1. Go to a popular online e-commerce site like Amazon.com. Place several items in your shopping cart, and then go to check out. When you reach the screen that asks for your credit card number, right-click on the Web browser and select “Properties.” What can you find out about the cryptosystems and protocols in use to protect this transaction?
Chose Amazon and found that their public key is RSA (2048 Bits). The RSA key is an asymmetric cryptography, which is used for validating identity and ensuring that only an intended recipient can access the information sent.
2. Repeat Exercise 1 on a different Web site. Does this site use the same or different protocols? Describe them.
Chose Best Buy for the second website and they’re also using a RSA (2048 Bits) encryption.
1. Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack?
Charlie wasn’t exaggerating about the security of the encryption. With a 256-bit key, it could take hundreds of trillions of years to crack using brute force.
2. Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase?
Yes, there are tools like Dashlane, which allows you to encrypt, manage, and save your passwords.
Ethical Decision Making
1. Would the use of such a tool be an ethical violation on Charlie’s part? Is it illegal?
Yes, adding a key logger onto the company’s system without permission from management, is an ethical violation and illegal.
2. Suppose that Charlie had implemented the key logger with the knowledge and approval of senior company executives, and that every employee had signed a release that acknowledged the company can record all information entered on company systems. Two days after Peter’s call, Charlie calls back to give Peter his key: “We got lucky and cracked it early.” Charlie says this to preserve Peter’s illusion of privacy. Is such a “little white lie” an ethical action on Charlie’s part?
This is not unethical because Charlie has permission from the senior members of the company, along with signed releases from every employee. So, everyone in the company would have known about the key logger. If Peter never signed the release or known that the key logger was in place, then yes, it would be considered unethical.