Fri 24 Jun @ 18:00 Fri 1 Jul @ 18:00

In this assignment, you’ll play with ciphers and passwords.

All students should complete parts 1 and 2 of this assignment. ENGI 9807 students should also complete part 3. Submit your work — in a single PDF file — to Gradescope.

Part 1: Host security

  1. On any Unix or Unix-like system, write a program that uses getuid() and geteuid() as well as getgid() and getegid() to print the real and effective user ID and group ID of the process.

  2. Execute your program and explain its output. Explain whatever numeric values are shown, making reference to files or the output of other Unix commands as appropriate.

  3. What command must you execute to add the setuid bit to your compiled program?

  4. Show the results when another user on the computer executes your program.

    Tip

    For this step, it may be helpful to use a shared Memorial computer such as garfield.cs.mun.ca or a LabNet computer from EN1038B running Linux.

Part 2: Symmetric-key cryptography

  1. Consider a trivial "block cipher" that simply multiplies its 8b input by an 8b key mod 256, i.e.:

    \[ C = k \cdot P \mod 256 \]

    Assume that this cipher is used in CBC mode to encrypt the ASCII-encoded plaintext "hello". Compute — showing your workings — the output ciphertext when a key of 121 (which is coprime with 256) and an IV of 201 (11001001) are used. Show the resulting ciphertext in both binary and integer form.

Part 3: Password entropy (ENGI 9807 only)

  1. Using the this table of symbol frequencies[1], write a program in a language of your choice to calculate the following quantities. Submit your answers to the questions as well as a listing of your code in your submission PDF. Your code must calculate, for the provided input file:

    1. the total number of times that each symbol was observed by Jones and Mewhord in their data collection

    2. the relative frequency of each character as a percentage of the total characters

  2. Calculate the Shannon entropy of the password distributions that could have produced the following passwords via random selection. State all assumptions that go into your calculations.

    1. secure

    2. secure1

    3. [email protected]

    4. s3cur31ty

    5. y9]z'626:g