**: This is a previous year comprehensive solutions for your reference, feel free to provide solutions by navigating**

__Note__**Submit Question/Answer**tab in case you have latest solutions.

**1)**Jira's password is made of up 6 alphanumeric characters only. One password attempt takes 1 millisecond, What is the time to crack it in days?

i) If password is case-sensitive.

ii) If password is case- insensitive.

**:**

__Answer__**i) Case sensitive**

total chars = 26 + 26 + 10 = 62

possible combinations = 62 ^ 6 passwords

total time taken = 62 ^ 6 . 1 ms

approx. 62.62 =~ 3600 sec = 1 hour

Total time taken = 62. 62. 62. 62 / 1000 hours

=~ 360. 36 hours = 360.36/24 days

=~ 360.3/2= 180.3 = 540 days

Note: 62^4/1000/24 =~ 615 days

So an approx. answer between 520 to 620 days is good enough.

**ii) Case insensitive**

total chars = 26 + 10 = 32

possible combinations = 32 ^ 6 passwords

total time taken = 32 ^ 6 . 1 ms

= 32.32.32./ 1000 . 32 ^3

=~ 32. 32 ^ 3 seconds

= 32. 32. 32. 32 / 3600 hours

=~ 8.32 hours

= 256 hours

=~ 11 days

**Note**: 32^6/1000/3600/24 =~ 12.4 days

So an approx. answer between 10 to 12 days is good enough.

**2)**What is a self-signed SSL certificate ? Detail on the security perspective when a website is using a self-signed SSL certificate.

**:**

__Answer__
A certificate not-signed by a Publicly trusted CA, but signed by a locally setup CA server is a self-signed certificate. Any entity/website/server using a self-signed SSL certificate cannot be trusted and very commonly used in phising attacks. I can setup a server to act as gmail.com fradulently by creating a self-signed certificate for www.gmail.com and deploying it in the server.

Most standard browsers – Firefox, Google Chrome, Safari, etc. throw errors when trying to browse to websites having self-signed certificates.

**3)**How to avoid man-in-the-middle attack in SSH sessions? Show passwordless SSH logins at work.

**:**

__Answer__
Man-in-the-middle attack is at-work when a client C logs in to a server M thinking it is server S and the client C is unable to detect it. In this case, the server M has successfully duped the client C and has forged a man-in-the-middle attack. So it can be a passive two-way data forwarder between client C and the actual server S, or an active data-mangler.

Every host server in SSH have their public keys sent to the client in the Key Exchange., which gets stored in client’s .ssh/known_hosts file. So the next time, client connects to the host, the server sent public key is matched with the client’s .ssh/known_hosts file and if there is a mismatch, SSH does not connect. So this SSH behavior effectively thwarts a middle server M trying to pose as actual server S.

Every host server in SSH have their public keys sent to the client in the Key Exchange., which gets stored in client’s .ssh/known_hosts file. So the next time, client connects to the host, the server sent public key is matched with the client’s .ssh/known_hosts file and if there is a mismatch, SSH does not connect. So this SSH behavior effectively thwarts a middle server M trying to pose as actual server S.

Password less SSH logins happen via public keys.

Consider Client C connecting to Server S. In server S side, in file .ssh/authorized_keys, there should be entry containing client C’s public key. Then the server S will use it to exchange - encrypting/signing initial key exchange material with the client C. Because of the property that any data encrypted with public key can only be decrypted using the matching private key, this mechanism automatically authenticates the client C as only client C holds the private key. Client’s private key file are usually stored in file .ssh/id_rsa or .ssh/id_dsa depending on the public key algorithm chosen.

Consider Client C connecting to Server S. In server S side, in file .ssh/authorized_keys, there should be entry containing client C’s public key. Then the server S will use it to exchange - encrypting/signing initial key exchange material with the client C. Because of the property that any data encrypted with public key can only be decrypted using the matching private key, this mechanism automatically authenticates the client C as only client C holds the private key. Client’s private key file are usually stored in file .ssh/id_rsa or .ssh/id_dsa depending on the public key algorithm chosen.

**4)**How spam mails are thwarted ?

**:**

__Answer__
The newer mechanism is Authenticated Receive Chain (ARC) which contain ARC-Message-Signature in sent mails, which helps in signature verification at receiver side. In addition to these Open standard network based spam detection, other proprietary and/or non-standard Spam filters - eg. Spam assassin, - are also used to whitelist and blacklist incoming mails.

**5)**Figure out the plaintext from the given ciphertext. Hint : Substitution 'LWJFY FQFHW NYDGW NSLXX ZHHJX X'

**Answer**:

Trial and error method of attempting to crack.

ROT-1: KVIEX E… not making senseROT-2: JUHDW D… not making sense

ROT-3: ITGCV C… not making sense

ROT-4: HSFBU B… not making sense

ROT-5: GREAT A… great is a word – makes sense,

So continuing with ROT-5, the plaintext is

GREAT ALACRITY BRINGS SUCCESS

**6)**My website has a valid SSL certificate signed by a well-known, well-trusted CA. One fine day, the CA's private certificate signing key gets leaked. Comment on the security of the website’s data transfers.

ii) future data transfers ?

**Answer**:

So technically even future data transfers are unaffected. But there is a good chance, your website’s customers/users may be redirected to fraudulent websites and no-way to detect the same.

**7)**Apply Railfence with 3 rails on the following plaintext and show the ciphertext. Ignore spaces in plaintext.

**Answer**:

RAIL 2: 'AGRUDRDVLYETOS

RAIL 3: 'NOAERSY

Ciphertext is taken from Left to Right

DESEIDR AGRUDRDVLYETOS NOAERSY

**8)**Consider the 'Forgot Password' mechanism in a public website. Show one bad insecure implementation and one good secure implementation.

**Answer**:

1) By confirming some personal details associated with the account, the existing password is shown in the website or is emailed to the user.

2) By confirming some personal details associated with the account, the website creates a new password and shows it in the webpage right away.

3) By confirming some personal details associated with the account, the website creates a new password and emails it to the user.

4) By confirming some personal details associated with the account, the website allows to create a new password right away

5) By confirming some personal details associated with the account, the website emails a web-URL to the user, which can be used to create a new password.

Usually this web-URL expires very quickly if unused.

1) is a Bad implementation as it is clear the website is storing the plaintext password as-is which is a big NO in terms of security. Passwords must be hashed,salted, peppered and only encrypted hashes need to be stored in any storage on the website’s server side., which is clearly not happening in this case.

5) is a Good implementation as a fraud user will not be able to reset the password even if he/she knows the user’s personal details or account-specific details. Given that users may have multiple emails, the fraud user needs to correctly guess which email of the user was used in the website and also have access to that email of the user.

**9)**My friend Pavan says, https will be insecure if used through a proxy server. Is he correct? Yes/No. Validate your claim by showing HTTP messages.

**Answer**:

In other words, the proxy server will know that the browser is connecting to say abcd.com but beyond that it will not know the URLs or what pages in the abcd.com website, the browser is accessing.

**10)**Why is MD5 not a good candidate for

ii) data integrity checks

**Answer**:

**Password Hashing**– simple plain MD5 hashes were used earlier. ie. What gets stored in the password database is H = MD5(plaintext-password). This is no longer secure, because anybody (hacker or a disgruntled exemployee) who gets access to this password database will be able to brute force attack with guessable passwords or dictionary based passwords. This is the reason usually password database should be salted, peppered and encrypted.

**ii)**Well for data integrity checks which are not very critical, MD5 fits the bill just fine. eg. Downloading a file from a website, verifying the MD5 hash of the downloaded file with the website-advertised-MD5-hash is most of the time adequate.

**11)**Show with working that 7 is a primitive root of 11

**Answer**:

7 ^ 1 mod 11 = 7 mod 11 = 7

7 ^ 2 mod 11 = 49 mod 11 = 57 ^ 3 mod 11 = 5. 7 mod 11 = 35 mod 11 = 2

7 ^ 4 mod 11 = 2. 7 mod 11 = 14 mod 11 = 3

7 ^ 5 mod 11 = 3. 7 mod 11 = 21 mod 11 = 10

7 ^ 6 mod 11 = 10.7 mod 11 = 70 mod 11 = 4

7 ^ 7 mod 11 = 4. 7 mod 11 = 28 mod 11 = 6

7 ^ 8 mod 11 = 6. 7 mod 11 = 42 mod 11 = 9

7 ^ 9 mod 11 = 9. 7 mod 11 = 63 mod 11 = 8

7 ^ 10 mod 11 = 8. 7 mod 11 = 56 mod 11 = 1

Well, at this point the above sequence starts repeating, as

7 ^ 11 mod 11 = 1. 7 mod 11 = 77 ^ 12 mod 11 = 7. 7 mod 11 = 49 mod 11 = 5

7 ^ 13 mod 11 = 5. 7 mod 11 = 35 mod 11 = 3

. . .

As all the numbers between 1 and 10 are generated by repeated powers of 7 by modulo 11, this shows that 7 is indeed a primitive root of 11.

**12)**Show with working.

i) 2 ^ X mod 23 = 1. Find X

ii) 1446 mod 23 = Y. Find Yiii) 929909 ^ 1446 mod 23 = Z. Find Z

**Answer**:

**i)**

As 2 is relatively prime to 23, using Fermat’s theorem, we know that

2 ^ 22 mod 23 = 1 → X = 22

or more correctly, X = one from set { 22, 44, 66, … }

**ii)**

Simple reduction, removing multiples of 23 from 1446

→ Y = 1446 mod 23 = 1400 mod 23

23 x 6 = 138 → removing 1380 from 1400 → Y = 20 mod 23 = 20

Y = 20

**iii)**

Reducing the base, 929909

ie. 929909 mod 23

Quick and dry idea is to remove all multiples of 23 (and their 10s, 100s, etc)

→ 9909 mod 23 ( as 23 x 4 = 92 .. so removing 920000 )

→ 709 mod 23 ( removing 9200)

→ 19 mod 23 ( as 23 x 3 = 69. removing 690)

→ 19 or -4

Therefore to compute -4 ^ 1446 mod 23

= 4 ^ 1446 mod 23 (as exponent is even)From Fermat theorem 4 ^ 22 mod 23 = 1

So to reduce the exponent 1446 in terms of multiples of 22,

To find 1446 mod 22

= 346 mod 22 (as 22 x 5 = 110, removing 1100 )

→ 126 mod 22 (removing 220)

→ 16 mod 22 (removing 110 )

Therefore to find, (4 ^ 22) ^ k. 4 ^ 16 mod 23

→ 1. 4 ^ 16 mod 23
Repeated squaring, 4 ^ 2 mod 23 = 16 or -7

4 ^ 4 mod 23 = -7.-7 = 49 mod 22 = 34 ^ 8 mod 23 = 3.3 = 9 mod 22 = 9

4 ^ 16 mod 23 = 9. 9 = 81 mod 22 = 12

Therefore Z = 12

*Question 13 and 14 is a bookish Question - you will get it easily.*

**15)**Euler's Totient function is represented as Phi(X). Find the values of the following.

i) Phi(29)

ii) Phi(51)

iii) Phi(400)

iv) Phi(841)

**Answer**:

i) Phi(29) : Phi(p) = p -1 . where p is prime. 29 is prime.

Therefore, Phi(29) = 28

Therefore, Phi(29) = 28

ii) Phi(51) : Phi(m.n) = Phi(m) . Phi (n)

→ 51 is 17x3 → Phi(51) = Phi(17). Phi(3)

Given that 17 and 3 are prime,

Phi(51) = Phi(17). Phi(3) = 16. 2 = 32

→ 51 is 17x3 → Phi(51) = Phi(17). Phi(3)

Given that 17 and 3 are prime,

Phi(51) = Phi(17). Phi(3) = 16. 2 = 32

iii) Phi(400) :

Reducing 400 into its prime factors,

400 = 4. 100 = 4. 4. 25 = 2 ^ 4 . 5 ^ 2

Phi(p ^ n) = (p^n) – (p ^ (n-1)) where p is prime.

Therefore,

Phi(400) = Phi(2 ^ 4) . Phi(5 ^ 2)

→ (2^4 – 2^3) . (5^2 – 5^1)

→ (16-8) . (25-5) = 8. 20 = 160

Reducing 400 into its prime factors,

400 = 4. 100 = 4. 4. 25 = 2 ^ 4 . 5 ^ 2

Phi(p ^ n) = (p^n) – (p ^ (n-1)) where p is prime.

Therefore,

Phi(400) = Phi(2 ^ 4) . Phi(5 ^ 2)

→ (2^4 – 2^3) . (5^2 – 5^1)

→ (16-8) . (25-5) = 8. 20 = 160

iv) Phi(841) :

Trick is to figure out that 29 ^ 2 is 841. Then it follows,

→ Phi(29 ^2) = 29 ^2 – 29 = 841 – 29 = 812

Trick is to figure out that 29 ^ 2 is 841. Then it follows,

→ Phi(29 ^2) = 29 ^2 – 29 = 841 – 29 = 812

**17)**Consider a RSA system where p=7, q=13. Private key material e=11.

i) Find the public key.

ii) Find the ciphertext when the plaintext M=2.

Show proper math working

**Answer**:

Here n = p.q = 7.13 = 91

Public key is (e,n) = (11,91)

Phi(n) = Phi(7.13) = Phi(91) = 6.12 = 72

d value has to be computed. d ≡ e-1 mod (n)

Private key = (d, n)

d = 11 ^ -1 mod 72

Note: Phi(72 ) = Phi(6.6. 2) = Phi ( 3^2. 2^3 )

→ Phi(72) = (3^2 – 3) . (2^3 – 2^2) = 6. 4 = 24

Therefore, from Euler, 11 ^ 24 mod 72 = 1

Therefore, d = 11^-1 mod 72 is same as 11^23 mod 72

Repeated squaring,

11^2 mod 72 = 121 mod 72 = 49

11^4 mod 72 = 49.49 mod 72 = (50-1)^2 mod 72

= 2500+1-100 mod 72

= 2401 mod 72

= 2401 - 2160 = 241 mod 72 (removing multiples of 72)

= 241 - 216 mod 72 = 25

11^8 mod 72 = 25.25 mod 72 = 625 mod 72

= 625 - 576 = 49

same as 11^2 mod 72 as above. Good!

Therefore,

11^16 mod 72 = 25

Reducing 23 as powers of 2, --> 23 = 16 + 4 + 2 + 1

11^23 mod 72 = 11^16. 11^4. 11^2. 11 mod 72

= 25. 25. 49. 11 mod 72

= 49. 49. 11 mod 72

= 25. 11 mod 72

= 275 mod 72

= 275 - 216 = 59

Therefore, d = 59

ii) Given plaintext M=2, ciphertext C = M ^ e mod n

Therefore, C = 2 ^ 11 mod 91

→ 2^10 . 2 mod 91

To find 2^10 mod 91

→ 1024 mod 91

→ 1024 – 910 = 114 mod 91 = 23

Therefore C = 23. 2 mod 91 = 46

Therefore, C = 2 ^ 11 mod 91

→ 2^10 . 2 mod 91

To find 2^10 mod 91

→ 1024 mod 91

→ 1024 – 910 = 114 mod 91 = 23

Therefore C = 23. 2 mod 91 = 46

## No comments:

## Post a Comment