Chapter 2 - Cryptographic Protection

Chapter 2 - Cryptographic Protection

Copyright(c), 1990, 1995 Fred Cohen - All Rights Reserved

Cryptography is the study of secret writing, or in other words, of transforming information into a form that obscures its meaning. In cases where release or modification of information could cause harm, cryptography may be of value. We begin our discussion by listing the most widespread applications of cryptography and explaining how each is attained.

Many other uses for cryptography now exist, and further applications will almost certainly grow as our understanding of information protection grows. The major advantage of properly designed and implemented cryptographic applications is that they are inexpensive to use, expensive to attack, and independent of other factors in the environment. The major problems are in the assurance of these advantages in actual use.


1 - Simple cryptographic in class problem:

a) Using a Caesar cipher, encode a sentence
b) Using a Polyalphabetic Substitution Cipher, encode a sentence
c) Exchange ciphers with another student, and decode their messages

2 - Estimate the time required to attack:

a) An RSA cryptosystem with a modulus of 40 digits using a CRAY-I
b) A polyalphabetic substitution cipher with a key length under 10

3 - Describe how and why encryption can be used for:

a) Keeping information transmitted over public phones secret
b) Signing documents that must stand up in court
c) Protecting files on disk from illicit observation

4 - Is it possible to: (explain why and how)

a) Break a polyalphabetic substitution cipher with any amount of ciphertext
b) Break any cipher given enough time
c) Break a polyalphabetic substitution cipher given enough text
d) Increase the attack time by data compression

5 - Describe and explain protocols to:

a) Exchange private keys using a public key system
b) Verify a signature using the RSA cryptosystem
c) Distribute session keys using the DES

6 - Which takes longer:

a) Breaking a 200 digit RSA message, or breaking a forty byte DES message
b) Breaking a 10 character Caesar cipher, or adding two 100 digit numbers
c) Forging an RSA authentication, or walking across the USA

7 - Which would you trust most, least if your life depended on it:

a) A cryptosystem with a 'secret but unbreakable cipher method'
b) A secret cryptosystem certified by the NSA
c) A one-time-pad