Cryptograpy Exam

649 Words Oct 29th, 2014 3 Pages
1. What are some threats associated with a direct digital signature scheme?
a. The scheme validation is dependent on the security of the sender’s private key, which the sender can later claim lost or stolen and that the signature was forged when trying to deny sending a particular message.
b. If a private key is stolen from Bob at time t, the thief can send a message signed with Bob’s signature with a time stamp equal to or less than t.
c. The need for trust between 2 participants is a potential threat since there is no independent verification process.
2. How can you get physical possession of the password hashes from a MS Server 2008 running Active Directory?
a. To obtain hashes from a MS Server 2008, the system has to be
…show more content…
b. Two parties each create a public-key, private-key pair and communicate the public key to the other party. The keys are designed in such a way that both sides can calculate the same unique secret key based on each side's private key and the other side's public key.
4. What are the principal services provided by PGP?
a. Digital Signature (DSS/SHA or RSA/SHA)
b. Message Encryption (CAST-128, IDEA, 3-DES in conjunction
c. with RSA)
d. Compression (Lempel-Ziv)
e. E-mail compatibility (Radix-64 conversion)
f. Segmentation (to overcome maximum message length of 50,000 bytes for SMTP)
5. What is involved in obtaining a VeriSign certificate? There are some 3rd party companies that provide VeriSign certificates below is one process from Internet Junction:
a. Domain Ownership
i. The person applying for VeriSign must be either the owner of a registered domain or an employee of the company that owns the domain
b. Proof of Right
i. Organizations applying for VeriSign must be legitimate and registered with the proper government authorities. The following can be provided as proof of right.
1. DUNS (Dun & Bradstreet) number
2. Business license
3. Articles of incorporation
4. Partnership papers
5. Business license
c. Application completion
i. Application is completed once the required documents have been verified

More about Cryptograpy Exam