Homework 2 - Cryptography

Due: Friday April 20, 2012 by midnight

Each question is worth 2 points, 20 points total.

  1. One-time pads are provably secure. Why are one-time pads so rarely used in practice?
  2. What is the purpose of the "real-or-random" evaluation of a cryptographic algorithm?
  3. Why does combining substitution and transposition (permutation) result in a higher level of security than either alone?
  4. DES was extensively in use for over three decades. Do you think AES will have this sort of staying power? Explain why or why not.
  5. Explain why encrypting a message then signing it is not secure. Why does reversing the order (signing then encrypting) provide security?
  6. What would be the implication of Jane having the same RSA private key as Bob's RSA public key? Should Jane change her key pair?
  7. When websites post large files for users to download, they want to give the user some assurance that the file is uncorrupted and has not be substituted with another file. A common method to do this is to list the MD5 hash on the website with the download link. Is this any better than just having the download link? Explain why or why not.
  8. A classic debate among cryptographers (and conspiracy theorists) is how vulnerable encryption algorithms should be (or actually are for our conspiracy theorist friends) to government decryption. Explain why having a "master key" for an encryption algorithm might be a bad idea from a purely technological perspective (ignoring the government privacy issues that would also result from such a key).
  9. A fundamental cryptographic principle states that all messages must have redundancy. But redundancy can potentially help a cryptanalyst recover information from the ciphertext. Consider two forms of redundancy. First, the initial n bits of the plaintext contain a known pattern. Second, the final n bits of the message contain a hash over the message. From a security point of view, are these two equivalent? Explain your answer.
  10. When using Diffie-Hellman key exchange, why is it difficult to protect against a man-in-the-middle attack when neither party has any a priori knowledge of each other, such as the server public key in SSH?