Security Fundamentals-Passwords-Hash Functions-Encryption

Security Fundamentals-Passwords-Hash Functions-Encryption

  1. Explain how passwords are stored in a device/packaged for transmission
  2. Highlight any FOUR main attributes that define a good hash function                      
  3. Differentiate cipher text from message digest                                    
  4. Describe clearly how a digital signature is generated and briefly explain its use
  5. Explain the problems related to e-mail compatibility for encrypted content and how PGP resolves this issue

ANSWER……

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

a) Storage of Passwords in Devices and Transmission:

When stored in a device, passwords are typically hashed and salted before being saved. Hashing involves converting the password into a fixed-length string of characters using a cryptographic hash function. Salting involves adding random data (salt) to the password before hashing, which enhances security by making it harder for attackers to use precomputed tables (rainbow tables) to crack passwords.

During transmission, passwords are often encrypted using secure protocols such as HTTPS (HTTP over SSL/TLS) or SSH (Secure Shell). Encryption ensures that passwords are protected from eavesdropping and interception by encrypting the data before sending it over the network. This prevents unauthorized access to the password during transmission.

b) Attributes of a Good Hash Function:

Four main attributes that define a good hash function are:

  1. Deterministic: For a given input, a hash function should always produce the same output. This property ensures consistency and reliability in hash generation.
  2. Preimage Resistance: It should be computationally infeasible to reverse a hash value to obtain the original input. In other words, given a hash value, it should be difficult to find a message that produces that hash value.
  3. Collision Resistance: A hash function should minimize the likelihood of two different inputs producing the same hash output (collision). This property ensures the integrity of the hashing process, as it reduces the chance of false positives.
  4. Avalanche Effect: A small change in the input should result in a significantly different hash output. This property ensures that even minor modifications to the input data will produce a completely different hash value, enhancing security against cryptographic attacks.

c) Difference between Cipher Text and Message Digest:

  • Cipher Text: Cipher text refers to the encrypted form of a message or data, produced using an encryption algorithm and a key. It is unintelligible and unreadable without the corresponding decryption key. Cipher text obscures the original content, providing confidentiality to the communication.
  • Message Digest: A message digest, also known as a hash value or hash code, is a fixed-size string of characters generated by applying a cryptographic hash function to a message or data. Unlike cipher text, a message digest is not encrypted and cannot be reversed back to the original message. Message digests are used for data integrity verification and authentication, as even a small change in the input data will result in a completely different digest value.

    ORDER A PLAGIARISM-FREE PAPER HERE

    We’ll write everything from scratch

d) Generation and Use of Digital Signatures:

To generate a digital signature:

  1. Hashing: The sender calculates a message digest (hash value) of the message using a cryptographic hash function.
  2. Signing: The sender encrypts the message digest using their private key, creating the digital signature.

To verify the digital signature:

  1. Hashing: The recipient calculates a new message digest of the received message using the same hash function used by the sender.
  2. Verification: The recipient decrypts the digital signature using the sender’s public key to obtain the original message digest.
  3. Comparison: The recipient compares the newly calculated message digest with the decrypted message digest. If they match, the signature is valid; otherwise, it is considered invalid.

Digital signatures are used to provide authenticity, integrity, and non-repudiation to digital messages or documents. They ensure that the message originated from the claimed sender, has not been altered during transmission, and the sender cannot deny having sent the message.

e) Problems Related to Email Compatibility for Encrypted Content and PGP Resolution:

One problem related to email compatibility for encrypted content is that not all email clients support the same encryption standards or protocols. This can lead to issues when trying to send encrypted emails between users using different email clients or platforms.

PGP (Pretty Good Privacy) resolves this issue by providing a standardized encryption format and protocol for securing email communications. PGP is compatible with various email clients and platforms, allowing users to encrypt and decrypt emails regardless of the email client being used. Additionally, PGP provides end-to-end encryption, ensuring that only the intended recipient can decrypt and read the encrypted message.

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Get your college paper done by experts

Do my question How much will it cost?

Place an order in 3 easy steps. Takes less than 5 mins.