## June 24, 2019

Note: This is a previous year comprehensive solutions for your reference, feel free to provide solutions by navigating Submit Question/Answer tab in case you have latest solutions.

1) Jira's password is made of up 6 alphanumeric characters only. One password attempt takes 1 millisecond, What is the time to crack it in days?
ii) If password is case- insensitive.

i) Case sensitive
total chars = 26 + 26 + 10 = 62
possible combinations = 62 ^ 6 passwords
total time taken = 62 ^ 6 . 1 ms
approx. 62.62 =~ 3600 sec = 1 hour
Total time taken = 62. 62. 62. 62 / 1000 hours
=~ 360. 36 hours = 360.36/24 days
=~ 360.3/2= 180.3 = 540 days
Note: 62^4/1000/24 =~ 615 days
So an approx. answer between 520 to 620 days is good enough.

ii) Case insensitive
total chars = 26 + 10 = 36
possible combinations = 36 ^ 6 passwords
total time taken = 36 ^ 6 . 1 ms
= 36.36.36./ 1000 . 36 ^3
=~ 36. 36 ^ 3 seconds
= 36. 36. 36. 36 / 3600 hours
= 466 hours
=~ 19 days
So an approx. answer between 18 to 20 days is good enough.

2) What is a self-signed SSL certificate ?  Detail on the security perspective when a website is using a self-signed SSL certificate.

A certificate not-signed by a Publicly trusted CA, but signed by a locally setup CA server is a self-signed certificate. Any entity/website/server using a self-signed SSL certificate cannot be trusted and very commonly used in phising attacks. I can setup a server to act as gmail.com fradulently by creating a self-signed certificate for www.gmail.com and deploying it in the server.

Most standard browsers – Firefox, Google Chrome, Safari, etc. throw errors when trying to browse to websites having self-signed certificates.

3) How to avoid man-in-the-middle attack in SSH sessions? Show passwordless SSH logins at work.

Man-in-the-middle attack is at-work when a client C logs in to a server M thinking it is server S and the client C is unable to detect it. In this case, the server M has successfully duped the client C and has forged a man-in-the-middle attack. So it can be a passive two-way data forwarder between client C and the actual server S, or an active data-mangler.
Every host server in SSH have their public keys sent to the client in the Key Exchange., which gets stored in client’s .ssh/known_hosts file. So the next time, client connects to the host, the server sent public key is matched with the client’s .ssh/known_hosts file and if there is a mismatch, SSH does not connect. So this SSH behavior effectively thwarts a middle server M trying to pose as actual server S.
Consider Client C connecting to Server S. In server S side, in file .ssh/authorized_keys, there should be entry containing client C’s public key. Then the server S will use it to exchange - encrypting/signing initial key exchange material with the client C. Because of the property that any data encrypted with public key can only be decrypted using the matching private key, this mechanism automatically authenticates the client C as only client C holds the private key. Client’s private key file are usually stored in file .ssh/id_rsa or .ssh/id_dsa depending on the public key algorithm chosen.

4) How spam mails are thwarted ?

Sender mail agent (MTA) while depositing a mail to a remote server MTA via SMTP will need to send its domain name in EHLO or HELO command. DKIM (DomainKeys Identified Mail) is a mechanism for the receiver MTA to perform validation of the authenticity of email messages. When each email is sent, it is signed using sender’s private key and then validated on the receiving mail server (or ISP) using the sender’s public key that is in DNS.

Also in addition SPF (Sender policy framework) records in DNS are setup by Sender side., where the sender domain indicates the valid IP addresses/FQDNs of the designated mail servers on the sender side. So if any mail is received at Mailserver R, spoofing as coming from Sender domain – which is what SPAM mails are half of the time – Mailserver R is able to verify and reject these mails via the published SPF records of the sender in the DNS.

The newer mechanism is Authenticated Receive Chain (ARC) which contain ARC-Message-Signature in sent mails, which helps in signature verification at receiver side. In addition to these Open standard network based spam detection, other proprietary and/or non-standard Spam filters - eg. Spam assassin, - are also used to whitelist and blacklist incoming mails.

5) Figure out the plaintext from the given ciphertext. Hint : Substitution 'LWJFY FQFHW NYDGW NSLXX ZHHJX X'

Trial and error method of attempting to crack.
ROT-1: KVIEX E… not making sense
ROT-2: JUHDW D… not making sense
ROT-3: ITGCV C… not making sense
ROT-4: HSFBU B… not making sense
ROT-5: GREAT A… great is a word – makes sense,
So continuing with ROT-5, the plaintext is
GREAT ALACRITY BRINGS SUCCESS

6) My website has a valid SSL certificate signed by a well-known, well-trusted CA. One fine day, the CA's private certificate signing key gets leaked. Comment on the security of the website’s data transfers.

i) past data transfers ?
ii) future data transfers ?

Security of past data transfers is intact, as leaking of CA’s private key does not still reveal the website’s private key. These are entirely different. But when it comes to future data transfers, chance of phising websites, ie. fraudulent websites which spoof/mimic as original websites may increase and it will be unable to detect on the client side.
So technically even future data transfers are unaffected. But there is a good chance, your website’s customers/users may be redirected to fraudulent websites and no-way to detect the same.

7) Apply Railfence with 3 rails on the following plaintext and show the ciphertext. Ignore spaces in plaintext.
'DANGEROUS DAREDEVILRY DESTROYS'

Writing the given plain text ignoring spaces in 3 rails

RAIL 1:  'D­­­E­­­S­­­E­­­I­­­D­­­R­­­
RAIL 2:  '­A­G­R­U­D­R­D­V­L­Y­E­T­O­S
RAIL 3:  '­­N­­­O­­­A­­­E­­­R­­­S­­­Y

Ciphertext is taken from Left to Right
DESEIDR AGRUDRDVLYETOS NOAERSY

8) Consider the 'Forgot Password' mechanism in a public website.  Show one bad insecure implementation and one good secure implementation.

Forgot Password mechanisms in websites usually fall into one of these:
1) By confirming some personal details associated with the account, the existing password is shown in the website or is emailed to the user.
2) By confirming some personal details associated with the account, the website creates a new password and shows it in the webpage right away.
3) By confirming some personal details associated with the account, the website creates a new password and emails it to the user.
4) By confirming some personal details associated with the account, the website allows to create a new password right away
5) By confirming some personal details associated with the account, the website emails a web-URL to the user, which can be used to create a new password.

Usually this web-URL expires very quickly if unused.
1) is a Bad implementation as it is clear the website is storing the plaintext password as-is which is a big NO in terms of security. Passwords must be hashed,
salted, peppered and only encrypted hashes need to be stored in any storage on the website’s server side., which is clearly not happening in this case.
5) is a Good implementation as a fraud user will not be able to reset the password even if he/she knows the user’s personal details or account-specific details. Given that users may have multiple emails, the fraud user needs to correctly guess which email of the user was used in the website and also have access to that email of the user.

9) My friend Pavan says, https will be insecure if used through a proxy server. Is he correct? Yes/No. Validate your claim by showing HTTP messages.

No. Your friend Pavan is incorrect.

HTTPS between a browser and a destination server is end-to-end encrypted. HTTPS via a Proxy Server is by default called a HTTP Connect Tunnel., which uses HTTP CONNECT message to instruct the proxy to connect to the remote destination server. From that point on, the proxy only acts as a data forwarder, and as the data that flows through the proxy is end-to-end encrypted, the proxy server will not be able to see the actual data exchange between the browser and the destination server.

In other words, the proxy server will know that the browser is connecting to say abcd.com but beyond that it will not know the URLs or what pages in the abcd.com website, the browser is accessing.
10) Why is MD5 not a good candidate for
ii) data integrity checks

i) Password Hashing – simple plain MD5 hashes were used earlier. ie. What gets stored in the password database is H = MD5(plaintext-password). This is no longer secure, because anybody (hacker or a disgruntled exemployee) who gets access to this password database will be able to brute force attack with guessable passwords or dictionary based passwords. This is the reason usually password database should be salted, peppered and encrypted.

ii) Well for data integrity checks which are not very critical, MD5 fits the bill just fine. eg. Downloading a file from a website, verifying the MD5 hash of the downloaded file with the website-advertised-MD5-hash is most of the time adequate.

11) Show with working that 7 is a primitive root of 11

To prove 7 is a primitive root of 11., we need to be able to generate all numbers 1...10 by repeated powers of 7.
7 ^ 1 mod 11 = 7 mod 11 = 7
7 ^ 2 mod 11 = 49 mod 11 = 5
7 ^ 3 mod 11 = 5. 7 mod 11 = 35 mod 11 = 2
7 ^ 4 mod 11 = 2. 7 mod 11 = 14 mod 11 = 3
7 ^ 5 mod 11 = 3. 7 mod 11 = 21 mod 11 = 10
7 ^ 6 mod 11 = 10.7 mod 11 = 70 mod 11 = 4
7 ^ 7 mod 11 = 4. 7 mod 11 = 28 mod 11 = 6
7 ^ 8 mod 11 = 6. 7 mod 11 = 42 mod 11 = 9
7 ^ 9 mod 11 = 9. 7 mod 11 = 63 mod 11 = 8
7 ^ 10 mod 11 = 8. 7 mod 11 = 56 mod 11 = 1

Well, at this point the above sequence starts repeating, as
7 ^ 11 mod 11 = 1. 7 mod 11 = 7
7 ^ 12 mod 11 = 7. 7 mod 11 = 49 mod 11 = 5
7 ^ 13 mod 11 = 5. 7 mod 11 = 35 mod 11 = 3
. . .
As all the numbers between 1 and 10 are generated by repeated powers of 7 by modulo 11, this shows that 7 is indeed a primitive root of 11.

12) Show with working.
i) 2 ^ X mod 23 = 1. Find X
ii) 1446 mod 23 = Y. Find Y
iii) 929909 ^ 1446 mod 23 = Z. Find Z

i)
As 2 is relatively prime to 23, using Fermat’s theorem, we know that
2 ^ 22 mod 23 = 1 → X = 22
or more correctly, X = one from set { 22, 44, 66, … }

ii)
1446 mod 23 = Y.
Simple reduction, removing multiples of 23 from 1446
→ Y = 1446 mod 23 = 1400 mod 23
23 x 6 = 138 → removing 1380 from 1400 → Y = 20 mod 23 = 20
Y = 20

iii)
929909 ^ 1446 mod 23 = Z
Reducing the base, 929909
ie. 929909 mod 23
Quick and dry idea is to remove all multiples of 23 (and their 10s, 100s, etc)
→ 9909 mod 23 ( as 23 x 4 = 92 .. so removing 920000 )
→ 709 mod 23 ( removing 9200)
→ 19 mod 23 ( as 23 x 3 = 69. removing 690)
→ 19 or -4

Therefore to compute -4 ^ 1446 mod 23
= 4 ^ 1446 mod 23 (as exponent is even)
From Fermat theorem 4 ^ 22 mod 23 = 1
So to reduce the exponent 1446 in terms of multiples of 22,
To find 1446 mod 22
= 346 mod 22 (as 22 x 5 = 110, removing 1100 )
→ 126 mod 22 (removing 220)
→ 16 mod 22 (removing 110 )

Therefore to find, (4 ^ 22) ^ k. 4 ^ 16 mod 23
→ 1. 4 ^ 16 mod 23

Repeated squaring, 4 ^ 2 mod 23 = 16 or -7
4 ^ 4 mod 23 = -7.-7 = 49 mod 22 = 3
4 ^ 8 mod 23 = 3.3 = 9 mod 22 = 9
4 ^ 16 mod 23 = 9. 9 = 81 mod 22 = 12

Therefore Z = 12

Question 13 and 14 is a bookish Question - you will get it easily.

15) Euler's Totient function is represented as Phi(X).  Find the values of the following.
i) Phi(29)
ii) Phi(51)
iii) Phi(400)
iv) Phi(841)

i) Phi(29) : Phi(p) = p -1 . where p is prime. 29 is prime.
Therefore, Phi(29) = 28

ii) Phi(51) : Phi(m.n) = Phi(m) . Phi (n)
→ 51 is 17x3 → Phi(51) = Phi(17). Phi(3)
Given that 17 and 3 are prime,
Phi(51) = Phi(17). Phi(3) = 16. 2 = 32

iii) Phi(400) :
Reducing 400 into its prime factors,
400 = 4. 100 = 4. 4. 25 = 2 ^ 4 . 5 ^ 2
Phi(p ^ n) = (p^n) – (p ^ (n-1)) where p is prime.
Therefore,
Phi(400) = Phi(2 ^ 4) . Phi(5 ^ 2)
→ (2^4 – 2^3) . (5^2 – 5^1)
→ (16-8) . (25-5) = 8. 20 = 160

iv) Phi(841) :
Trick is to figure out that 29 ^ 2 is 841. Then it follows,
→ Phi(29 ^2) = 29 ^2 – 29 = 841 – 29 = 812

17) Consider a RSA system where p=7, q=13. Private key material e=11.
i) Find the public key.
ii) Find the ciphertext when the plaintext M=2.
Show proper math working

Here n = p.q = 7.13 = 91
Public key is (e,n) = (11,91)
Phi(n) = Phi(7.13) = Phi(91) = 6.12 = 72
d value has to be computed. d ≡ e-1 mod (n)
Private key = (d, n)
d = 11 ^ -1 mod 72
Note: Phi(72 ) = Phi(6.6. 2) = Phi ( 3^2. 2^3 )
→ Phi(72) = (3^2 – 3) . (2^3 – 2^2) = 6. 4 = 24
Therefore, from Euler, 11 ^ 24 mod 72 = 1
Therefore, d = 11^-1 mod 72 is same as 11^23 mod 72
Repeated squaring,
11^2 mod 72 = 121 mod 72 = 49
11^4 mod 72 = 49.49 mod 72 = (50-1)^2 mod 72
= 2500+1-100 mod 72
= 2401 mod 72
= 2401 - 2160 = 241 mod 72 (removing multiples of 72)
= 241 - 216 mod 72 = 25
11^8 mod 72 = 25.25 mod 72 = 625 mod 72
= 625 - 576 = 49
same as 11^2 mod 72 as above. Good!
Therefore,
11^16 mod 72 = 25
Reducing 23 as powers of 2, --> 23 = 16 + 4 + 2 + 1
11^23 mod 72 = 11^16. 11^4. 11^2. 11 mod 72
= 25. 25. 49. 11 mod 72
= 49. 49. 11 mod 72
= 25. 11 mod 72
= 275 mod 72
= 275 - 216 = 59
Therefore, d = 59

ii) Given plaintext M=2, ciphertext C = M ^ e mod n
Therefore, C = 2 ^ 11 mod 91
→ 2^10 . 2 mod 91
To find 2^10 mod 91
→ 1024 mod 91
→ 1024 – 910 = 114 mod 91 = 23
Therefore C = 23. 2 mod 91 = 46

#### 1 comment:

1. Excellent and very exciting site. Love to watch. Keep Rocking.
Security System Provider