Question

1-If attackers are able to get their hands on a password file, where all the passwords are hashed and salted, what would be their best approach to obtain at least one of these password?

Here an example of the first two lines of a generic password file:

HASH (SHA-256)	SALT
1138275656b8e5d8f48a98c3c92df27e6fbfe24a750e72930c220a8e2caba935	535788591
ee65ef498fb368a2dfd38b40f0ee75c05963cd9da6e5f014118c7d9747fcc97f4	778035290

2-Play-Doh™ (Links to an external site.) has been used to get access to systems that used fingerprinting as access control (yup, and it worked 90% of the time with any scanner...)

Which of the following methods would be effective to avoid this kind of attack? Select all that apply.

Group of answer choices

a)The fingerprinting sensor should be able to recognize blood vessels and compute pressure and other kind of analysis

b)The fingerprinting sensor should be able to liquify the Play-Doh™ (around 1000 °F)

c)The fingerprinting sensor should actually be fake, letting the attackers waste their time playing with Play-Doh™

d)The fingerprinting sensor should check for humidity levels of the finger

e)The fingerprinting sensor should emit a light to check if the pupil reacts

3-Suppose you receive a digital certificate that contains M and [h(M)]_CA , where M = (Alice, Alice's public key) and "CA" is a Certificate Authority.

How do you verify the Signature?

Remember that:

[X]_Bob indicates encryption via Bob's private key to X (signature)

h(X) indicates the cryptographic hash function applied to X

Group of answer choices

a)You decrypt the encrypted message using the CA's public key, then you compute the hash of M, finally you compare the two hashes

b)You decrypt the encrypted message using the CA's private key, then you compute the hash of M, finally you compare the two hashes

c)You decrypt the encrypted message using the CA's private key, then you compute the hash of [h(M)]_CA, finally you compare the two hashes

d)You decrypt the encrypted message using the CA's public key, then you compute the hash of [h(M)]_CA, finally you compare the two hashes

Answer 1

The answers for the given problem statements are as follows:

Which of the following methods would be effective to avoid this kind of attack? Select all that apply.

Group of answer choices

a)The fingerprinting sensor should be able to recognize blood vessels and compute pressure and other kind of analysis

b)The fingerprinting sensor should be able to liquify the Play-Doh™ (around 1000 °F)

c)The fingerprinting sensor should actually be fake, letting the attackers waste their time playing with Play-Doh™

d)The fingerprinting sensor should check for humidity levels of the finger

e)The fingerprinting sensor should emit a light to check if the pupil reacts

3-Suppose you receive a digital certificate that contains M and [h(M)]_CA , where M = (Alice, Alice's public key) and "CA" is a Certificate Authority.

How do you verify the Signature?

Remember that:

[X]_Bob indicates encryption via Bob's private key to X (signature)

h(X) indicates the cryptographic hash function applied to X

Group of answer choices

a)You decrypt the encrypted message using the CA's public key, then you compute the hash of M, finally you compare the two hashes

b)You decrypt the encrypted message using the CA's private key, then you compute the hash of M, finally you compare the two hashes

c)You decrypt the encrypted message using the CA's private key, then you compute the hash of [h(M)]_CA, finally you compare the two hashes

d)You decrypt the encrypted message using the CA's public key, then you compute the hash of [h(M)]_CA, finally you compare the two hashes