Yunze Wang

ITS 370

4/2/2020

 

CH8

 

Exercises

  1. Go to a popular online e-commerce site like Amazon.com. Place several items in your shopping cart, and then go to check out. When you reach the screen that asks for your credit card number, right-click on the Web browser and select “Properties.” What can you find out about the cryptosystems and protocols in use to protect this transaction? Answer:

The primary methodology of cryptologic protection for the site that I tested, which was indeed Amazon.com, is provided by the well-known security purveyor Symantec. We already know that Symantec has a rich history of providing private users and organizations with intricate security protocol suites, which often come in packages that can be tailored to the specific need. if one navigated their way to the certificate properties for the secure checkout on Amazon, they would be met with the following information: “The page you are viewing was encrypted before being transmitted over the internet”.

           

2.       Repeat Exercise 1 on a different Web site. Does this site use the same or different protocols? Describe them.

Answer:

Two sites use the same protocol of HTTP but with different connections.

 

Case Exercises:

Discussion Questions

1.      Was Charlie exaggerating when he gave Peter an estimate for the time required to crack the encryption key using a brute force attack?

Answer:

I assume Charlie is saying that it will take couple of minutes to crack passphrase using brute force attack. If this is the case, then Yes Charlie is exaggerating in this matter. As the time required to break the passphrase depends on the length of the passphrase. More the length, more will be the possibilities or permutations which needed to be tested. So, couple of minutes are not enough even if passphrase length is short.

If my assumption is wrong and Charlie is saying that it will take couple of million years to break the passphrase, then also this exaggeration, as, million years is a lot of time, and breaking a passphrase of finite length will take a lot of time but not in terms of million years.

2.     Are there any tools that someone like Peter could use safely, other than a PKI-based system that implements key recovery, to avoid losing his passphrase?

Answer:

There are a lot of tools available other than PKI based which can be used to crack password. e.g. There are some black hat software’s available such as Hiren Boot CD, Windows Password Changer (WPC), etc.

  

Ethical Decision Making

1.      Would the use of such a tool be an ethical violation on Charlie’s part? Is it illegal?

Answer:

Here as Charlie has not taken any one's permission even policy authority so using such keylogger tool is completely ethical violation on Charlie’s part. Because any decision that has taken by a company it’s not an issue until everyone agreed to it. Because without knowledge of such software the people will not aware and they may get trap and there is not any written document regarding the acknowledgement so it’s completely wrong or illegal to blame someone based on result of such software’s. And second illegal thing is to copy some else's encryption key because the policy should be equal to all the people and it should not be used for personal gain.

 

2.      Suppose that Charlie had implemented the key logger with the knowledge and approval of senior company executives, and that every employee had signed a release that acknowledged the company can record all information entered on company systems. Two days after Peter’s call, Charlie calls back to give Peter his key: “We got lucky and cracked it early.” Charlie says this to preserve Peter’s illusion of privacy. Is such a “little white lie” an ethical action on Charlie’s part?

   Answer:

No it is still not ethical action on Charlie’s part because the policy should be same for everyone and as Charlie is the one who installed this software so he should keep this secret and not to misuse as it’s not a matter how Peter came to know his encryption key from Charlie but why should Charlie in first place copy the encryption key for peter and share the encryption code with Peter, its completely unethical.