Chapter Eight

Max Werdin

Exercises:

1.      Go to a popular online e-commerce site like Amazon.com. Place several items in your shopping cart, and then go to check out. When you reach the screen that asks for you credit card number, right-click on the Web browser and select “Properties.” What can you find out about the cryptosystems and protocols in use to protect this transaction? On Amazon.com, I found that there are a few cryptosystems and protocols in place. The most interesting thing I found was that there were 12,292 blank lines of code before anything was actually written. Amazon ensures a secure transaction by encrypting the users information on the users end, and then decrypts their information on their end.

2.      Perform a Web search for “Announcing the Advanced Encryption Standard (AES).” Read this document which is a FIPS 197 standard. Write a short overview of the development and implementation of this cryptosystem.

Although this question prompted me to read all of “Announcing the Advanced Encryption Standard (AES)”, I found the document to be quite long and quite confusing as well. From what I read the development of this system was spearheaded by the NIST. The Advanced Encryption Standard is implemented in 14 very specific steps. If one wishes to use this cryptosystem, they must follow all 14 steps very carefully in order to comply with the Advanced Encryption Standard.

 

 

Case Exercises:

1.     Was Peter exaggerating when he gave Charlie the time estimate on how long it could take to gain access to the files that he had encrypted? No, I don’t believe he was being there is really no sure way to determine how long it could take to gain access to the files. Encryption is meant to avoid things exactly like this so trying to break into the files is a very time consuming endeavor.

2.     Are there any other options for applications that Peter could use safely to avoid losing a passphrase? Yes, there are many different ways that one could recover the passphrase without using a brand specific tool. However, these tools can sometimes ruin the file making the data unrecoverable and in other words, lost forever. The best method of recovery is to always use the software as it’s meant to be used.

Ethical Decision Making:

 Would using a key logger company wide be ethical? No, this would be horribly unethical. During work hours, employees may need to check their bank account or other personal items that cannot wait until after business hours. With that in mind, logging all the key strokes would be completely unethical.

Is telling Peter that they were able to crack the encryption ethical when in reality, they logged his key strokes and they had the passphrase on file? This is also completely unethical. Simply put, they are lying about what data they have on file about his personal computer use. How could this possibly be ethical? Being all the employees signed a release, why wouldn’t they explain exactly how they got the information and saved the file?