COSC2651/CPT251 Assignment 2: Analysis of Cryptographic Techniques
VerifiedAdded on  2023/04/26
|11
|1868
|99
Report
AI Summary
This assignment explores cryptography and security mechanisms, focusing on the Enigma machine and hashing algorithms. The first task involves encrypting and decrypting a name using an Enigma Machine simulator, demonstrating the process and importance of secure communication. The second task analyzes the security of online hash decryption tools, suggesting improvements using salting techniques. It also compares different hashing algorithms like MD5, SHA-0, SHA-1, SHA-2, and SHA-3, highlighting their strengths and weaknesses. Finally, the third task evaluates the effectiveness of various security measures, such as multifactor authentication and digital signatures, against different cyber threats, including spyware, CPU resource stealing, and ransomware. The report concludes by assessing the vulnerabilities and resilience of each security mechanism in various attack scenarios.
TASK ONE
Cryptography is an early and vital science of securing communications. The essence of
cryptography is to create messages that are secured and whose meaning will only be understood
by the recipients with the necessary tools intended1. It is a way of enhancing confidentiality and
integrity of a message and has for a long time been a vital science in military communications.
Nonetheless, cryptography is now being applied in almost every communications protocol. The
growth and increased application of information technology and the increased use of cyberspace
has constantly made every communication system reliant on cryptography2. The constant threats
emerging have made cryptography a very important science in managing cyber security. The
Enigma Machine was one of the earliest implementation of encryption used by Germans before
and during World War Two.
In the current task, focus is on the Enigma Machine and its application. In the task, the
requirement is that one encrypts the family name using an online simulation of the Enigma
Machine. The family name is MAMONE and is supposed to be followed by 10 letters of 'L'. So,
as plaintext, that will be MAMONELLLLLLLLLL. After encrypting the plaintext using the
Enigma Machine, the result of the encryption is a shown below:
1 Li, P., Shrivastava, A., Moore, J. L., & König, A. C. (2011). Hashing algorithms for
large-scale learning. In Advances in neural information processing systems (pp. 2672-2680).
2 Weiss, Y., Torralba, A., & Fergus, R. (2009). Spectral hashing. In Advances in neural
information processing systems (pp. 1753-1760).
Cryptography is an early and vital science of securing communications. The essence of
cryptography is to create messages that are secured and whose meaning will only be understood
by the recipients with the necessary tools intended1. It is a way of enhancing confidentiality and
integrity of a message and has for a long time been a vital science in military communications.
Nonetheless, cryptography is now being applied in almost every communications protocol. The
growth and increased application of information technology and the increased use of cyberspace
has constantly made every communication system reliant on cryptography2. The constant threats
emerging have made cryptography a very important science in managing cyber security. The
Enigma Machine was one of the earliest implementation of encryption used by Germans before
and during World War Two.
In the current task, focus is on the Enigma Machine and its application. In the task, the
requirement is that one encrypts the family name using an online simulation of the Enigma
Machine. The family name is MAMONE and is supposed to be followed by 10 letters of 'L'. So,
as plaintext, that will be MAMONELLLLLLLLLL. After encrypting the plaintext using the
Enigma Machine, the result of the encryption is a shown below:
1 Li, P., Shrivastava, A., Moore, J. L., & König, A. C. (2011). Hashing algorithms for
large-scale learning. In Advances in neural information processing systems (pp. 2672-2680).
2 Weiss, Y., Torralba, A., & Fergus, R. (2009). Spectral hashing. In Advances in neural
information processing systems (pp. 1753-1760).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Figure 1.1: The final screenshot of the encryption of the plaintext MAMONELLLLLLLLLL.
The result of the encryption of the plaintext MAMONELLLLLLLLLL becomes DQRI
OWUP EGRP PQKU which is now the cipher text. The final ground settings of the Enigma
Machine now becomes YBP.
After encrypting the plaintext, the goal of the next task is decrypting the cipher text back
to the plaintext. The assumption is that the recipient of the cipher will have the parameters
beforehand so that he or she can set the Enigma Machine according to the settings used in
encrypting the plaintext. The parameters used in decrypting the cipher text are listed below:
The result of the encryption of the plaintext MAMONELLLLLLLLLL becomes DQRI
OWUP EGRP PQKU which is now the cipher text. The final ground settings of the Enigma
Machine now becomes YBP.
After encrypting the plaintext, the goal of the next task is decrypting the cipher text back
to the plaintext. The assumption is that the recipient of the cipher will have the parameters
beforehand so that he or she can set the Enigma Machine according to the settings used in
encrypting the plaintext. The parameters used in decrypting the cipher text are listed below:
Enigma Type: M3
Reflector Wheel (Umkehrwalze): C
Wheel Order (Walzenlage): VIII VII VI
Ring Setting (Ringstellung): YBP
Ground Setting (Grundstellung): XYZ
Plugs: AV CN FG IY WJ ME
Using the parameters above the output of the decrypted cipher text are as shown in the
screenshot below:
Reflector Wheel (Umkehrwalze): C
Wheel Order (Walzenlage): VIII VII VI
Ring Setting (Ringstellung): YBP
Ground Setting (Grundstellung): XYZ
Plugs: AV CN FG IY WJ ME
Using the parameters above the output of the decrypted cipher text are as shown in the
screenshot below:
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Figure 1.2: The final screenshot of the cipher text decryption
In figure 1.2 above, the cipher text is decrypted and it outputs the original input text that
was originally encrypted. The result means that the communication is successful because the
message is encrypted and decrypted back to the original text using the stipulated parameters.
In figure 1.2 above, the cipher text is decrypted and it outputs the original input text that
was originally encrypted. The result means that the communication is successful because the
message is encrypted and decrypted back to the original text using the stipulated parameters.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
TASK 2
The Hash of the student number 3754759 is
78cb9169e64a55e9ff20796582fa8fbfa75c4195e10a47d2fe5ef107833b0293fbc8f2e1e0c8a949fee
7c6dc6cca43dbd757bb3e9271caba02cde67ffa4ab650
After getting the hash of the student number, the next task is finding an online tool that
can produce the original value from that hash key. The online tool selected for this task is on the
url is www.md5decrypt.net. The tool has an input box that prompts the user to type in the hash of
the number and prompts the user to click decrypt. The result of the decryption of the hash is as
shown below:
Figure 1.3: The output screenshot of the hash decryption of the number 3754759
The md5decrypt.net is linked to a database of hashes that are generated from word and
number lists. The database is formed by randomizing many combinations of letters and numbers.
It means that to get a string of numbers like the student numbers, the tool just scans the database
for that specific combination of letters and outputs a hash.
In terms of decrypting the hashes, the tool works fine. However the tool does not seem to
be very secure because as long as the combination of letters or numbers are listed online in a
database then that hash can easily be cracked. In making changes to the tool, I would use a salt as
a way of improving security. A salt refers to the technique of adding a string of extra numbers in
The Hash of the student number 3754759 is
78cb9169e64a55e9ff20796582fa8fbfa75c4195e10a47d2fe5ef107833b0293fbc8f2e1e0c8a949fee
7c6dc6cca43dbd757bb3e9271caba02cde67ffa4ab650
After getting the hash of the student number, the next task is finding an online tool that
can produce the original value from that hash key. The online tool selected for this task is on the
url is www.md5decrypt.net. The tool has an input box that prompts the user to type in the hash of
the number and prompts the user to click decrypt. The result of the decryption of the hash is as
shown below:
Figure 1.3: The output screenshot of the hash decryption of the number 3754759
The md5decrypt.net is linked to a database of hashes that are generated from word and
number lists. The database is formed by randomizing many combinations of letters and numbers.
It means that to get a string of numbers like the student numbers, the tool just scans the database
for that specific combination of letters and outputs a hash.
In terms of decrypting the hashes, the tool works fine. However the tool does not seem to
be very secure because as long as the combination of letters or numbers are listed online in a
database then that hash can easily be cracked. In making changes to the tool, I would use a salt as
a way of improving security. A salt refers to the technique of adding a string of extra numbers in
the sequence as a way of making the string longer3. In so doing, the hash becomes even longer
and more difficult to crack or randomize when creating a hash database. As long as the number is
not randomized in any database, then the security of that specific string is therefore guaranteed.
Hashing has several functions. They include the verification of the integrity of messages,
protection and the verification of passwords, and it also used in identifying files and objects in
programming, in networking and several other sub-branches4.
The MD5 is an algorithm whose aim is to transform data strings of an unstipulated length
into strings that that are 128 bits which is a fixed length. In computer science, the MD5 result is
commonly referred to as a fingerprint of the original data. In hashing the input, the MD5 requires
the number to be divided into blocks of 512 bits and then 64 bits are then inserted at the end of
the last block. Then the bits are divided into 16 words that translate to 32 bits. That makes the
end result a number that cannot be deciphered without the right deciphering procedure.
The SHA-0 was the original hash but it has since been dropped for better hashes due to
issues of collision and lack of reliability. After 2^39 operations, the SHA-0 was found to have
collisions and therefore programmers no longer use it and there is no further research that has
gone into it. Instead programmers now use SHA-1 onwards. With SHA-1, programmers are
expected to initialize random strings in hexadecimal to form part of the hash function. Using
those hexadecimals then the string can be encrypt into an unintelligible format that can be
reversed only by knowing the original steps taken when encrypting. It has collisions too after
2^63 operations. The SHA-2 is an upgrade from SHA-0 and SHA-1 which means it has not yet
developed collisions. Under the SHA-2 there are four different variations (these includes SHA-
256, SHA-512, SHA-224, and SHA-384). The output size of bits is 256 which feeds to an
internal state of 256 bits. The maximum size of the message is 2^64 minus 1 operations. The
SHA-3 is much more stable the SHA-0, SHA-1, and the SHA-2. It shares a similar structure with
the rest and is much more secure. It uses 3 rounds when narrowing down the selections and
processes the numbers in small blocks of 512/1024 bits. As of February, 2019 the SHA-3
3 Stallings, W. (2017). Cryptography and network security: principles and practice (p. 743).
Upper Saddle River, NJ: Pearson.
4 Peikert, C. (2016). A decade of lattice cryptography. Foundations and Trends® in Theoretical
Computer Science, 10(4), 283-424.
and more difficult to crack or randomize when creating a hash database. As long as the number is
not randomized in any database, then the security of that specific string is therefore guaranteed.
Hashing has several functions. They include the verification of the integrity of messages,
protection and the verification of passwords, and it also used in identifying files and objects in
programming, in networking and several other sub-branches4.
The MD5 is an algorithm whose aim is to transform data strings of an unstipulated length
into strings that that are 128 bits which is a fixed length. In computer science, the MD5 result is
commonly referred to as a fingerprint of the original data. In hashing the input, the MD5 requires
the number to be divided into blocks of 512 bits and then 64 bits are then inserted at the end of
the last block. Then the bits are divided into 16 words that translate to 32 bits. That makes the
end result a number that cannot be deciphered without the right deciphering procedure.
The SHA-0 was the original hash but it has since been dropped for better hashes due to
issues of collision and lack of reliability. After 2^39 operations, the SHA-0 was found to have
collisions and therefore programmers no longer use it and there is no further research that has
gone into it. Instead programmers now use SHA-1 onwards. With SHA-1, programmers are
expected to initialize random strings in hexadecimal to form part of the hash function. Using
those hexadecimals then the string can be encrypt into an unintelligible format that can be
reversed only by knowing the original steps taken when encrypting. It has collisions too after
2^63 operations. The SHA-2 is an upgrade from SHA-0 and SHA-1 which means it has not yet
developed collisions. Under the SHA-2 there are four different variations (these includes SHA-
256, SHA-512, SHA-224, and SHA-384). The output size of bits is 256 which feeds to an
internal state of 256 bits. The maximum size of the message is 2^64 minus 1 operations. The
SHA-3 is much more stable the SHA-0, SHA-1, and the SHA-2. It shares a similar structure with
the rest and is much more secure. It uses 3 rounds when narrowing down the selections and
processes the numbers in small blocks of 512/1024 bits. As of February, 2019 the SHA-3
3 Stallings, W. (2017). Cryptography and network security: principles and practice (p. 743).
Upper Saddle River, NJ: Pearson.
4 Peikert, C. (2016). A decade of lattice cryptography. Foundations and Trends® in Theoretical
Computer Science, 10(4), 283-424.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
hashing algorithm output has not been cracked. The difference between all the hashing
algorithms is the number of operations. SHA-0 and SHA-1 are not extensively used because as
stated earlier, they both have collisions after a number of operations.
algorithms is the number of operations. SHA-0 and SHA-1 are not extensively used because as
stated earlier, they both have collisions after a number of operations.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
TASK 3
Question 3.1
Multifactor
Authentication
Digital
Signature
Same-Origin
Policy
Anomaly-Based
Intrusion
Detection
Key-loggers Partially
effective
especially if
both factors are
password based.
Not effective
because the
digital signature
is not password
based
Very effective
because the
attacker can
easily make it
look like the
files or
messages
originate from
the same source
Very effective
because an
anomaly cannot
be detected
Spyware Partially
effective
especially if
both factors are
password based.
Not effective
because the
digital signature
is stored as a
cipher
Very effective
because using
spyware can
make it easy to
mimic the same
origin policy
Very effective
because an
anomaly cannot
be detected
when the system
is hit by a
spyware
CPU/Resource
Stealing
Not effective
because
multifactor
authentication
relies on more
than one
security measure
Not effective
because the
digital signature
is stored as a
cipher
Not effective
because this
threat is only
applicable when
taking when
taking the
physical data
Not effective
because this
threat is only
applicable when
taking when
taking the
physical data
Question 3.1
Multifactor
Authentication
Digital
Signature
Same-Origin
Policy
Anomaly-Based
Intrusion
Detection
Key-loggers Partially
effective
especially if
both factors are
password based.
Not effective
because the
digital signature
is not password
based
Very effective
because the
attacker can
easily make it
look like the
files or
messages
originate from
the same source
Very effective
because an
anomaly cannot
be detected
Spyware Partially
effective
especially if
both factors are
password based.
Not effective
because the
digital signature
is stored as a
cipher
Very effective
because using
spyware can
make it easy to
mimic the same
origin policy
Very effective
because an
anomaly cannot
be detected
when the system
is hit by a
spyware
CPU/Resource
Stealing
Not effective
because
multifactor
authentication
relies on more
than one
security measure
Not effective
because the
digital signature
is stored as a
cipher
Not effective
because this
threat is only
applicable when
taking when
taking the
physical data
Not effective
because this
threat is only
applicable when
taking when
taking the
physical data
Poisoned Search
Results
Not effective
because
multifactor
authentication
relies on more
than one
security measure
Not effective
because the
digital signature
is stored as a
cipher and will
be displayed as
a cipher too
Not effective
because this
threat is only
applicable on
search data
Not effective
because this
threat is only
applicable on
search data
Clickjacking Not effective
because part of
the
authentication is
not based on
clicking
Not effective
because the
digital signature
is stored as a
cipher and
displayed as a
cipher
Not effective
because the
digital signature
is stored as a
cipher and
displayed as a
cipher
Not effective
because the
digital signature
is stored as a
cipher and
displayed as a
cipher
Phishing Partially
effective
because a
phishing attempt
tries to get all
factor used in
authentication
Mostly effective
because a
phishing attempt
tries to get all
factor used in
authentication
Mostly effective
because a
phishing attempt
tries to get all
factor used in
authentication
Mostly effective
because a
phishing attempt
tries to get all
factor used in
authentication
Password
Cracking
Partially
effective
especially if
both factors are
password based
Not effective
because the
digital signature
is stored as a
cipher and
displayed as a
cipher
Partially
effective
especially if
both factors are
password based
Partially
effective
especially if
both factors are
password based
Statistical
Inference Attack
Not effective
because the
multifactor
Mostly
ineffective
because the
Mostly
ineffective
because the
Mostly
ineffective
because
Results
Not effective
because
multifactor
authentication
relies on more
than one
security measure
Not effective
because the
digital signature
is stored as a
cipher and will
be displayed as
a cipher too
Not effective
because this
threat is only
applicable on
search data
Not effective
because this
threat is only
applicable on
search data
Clickjacking Not effective
because part of
the
authentication is
not based on
clicking
Not effective
because the
digital signature
is stored as a
cipher and
displayed as a
cipher
Not effective
because the
digital signature
is stored as a
cipher and
displayed as a
cipher
Not effective
because the
digital signature
is stored as a
cipher and
displayed as a
cipher
Phishing Partially
effective
because a
phishing attempt
tries to get all
factor used in
authentication
Mostly effective
because a
phishing attempt
tries to get all
factor used in
authentication
Mostly effective
because a
phishing attempt
tries to get all
factor used in
authentication
Mostly effective
because a
phishing attempt
tries to get all
factor used in
authentication
Password
Cracking
Partially
effective
especially if
both factors are
password based
Not effective
because the
digital signature
is stored as a
cipher and
displayed as a
cipher
Partially
effective
especially if
both factors are
password based
Partially
effective
especially if
both factors are
password based
Statistical
Inference Attack
Not effective
because the
multifactor
Mostly
ineffective
because the
Mostly
ineffective
because the
Mostly
ineffective
because
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
needs too much
inferences and
this threat
almost has no
chance of
cracking the
security measure
digital signature
needs too much
inferences and
will still need
decryption to
crack
same origin
policy may not
anomalies based
intrusion is not
possible to crack
inference attack
Ransomware Not effective
because the
multifactor
needs too much
inferences and
this threat
almost has no
chance of
cracking the
security measure
Mostly
ineffective
because the
digital signature
is stored as a
cipher and
displayed as a
cipher
Very effective
because the
attacker can
easily make it
look like the
files or
messages
originate from
the same source
Very effective
because the
attacker only
needs to hold
the data or
message until
the recipient or
sender accept
the terms laid
out.
inferences and
this threat
almost has no
chance of
cracking the
security measure
digital signature
needs too much
inferences and
will still need
decryption to
crack
same origin
policy may not
anomalies based
intrusion is not
possible to crack
inference attack
Ransomware Not effective
because the
multifactor
needs too much
inferences and
this threat
almost has no
chance of
cracking the
security measure
Mostly
ineffective
because the
digital signature
is stored as a
cipher and
displayed as a
cipher
Very effective
because the
attacker can
easily make it
look like the
files or
messages
originate from
the same source
Very effective
because the
attacker only
needs to hold
the data or
message until
the recipient or
sender accept
the terms laid
out.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1 out of 11
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.