代写代考 EDITS 28/03:**

# Corrections

**EDITS 28/03:**

Copyright By PowCoder代写 加微信 powcoder

– Q24: Fixed an error in the ciphertext.
– Q26: Made what is required clearer.

# Assignment 1

## CYBR 171 2022 T1: Assignment 1

#### Goals

The goals for this assignment are to be able to

– work with classical symmetric cryptography.
– work with modern symmetric and public-key cryptography.
– use cryptography to check the authenticity, confidentiality and integrity of data.
– demonstrate an understanding of xor cryptography and one time pads.
– demonstrate an understanding of the weaknesses of substitution ciphers.
– reason about the risks of exhaustive key searching, dictionary attacks and the impact of quantum computing.
– read and comprehend industry news sources regarding current malware threats.

#### Resources and links

– Feel free to use online tools such as [Cryptool-Online](https://www.cryptool.org/), but acknowledge this in your answers.
– [Download Zip file](https://ecs.wgtn.ac.nz/foswiki/pub/Courses/CYBR171_2022T1/Assignment1/assignment1.zip) of necessary code and data.
– [Submit](https://apps.ecs.vuw.ac.nz/submit/CYBR171/Assignment_1) your answers.
– [Marks and Feedback](https://apps.ecs.vuw.ac.nz/cgi-bin/studentmarks?course=CYBR171&assignment=assignment_1) (When available)

#### Preparation

Read through the whole assignment and review the videos of the model answers to labs 1 and 2, and make sure you understand all the components of the answers.

Use `**barretts**` to do this work, while logged into that machine follow these steps to obtain the necessary files.

– SSH into barretts.
– Change your working directory to the CYBR171 directory created in lab 1 `**cd CYBR171-2022T1**`
– Make a new directory to hold the assignment files `**mkdir assignment01**`
– Change your working directory to that directory `**cd assignment01**`
– Download the zip file `**curl -O https://ecs.wgtn.ac.nz/foswiki/pub/Courses/CYBR171_2022T1/Assignment1/assignment1.zip**`
– Unzip the file using the command like `**unzip assignment1.zip**`

#### To Submit

– Use the provided template for written answers and submit as *PDF*.
– `**ciphers.des.enc**` for core part.
– `**ciphers.aes.dec**` for core part.
– `**payroll.bf.enc**` for challenge part.

Remember to submit your files. When you have submitted them, check that you can read the files listed on the submission page, and complete the submission process.

#### Structure of the Assignment

This assignment has [Core](https://ecs.wgtn.ac.nz/Courses/CYBR171_2022T1/Assignment1#CorePart), [Completion](https://ecs.wgtn.ac.nz/Courses/CYBR171_2022T1/Assignment1#CompletionPart), and [Challenge](https://ecs.wgtn.ac.nz/Courses/CYBR171_2022T1/Assignment1#ChallengePart) parts.

Tutors will provide help for the core and completion but you should talk to Ian for broad hints regarding the challenges.

Below, is a ciphertext encrypted using a Caesar cipher by shifting each letter to the right by an agreed amount (the key).

It is also in the assignment zip file as `**caesar-cipher.txt**`.

pxevhfx mh max yktvmnkxw ynmnkx, max ybklm vxgmnkr yheehpbgz max lbgznetkbmr. xtkma atl t ihinetmbhg hy khnzaer t ubeebhg ahfbgbwl. yhk max fhlm itkm, maxr tkx atiir pbma maxbk ehm, ebobgz bg t ikxlxkox tm max uhmmhf hy t zktobmr pxee. mahlx pah tkx ngatiir atox xfbzktmxw, chbgbgz hgx hk tghmaxk hy max lptkfbgz wxglx mabgdxk vetwxl matm yhz max bggxk lhetk lrlmxf pbma t wnlm hy fhexvnetk ftvabgxkr lh mabvd matm bm hulvnkxl max lng. xqvxim yhk max lhebmtkr ebzamahnlx uxtf matm ixkixmnteer mktvdl max xtkma bg bml hkubm, max lrlmxf ykhf hnmlbwx kxlxfuexl t liaxkbvte yhzutgd ktwbtmbgz bg max bgyktkxw lixvmknf; t ftmkrhladt uktbg, gxlmxw wrlhg liaxkxl unbem ykhf max wblftgmexw uhgxl hy fhhgl tgw ietgxml.

Answer the following questions.

 1. What is the most common letter in the ciphertext?

 2. Explain how you can use your knowledge of the most common letter to work out the value of the key. (Hint: this is a useful resource http://letterfrequency.org/).

 3. What is the decrypted text?

##### Vignère cipher

The Viginere cipher below is also in the assignment zip file as `**vigienere.txt**`.

UKFNLEOLOFWFFQFJJIULFTZFSHBULNFRGEUBTWJDFIBQHFLOUKFVQJUHETWBUHTUKFSHBHDOFUBXDTXLOELOHGPXQUIHDPOEXDSXDTIHBULOHXQBQEUKFJENQFXBVUIHOFZFTWPGQFXQFTVFTWIFFPNSBSDUJYFMBGFZXJUFTVUJWDILOHWPHHUIHSUKFMDSHHSVQJWHSTLUZUFTHBSFIDHOUHSTDSPXOEWIFZPSOEQXMTHEXLUIDOFZIFDSUEFBWUIHJOWFSQFUSSPWPDRMJSBOGXILMFWIFZPSOEXLEFZFCZBTVUJOMBGFDDEFRSTRBXDZUKFJQUFUOFWXBVBSHBMSMBFFGRSBJSPZJOJOVPCFUPGFPNSVUHSTDWWBFYSMPUFSVBOGBEYFOWVSHSTUFBGZURTFWTBLMPQUIHWJUUVDMTHBURFYSMPUFBQEFAQMRJUWIJVOFZGSROULFSLOOLOFWFFQFJJIUBTJAIBYJOJSFFFOWMZOPTWIJVSFVFBUDIJSBQUBVUSROPPFSFMJIGPUETWPMOXBVNBGFBFPNSVUHSTBTUHNBGNJQXJWIUKFXDWFRGBKBOGCZWIFPBODHFPFOWPGOBXUFOFFCHSLHMFBMBEPSDUPUZTSIZVJDVEFSBSWNFQUDRNNDOEHEURHPIPSWIBQEBGNJQJTWFSVUPOMERWFLOURXIDUBSQFDSFGUPEFBVJNSMFWBTNGPUIJVGJUTUGBZROUKFKRCJQWFVUJJBULOHDTFYFOWZGLWFFFOWFSUPSLOUKFDRNQXUFUBDFPVQUULNFFIBUHFVMJWUMHEJGIFNOPZUIDUUKJTVJYEJURWFUDIDSHHXPXMEWBLHPWHSILTMLGFIPSWIFQFYWTJANPQUIVBOGIBYFUKJTVFMIQSRDMDJNHECHSLHMFBIJSQJHSVECJQHTKPVOEFUTXLUIWIFICJWIFFJBWIFQTBDOEWIFJFSPBOSPMLDFDMMLOQXSTXJURGUKFTRVSFFBQFTWPGEMBFLIDUIDDLHSTDOEDUBQHMHEXHCPIJOWFSQBULPODMFVQJROBJF

We assume that the key is three characters long and have provided the cryptogram.

 4. Create three splits following the instructions below and use the following online tool to make a frequency histogram for **each split of the ciphertext**.

**Creating splits:** You can do this by hand but it is easier and less error prone to use Python (or your favourite language).

Use the python operator [ start :: step ] to a set of letters starting at `**start**` and the next at `**start+step**`, `**start+2\*step**`, and so forth. Here is an example showing you how I can split “abcabcabc” into three strings.

I enter the `**python**` command and get the header information telling me what version of Python that I have started. After that I enter my string `**”abcabcabc”**` and use the split operation to generate three strings to show that I can extract string starting at the 1st (0th position), 2nd (1st position) and 3rd (2nd position). We count from zero.

You can use this code, just replace `**abcabcabc**` with the cryptogram.

Python 3.9.9 (main, Nov 20 2021, 21:30:06)
[GCC 11.1.0] on linux
Type “help”, “copyright”, “credits” or “license” for more information.
>>> “abcabcabc”[0::3]
>>> “abcabcabc”[1::3]
>>> “abcabcabc”[2::3]

**Link to histogram tool:** https://csfieldguide.org.nz/en/interactives/frequency-analysis/

 5. What is the **top two** guesses for the shift value for each of frequency histograms cryptogram?

Justify your answer using no more than a couple of sentences for each split.

 6. Based upon your answer above, state the Vignère key in terms of a three-letter key that can be used to correctly decrypt the cryptogram.

Note you can use the table below to map from a numeric shift value to a letter:

| A | B | C | D | E | F | G | H | I | J | K | L | M |
| :— | :— | :— | :— | :— | :— | :— | :— | :— | :— | :— | :— | :— |
| 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 |

| N | O | P | Q | R | S | T | U | V | W | X | Y | Z |
| :— | :— | :— | :— | :— | :— | :— | :— | :— | :— | :— | :— | :— |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 |

**Link to tool:** https://cryptii.com/pipes/vigenere-cipher

##### Exhaustive key search

To answer these questions you may want to use [ to work with large numbers](https://www.wolframalpha.com/input). You can approximate to powers of 10.

 7. Microsoft Office 2007 onwards allows the use of the AES cryptographic algorithm with a 128-bit shared secret to protect access to documents. Assume you can perform encryption and decryption at a rate of 1,000,000,000 operations per second. What is the maximum amount of time that it would take for a brute-force attack on a single document?

 8. Microsoft Office 2030 onwards allows the use of the RSA cryptographic algorithm with a 1024-bit public and private key pair to protect access to documents. Assume that you can perform encryption and decryption at a rate of 1,000,000,000 operations per second. What is the maximum amount of time that it would take for a brute-force attack on a single document?

##### XOR cryptography

 9. Encrypt the string “ASSIGNMENT” with the key “ABBAABBAAB” using the XOR operator. Express you answer as a binary number rather than converting to Unicode. You can use these online tools: https://www.browserling.com/tools/binary-xor and https://toolnanny.com/.

##### Hashes

 10. Using the command line only, download the disk image [slax-ipxe.iso](https://ftp.sh.cvut.cz/slax/Slax-11.x/slax-ipxe.iso) from [the slax website](https://www.slax.org/) and get the hash found on that page to verify its integrity. Show how you have done this and include any relevant output from commands you have used (do not forget to include the commands too).

 11. Explain why proving the integrity of the downloaded file does not guarantee its authenticity? (Note: your answer should be no more than three sentences).

##### Symmetric cryptography using command line tools

 12. Encrypt the file ciphers.txt using DES in CBC mode using your **ECS username** as the encryption password. Make sure that you use the option `**-pbkdf2**`. Include the command you used to do this in your answers as well and submit the encrypted file as `**ciphers.des.enc**`.

 13. Encrypt the file ciphers.txt using the AES 256 algorithm in ECB mode using your **ECS username** as the encryption password. Make sure that you use the option `**-pbkdf2**`. Include the command you used to do this in your answers as well and submit the encrypted file as `**ciphers.aes.enc**`.

 14. What is the message contained within the file `**treasure.bf.enc**`. It has been encrypted using the blowfish algorithm in CBC mode under the password `**lucre**`. Include the commands used to do the decryption.

##### Public key cryptography using command line tools

Questions 15 and 16 make use of GPG Key shown below.

Here is the GPG key (==gpg-key.txt== in the assignment zip file):

—–BEGIN PGP PUBLIC KEY BLOCK—–

mQGNBGA+yXcBDADHdKvsVizDNqCucQwLPp7zFxKbP9nTBnPb+kqTFQwJCDsEAKQj
sysreJyXYweDif19Wa4XWjH7HY1Ih4HiCcLrQlHPaCopezJz8vQ3j14zf8R7ot5C
2ll7dQEx2N/RG1uWxMujNUgUkgBemREz3c5ETH4XGMir7Yih/ntuYei+bfJ2XnRn
cmVTO55eFwt0Zlgs1/41dBd7NGMX9CfNaZkaPzxJFBjqUD5c09w+nLDy5X/+5lFM
pP5npcGHCQQTCsCRtl0CjqzxdCS8fwvFT6AUc6yHYBx2CP0u6xFkFjVmcZBjozZP
Vx9exRDgCCiJYjdykAd5NiI4MvU3bXguAaIYqjy1qi5e/AmCOlhMhF24t+UTSS3O
6M5lKoK7RDSipSq101HJvDHtEo0nHEs0Exi2mbmwnVL0h80wEwFt9243kFU8fi9x
iIQXvYEsaK+6OE/3uGappS+cOD4kBkNsTxzURruOh1drkuJcLCT+tEPgMSSshEoA
fvqorg4dTh/Ff5MAEQEAAbQqQ1lCUjE3MSAyMDIxIDxjeWJyMTcxLXN0YWZmQGVj
cy52dXcuYWMubno+iQHUBBMBCAA+FiEECOpVdz8yWVQuabu+/I1+5POyrGEFAmA+
yXcCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ/I1+5POyrGFH
Fgv+NPBeAC1b7BN9JrNXuUnXFHos0hES02fctaX+F0pGS3RQdDdgGmVu8hswh5OX
VifQtrdwRFDAH1+k3Pfww5/A9XZmWH6Jc46zGsK0l3YJIQ1szec58pn60DyqvVMI
S5tygq3D/7KQa/+lqRemScuXCulWXKmaGrTY8fGXTZ2QfMcCgqw5gG7nZE2wcKhF
WhWkfwx8leC26iKZVlvmy5HvFj8DCYitw8H0qiE0DfW7cvQU5cskzH45J0bwYZ3l
xNwR3m1oSAaNtJGToypEiROsPTwqXHzFKYWJLNO8s4nJ0gLlIfjWPM0krUKPjJhf
gHEl6WVv7PVdyImAYkqVMqV9jyAnvMv4lIjLO2Vvz6ZdZiSQbViNFYJ2EDwxBbTm
aln7qmdxaFZIgte+MbvmeWxgZO7k4qwagjMvfzYhUb2gX6NLb0tVTVA3VIGDH+FS
4IB9JTib0IPkR+DSwq9hRKsrdK/gl5gbdGOJzx72XBjJqfSEAsdA4bFt6YwEqKH3
5KuYuQGNBGA+yXcBDADE4iEQjsUOOTTVdYvUBgDzdzIh77dQeDWxAsFpV8FnqTZo
E1B7v+brXEz0MoH4jtz/c6n8tZxnClBT3h6GG1/KewFFTnaAnapL0SvSEXHoDLs1
8OtZB9u1LQPO+5QMebkEq/VqPgOnZe7PZuEve95XSTCcfVYgjbMNRYrbf98bYNFc
ekgfE/C652zj9eDM8tQM7NK2pOEU+fvhTujKaydEnsITjaUgbWDGp8LIUx4fUHkW
X6RJbgfcj4qupX6b1vJuAt10CWu/p6OoVCTJ/QAb2y/xVDmbt/n5o/hOzplhytBW
NCU7WRUU+ZssIm6dQizz6ClPaAj+oy4UB/IFyIsnq5LlXqbLBMhRRuAY7uMkdfQx
uvRZETHAsXvwiorjQBO5JYyoArizSUA5lzFvNzzXL+e1GS1mn/uhzEK70urnErLr
tw5tDcobt3FsC22H+A7oEXfRXCIrYsoPZJNgFIX7kyp2BKJNMvCYyRtGd7pAE4Z3
8lOybE7waRMmGODsu3sAEQEAAYkBvAQYAQgAJhYhBAjqVXc/MllULmm7vvyNfuTz
sqxhBQJgPsl3AhsMBQkDwmcAAAoJEPyNfuTzsqxhkR0MAKHNbMf5lsjffH6m63xo
/5EYU/2Yv9G9d9MYOClj9PYuLjfcK0os+0DG7L/s23hjXse88WrCtMBZCWT2vRPF
xv2S+kNrYK7HPMJHtYsfLgrh4UdsH4qb1lqBR8+XFlF93iE4WV5RHaJrUK7cdacZ
anVKQzuw+Lkj32+YKiJjmcTF/MaVI8CcyXfrWoPl5iTr25UM4iUqwHM5QZpAHdND
odV/EJvSBZ0+gJ7lDOPJHoLmL89+r344OFF6X81COIlqMizEP0MZTbwVr/ESkcEa
cgSqaMAxAD7xxwwLw54BmgF4FLTJAUOYvvrVJSGqDCl/BiJM4m+3yVHzfOB1wBHm
nhn1upT1gb/ShGgpiR9KRs6UZA5lExZLoZ+uY1iBHfg/utIirk7w/68oemYuOVOC
UrWmyCLniszpS8mxc9wmK/RnCTcmg4TkvRVN/SzzPj1X1wbPa4tvcA7gA0Q9 JHLRWI+1eQk0FOr3E7Et4cBiTqp3OIVB9ihOGXiY5xQ==
—–END PGP PUBLIC KEY BLOCK—–

The fingerprint is `**08EA 5577 3F32 5954 2E69 BBBE FC8D 7EE4 F3B2 AC61**`.

 15. We have provided two documents – `**document1.asc**` and `**document2.asc**`. One of the above documents were modified after it was signed. Tell us which one! Show the output from GPG that proves your assertion.

 16. Given your knowledge of signing, explain what information must be stored in the PGP signatures of the messages from question 15?

 17. Download key `**BC8B95B6**` from the key server and verify the signed message `**message.asc**`.

– Whose key is this?
– Can you trust this key because it came from an official key server?
– Can you trust the message really comes from who it claims to come from?
– Why or why not? (Hint: you may need to read about the web of trust and how key servers work to answer this question).

**Hint:** gpg2 has a command for downloading a key from a keyserver. Any key server will do, because they synchronise, but the [NZ open pgp keyserver](https://pgp.net.nz/) (DNS name: pgp.net.nz) definitely has the key you are looking for

### Completion

##### XOR encryption

 18. Demonstrate how you would implement a one time pad to encrypt a message “APPLE”. Show your working.

##### Substitution ciphers

It might have occurred to you that combining classical cryptographic algorithms might lead to greater security.

 19. Demonstrate using a worked example that applying a twice using different keys does not result in a ciphertext than is harder to break than applying a once. Include the keys used, the plaintext, ciphertexts and frequency histograms as part of your answer.

 20. During World War II, members of the Māori Battalion wrote their battlefield orders in Te Reo Māori to make it harder to decrypt their messages. Decrypt the following whakataukī (proverb) encrypted using a Caesar cipher. Remember to document your working. The ciphertext is also available as `**maori-battalion.txt**` in the assignment zip file.

PKEWHNG PKNNG PKEWHNG UWHK PKEWHNG RUNU PKEWHNG PKAM

You have the following information:

– The Māori alphabet is: a, e, h, i, k, m, n, ng, o, p, r, t, u, w and wh. For the purposes of the exercise, you can ignore macrons.
– You have a “crib”, this is a plaintext and ciphertext pair. The crib is the plaintext word “TE” and its corresponding ciphertext “AM”). * You may want to refer to the [Maori dictionary](https://maoridictionary.co.nz/).

##### Quantum computers

With advances in quantum computing, it may be possible at some point in the future to build a computer that can implement Grover’s algorithm that gives a reduction in time from *n* to the square root of *n*. For example, AES-128 has a 128-bit key requiring 2128 tries. Grover reduces this to 264 tries.

 21. Assume you have a quantum computer, what difference does this make to an exhaustive key search for 1024-bit public and private key. Again assume that you can perform encryption and decryption at a rate of 1,000,000,000 operations per second. Show your working.

##### Searching smarter

 22. A dictionary attack doesn’t blindly search through all possible keys and instead takes advantage of the fact that people may use previous passwords or easy to remember words instead of random keys.

Calculate the worst case time in seconds for for brute forcing an AES encrypted message using a dictionary attack.

You will find it easier to do this calculation using decimal numbers rather than powers of 2 and state the final answer to at least two decimal points.

You can assume the following:

– Only lowercase letters are used.
– Each key is composed of two eight letter dictionary words.
– Each key is 128 bits long.
– Repetitions of the same dictionary word are possible, for example “AARDVARKAARDVARK”.

Each word came from a dictionary of 40,161 eight letter words.

The cracker operates at 1,000,000 tries per second.

##### Public key cryptography

Use the following keys to answer the questions.

The keys are also available in the files `**alilce.txt**`, `**bob.txt**` and `**carol.txt**` in the assignment zipfile.

**Alice’s keys**

—–BEGIN RSA PUBLIC KEY—–
MEgCQQCSJUNrtCnB5/27RnXoOcPRu5iRQrBSdjRLi2buyWlm48nwNwgVic5W25 AkTFPLBXRaiebagT+d0mLq1FBAgMBAAE=
—–END RSA PUBLIC KEY—–

—–BEGIN RSA PRIVATE KEY—–
MIIBOQIBAAJBAJIlQ2u0KcHn/btGdeg5w9G7mJFCsFJ2NEuLZu7JaWbjyfA3CBWJ
zlbbkeEeqoCRMU8sFdFqJ5tqBP53SYurUUECAwEAAQJAPlUGXHmLFdkMr0NuJo38
pweMGuiGq6UeyNm8HTxqaCc6NUrLZHiESW4E5d9lZ3uHKN+WYHPH0+5D5hKSOcG4
wQIhAM4frPmc39Np98YnUpStbJ5HzxUgLoAnmkvh3RoJi6b3AiEAtYI+JOXx2X9C
U9KrTeKq0Iixj7ZEz2LnY+8d2KVBo4cCIELWbJ2IK9/+9ZQwfgut7JGqkVC1Xb66
mMLQW4Ss4bbjAiBejBuG6OiUHQAV3dUx2vKTccDcVVt+k8xod/QaF+sbHQIgDE7T
CxQ8LzaLG1Zfp9d14BkVT+vNBGqQDZRKmSwsIJ4=
—–END RSA PRIVATE KEY—–

**Bob’s keys**

—–BEGIN RSA PUBLIC KEY—–
MEgCQQCR3/sdyR0OXlRh6EQOt6s5ItRx+jA7fpYZikeQvtxiqxvMNOscEDQ9DUcA
3v/C8q2zuAHrsoJ/NAG8ca5teZirAgMBAAE=
—–END RSA PUBLIC KEY—–

—–BEGIN RSA PRIVATE KEY—–
MIIBPQIBAAJBAJHf+x3JHQ5eVGHoRA63qzki1HH6MDt+lhmKR5C+3GKrG8w06xwQ
ND0NRwDe/8LyrbO4Aeuygn80Abxxrm15mKsCAwEAAQJBAIG0RfQV/l/oP99ORjVP
2k7TSVKOwpQj2hKbgUaSbiLL6U5YNnrpcCd7xGszgs1SslgcuLMKhg2JXwO51zXo
sgECIQDPM+X/hKj5a+dQBbE0zLCNayCcLOcwai1AexVGb+1fqQIhALQ6rIbZwiND
85WG8/O6IqMeNcJ10WVgc4KjhMaIcXozAiEAmjOQdpG+wyjnk6k40QeIWSahtTjB
sUlDdhpjofEIYkkCIQCzdvWTNkVN7n0geQh0uvWArjVkFQPUye1buc4eD4HH5wIh
AM7nc9sT1sKfLAyEjazSUDjbSrbsH5i5aKTv6c8ZoOBZ
—–END RSA PRIVATE KE

程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com