Paul Shaw

4/3/20

ITS 370

Chapter 8

EXERCISES

5. Search the web for “Steganographic tools.” What Did you find? Download and install a trial version of one of these tools. Embed a short text file within an image. In a side by side comparison, can you tell the difference between the original image and the image with the embedded file?

          I found a lot of information on steganographic tools and quite a few examples of usable tools. The one I picked to embed text was thankfully browser based and free, and I could not tell the difference between the original and the new one at a glance or up close.

1.   Go to a popular online e-commerce site like Amazon.com. Place seeral items in your cart and then go to check out. When you reach the screen that asks for your credit card number, right click on the Web browser and select ‘Properties.’ What can you find out about the cryptosystems and protocols in use to protect the transaction?

          Amazon has a massive 2048 bit public key, and has a signature algorithm called ‘sha256RSA’ with its hash algorithm of ‘sha256’. RSA is what is 2048 bits and there are also long strings of data called Subject and Authority Key Identifiers.

Case Exercises

         Discussion Questions

1.   Was Charlie exaggerating when he gave Peter an estimate for the time requires to crack the encryption key using a brute force attack?

He was exaggerating, a 256 bit key would take much longer than a hundred trillion years to break with a brute force attack and the relevant parties would have long turned to dust by the point it was broken

2.    Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase?

Something physical on his person as a somewhat literal key may be good, something he takes with him frequently when he goes to work might be best. Not the code itself, but a gentle reminder of the key that would make sense to him until he remembers it.

          Ethical Decision Making

1.    Would the use of such a tool be an ethical violation on Charlie’s part? Is it illegal?

It would be Illegal and very unethical, making a collection of keys you shouldn’t have is a breach of company security and compromises pretty much every single message and piece of information the users he made copies of had.

2.    Suppose that Charlie had implemented the key logger with the knowledge and approval of senior company executives, and that every employee had signed a release that acknowledged the company can record all information entered on company systems. Two days after Peter’s call, Charlie calls back to give Peter his key: “We got lucky and cracked it early.” Charlie says this to preserve Peter’s illusion of privacy. Is such a “little white lie” an ethical action on Charlie’s part?

I think it would be ethical, since it was established outside of work and it was being used on company property. If the key is used and the company gets access to it, then Peter is the one at fault for using it on company property after signing the release form.