Questions

 

Question 1. Go to a popular online e-commerce site like Amazon.com. Place several items in your shopping cart, and then go to check out. When you reach the screen that asks for your credit card number, right-click on the Web browser and select “Properties.” What can you find out about the cryptosystems and protocols in use to protect this transaction?

When I went to ebay.com, I checked the properties, and here is what I found: The security overview showed me that this was a secure page, that it was using a valid, trusted server, that all the resources on this page were served securely and that the connection to this site used a strong protocol (TLS 1.2), an obsolete key exchange (RSA), and a strong cipher (AES_128_GCM).

 

Question 2. Repeat Exercise 1 on a different Web site. Does this site use the same or different protocols? Describe them.

This time I checked Amazon.com, and the difference that I found with this one was the key exchange, because Amazon uses a strong key exchange, not an obsolete one, and it is ECDHE_RSA with P-256. This means that you can trust buying things with your credit card on Amazon more than on ebay, and this is really important because you do not want to enter important information such as those if the website is not secure, so it is good to know these things before doing anything.

 

Question 3. Perform a Web search for “Symantec Desktop Email Encryption (powered by PGP Technology).” Download and install the trial version. Using the tool and your favorite e-mail program, send a PGP-signed e-mail to your instructor. What looks different in this e-mail compared with your other e-mails?

I tried to do this exercise and at first I was very confused and didn’t understand how I was supposed to send an email with this. I then tried to Google some guidelines and was able to send something to my boyfriend, since I probably mistakenly sent several emails, I thought it was easier to send them to him. The email was so different than what I am used to when I use Outlook, it was bigger and there were some information on it that I didn’t quite understand and I think someone needs training to be able to know exactly what they are doing with it.

Question 4. Perform a Web search for “Announcing the Advanced Encryption Standard (AES).” Read this document, which is a FIPS 197 standard. Write a short overview of the development and implementation of this cryptosystem.

This document was very long and I didn’t understand all of it perfectly, but I understood that the selection process consists of several steps: security, cost, algorithm and implementation characteristics. There are candidates for a first and a second round. The main issue with it according to specialists is whether or not it will be a success, because even though it is receiving high-profile backing, there are some drawbacks to this process.

 

Question 5. Search the Web for “steganographic tools.” What do you find? Download and install a trial version of one of the tools. Embed a short text file within an image. In a side-by-side comparison, can you tell the difference between the original image and the image with the embedded file?

When I looked it up, I found a comparison of steganographic tools, showing the properties of each one and what kind of file they supported. The description I found for this was that steganography is the process of hiding a secret message within a larger one in such a way that someone can not know the presence or contents of the hidden message. The purpose of steganography is to maintain secret communication between two parties. When I did download it and embedded a short text file within an image I couldn’t tell the difference with the side-by-side comparison.