Cryptography Reference
In-Depth Information
G.8 Chapter 8 Exercises
8.1.
When discussing PGP in Section 8.1, we assumed that triple DES was
used. There are others options such as CAST-128 and IDEA (see page
275). Explain why (single) DES would not be suitable for use with PGP.
8.2.
We assumed, in our description of PGP (see Exercise 8.1), that CFB
mode is employed. Why would PGP use CFB over say CBC, which is
more common in usage?
8.3. Explain how PKI can ensure a greater degree of trust in the use of PGP, es-
pecially with respect to ensuring we are in possession of the actual owner's
public key.
8.4. Without a PKI, why is the web of trust discussed in detail on pages 280-
286, insuGcient to guarantee that, for instance, Alice really knows Bob's
public key?
8.5.
Explain how MIME helps your Internet browser recognize a text file,
assuming that the remote web server has not already identified it for your
browser.
(
Hint: See page 290.
)
8.6. If you had to list only two primary goals of IPSec, detailed in Section 8.3,
what would they be?
8.7.
Explain why it is desirable to have encryption before authentication in
SA bundling (see page 309).
8.8. Make an argument for employing authentication before encryption in SA
bundling.
(
Hint: see pages 266 and 267.
)
8.9. On page 305, we illustrated configurations for end-to-end security using SA
tunnels. What configuration would constitute end-to-end authentication
and encryption without nesting as illustrated in Diagrams 8.24 and 8.25
on page 310?
8.10. Compare transport mode and tunnel mode SAs for AH and ESP with
authentication. (See pages 302-312.)
8.11. Speculate as to how HMAC might be used with RIPEMD-160 (see page
259), within ESP and AH in IPSec (see Section 8.3). For actual technical
details, see RFC 2857 [222].
Search WWH ::
Custom Search