You are to Produce a Report Discussing the Vulnerability of Weak Passwords: Computer Security for Software Developer Assignment, DBS

Part A: Passwords

You are to produce a report discussing the vulnerability of weak passwords. In this report, you can briefly explain how passwords are stored and the process of cracking your passwords.  You should discuss the different techniques password crackers use.  The aim of this lab to understand the complexity required if you are to use a combination of usernames and passwords to login to your systems.  Next, you are to look at the login process and make recommendations (see OWASP for authentication cheatsheet).  Finally, use a password manager and give your thoughts and recommendations.

Assignment Questions:

1. Explain how passwords are stored and authentication process.
2. Explain the process of cracking. How it is achieved mentioning brute force and wordlist techniques
3. Research into password complexity and additional wordlists used
4. Recommendations for the authentication process
5. Password managers discussion

Part B: Encryption – Symmetric & Asymmetric Encryption

In this practical, you will learn how encryption works, and how symmetric and asymmetric (public key) encryption operates so that a body of sensitive information may be transmitted securely across a network.

The traditional use of cryptography was to make messages unreadable to the enemy during wartime. However, the introduction of the computing age changed this perspective dramatically. Through the use of computers, a whole new use for information hiding was evolved. Around the early 1970s, the private sector began to feel the need for cryptographic methods to protect their data. This could include ‘sensitive information’ (corporate secrets), password files, or personal records.

Computer encryption is based on the science of cryptography, which has been used throughout history. Most forms of cryptography these days rely on computers, simply because a human-based code is too easy for a computer to crack. An encryption algorithm, or cipher, is used to encrypt normal text or plaintext. This encrypted text is then known as ciphertext. Trying to regenerate the original plaintext from the ciphertext is known as decryption.

Most computer encryption systems belong in one of two categories:

• Symmetric encryption (often referred to as secret-key, private or single-key encryption)
• Asymmetric encryption (also known as public-key or two-key encryption)

The encryption key and the decryption key may or may not be the same. When they are the cryptosystem is called a “symmetric key” system; when they are not it is called an “asymmetric key” system. The most widely known instance of an asymmetric cryptosystem is DES (Data Encryption Standard). One of the most widely known implementations of an asymmetric key cryptosystem is RSA.

Exercise Question:

1. Create a new file, this time with a lot of text (say 1MB in total). Call it bigfile.open. Encrypt it to give bigfile.close. Use WinZip to compress both of them.  Which resulting zip file is bigger?  Why is this the case?
2. Cryptography provides five valuable protections. Describe each.
3. Block size:8 bits
   No. of rounds:    4; Key size:    6 bits;

Round Function, F:
XOR the two inputs and then perform a left circular shift of 1 bit on the result

Subkey generation function:
If we write the 6 bits of the key as b₁ b₂ b₃ b₄ b₅ b₆ then

K₁ = b₁ b₂ b₃ b₄

K₂ = b₃ b₄ b₅ b₆

K₃ = b₂ b₃ b₄ b₅

K₄ = b₁ b₂ b₅ b₆

• Using this cipher encrypts the plaintext 10101101 with the key
• Decrypt your generated ciphertext to obtain the original plaintext.

4. Alice wants to encrypt a message to send to Bob using RSA. She chooses p = 3, q= 11 and e = 7.
   • Show that d = 3.
   • If the message is 20, what is the corresponding ciphertext?
   • Show how Bob decrypts the ciphertext.
   • What are Alice’s public and private keys in this example?

5. Describe the RSA cryptosystem. Suppose Bob has a public key of n=33and e=3. Eve performs a Man-in-the-Middleattack and obtains a message from Alice to Bob with a Ciphertext C = 5.  Show clearly how Eve can recover the original message M.  What conclusions can be made about the security of RSA?