentiality, authentication, integrity with public key IKs
  6. Authentication
    1. validating client (user) identity
    2. validating server (system) identity
    3. validating both (mutual authentication)
  7. Basis: what you know/have/are, where you are
  8. Passwords
    1. Problem: common passwords
    2. May be pass phrases: goal is to make search space as large as possible, distribution as uniform as possible
    3. Other ways to force good password selection: random, pronounceable, computer-aided selection
  9. Password Storage
    1. In the clear; Multics story
    2. Enciphered; key must be kept available
    3. Hashed; show UNIX versions, including salt


You can also obtain a PDF version of this. Version of May 16, 2013 at 8:09PM