Xiaoling Wu

ITS 370

Ch 8 HW




4. Perform a Web search for “Announcing the Advanced Encryption Standard (AES).” Read this document, which is a FIPS 197 standard. Write a short overview of the development and implementation of this cryptosystem.


Answer: This standard specifies the Rijndael algorithm, a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits. Rijndael was designed to handle additional block sizes and key lengths, but they are not adopted in this standard.


5. Search the Web for “steganographic tools.” What do you find? Download and install a trial version of one of the tools. Embed a short text file within an image. In a side-by-side comparison, can you tell the difference between the original image and the image with the embedded file?


Answer: It is not necessary to conceal the message in the original file at all. Thus, it is not necessary to modify the original file and thus, it is difficult to detect anything. If a given section is subjected to successive bitwise manipulation to generate the cyphertext, then there is no evidence in the original file to show that it is being used to encrypt a file. However large the image is, after you embed it, your InDesign file becomes that much larger.




Case Exercises

Charlie was getting ready to head home when the phone rang. Caller ID showed it was Peter. “Hi, Peter,” Charlie said into the receiver. “Want me to start the file cracker on your


“No, thanks,” Peter answered, taking the joke well. “I remembered my passphrase. But I want to get your advice on what we need to do to make the use of encryption more effective and to get it properly licensed for the whole company. I see the value in using it for certain kinds of information, but I’m worried about forgetting a passphrase again, or even worse, that someone else forgets a passphrase or leaves the company. How would we get their files back?”

“We need to use a feature called key recovery, which is usually part of PKI software,” said Charlie. “Actually, if we invest in PKI software, we could solve that problem as well as several others.” 8

“OK,” said Peter. “Can you see me tomorrow at 10 o’clock to talk about this PKI solution and how we can make better use of encryption?”

Discussion Questions

1.      Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack?

Answer: Yes, Charlie was exaggerating about time required to crack the data using brute force attack. Because, brute force method takes quite long time for two to three million years for passphrase. Brute force method is good to find text passwords.

2.      Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase?

Answer: Yes. There are a lot of tools available other than PKI based which can be used to crack password. There are some black hat software available such as Hiren Boot CD, Windows Password Change (WPC) etc.

Ethical Decision Making

Suppose Charlie had installed key logger software on all company computer systems and had made a copy of Peter’s encryption key. Suppose that Charlie had this done without policy authority and without anyone’s knowledge, including Peter’s.

1.      Would the use of such a tool be an ethical violation on Charlie’s part? Is it illegal?

Answer: Here as Charlie has not taken any one's permission even policy authority so using such keylogger tool is completely ethical violation on Charlie’s part. Because any decision that has taken by a company it’s not an issue until everyone agreed to it. Because without knowledge of such software the people will not aware and they may get trap and also there is not any written document regarding the acknowledgement so it’s completely wrong or illegal to blame someone based on result of such software. And second illegal thing is to copy some else's encryption key because the policy should be equal to all the people and it should not be used for personal gain.

2.      Suppose that Charlie had implemented the key logger with the knowledge and approval of senior company executives, and that every employee had signed a release that acknowledged the company can record all information entered on company systems. Two days after Peter’s call, Charlie calls back to give Peter his key: “We got lucky and cracked it early.” Charlie says this to preserve Peter’s illusion of privacy. Is such a “lit- tle white lie” an ethical action on Charlie’s part?

Answer: No it is still not ethical action on Charle's part because the policy should be same for everyone and as Charlie is the one who installed this software so he should keep this secrete and not to misuse as it’s not a matter how Peter came to know his encryption key from Charlie but why should Charlie in first place copy the encryption key for peter and share the encryption code with Peter, its completely unethical.