EECE 440, Spring 2004 -- Assignment #2

!	Assignment #2

Type of assignment: This assignment should be done in groups except those parts of problem #3, which are marked accordingly.

Note: The assignment submission should clearly list the student members of the group, their names, and student numbers on the first page.

Points: The maximum number of points for this assignment is 50, which will be prorated accordingly after all assignments are posted. Weight of each problem is in parenthesis.

Format:

Assignment submissions are accepted in the following formats only: HTML (extension .html), PDF (.pdf), RTF (.rtf) , ASCII text (.txt). Assignments submitted in any other format will be discarded. All text in the assignment submissions must be typed and figures plotted to be easy to read and understood. Spelling, grammar, and other language errors will result in fewer points credited to the corresponding problem solutions.
Your submission file should be named to reflect the names of the group members, and the assignment number, e.g., alice_bob-assignment_1.pdf.

Problems

Write answers to the following problems from section 10.10 of the text book:
- (3) 6
- (4) 7
Write answers to the following problems from section 11.8 of the text book:

(6) 3
(3) 4
(5) 6
(3) 7
(6) 10

(10) PGP

This problem has both individual and group elements to it. Your group should turn in one writeup answering each of the parts labeled [group], but all key pairs, emails, etc. should be created and sent individually.

1. Read Alma Whitten's paper, "Why Johnny Can't Encrypt."

2. Locate and install a fresh version of PGP or GPG. There are versions for Unix flavors, Windows, and the Macintosh. http://www.pgpi.org/ may be of use.

3. Find the PGP public keys for as many of the EECE 412 teaching staff as you can. Part of your assignment is figuring out how to locate PGP keys. Searching the Internet for PGP key servers may be of help. But beware; there may be fake keys out there. . .

Here's what you do to submit your solution to this problem:
(2) (a) [group] Reflections on Trust. PGP's "web of trust" model allows users to "sign" each others' public keys. Suppose Alice signs Bob's key; what, in effect, is Alice declaring when she does this? Why is it useful for people to sign each other's keys? What precautions should one take before signing someone else's key, and why are these measures appropriate?
(3) (b) [individual] Getting started. Create a new public/private key pair for yourself (you may use an existing key pair if you already have one). Sign each of your group members' public keys, and have them sign yours. When all of your group members have signed your public key, email it to TA in ASCIIarmored format, with the subject My public key.
(3) (c) [individual] Encrypting email. Send an encrypted, signed email to the TA with the subject "PGP is fun". In the body of the message,
· Tell us what operating system and version of PGP you are using.
· Show us the public keys you found for the EECE 412 staff; PGP fingerprints are sufficient.
· In a few sentences, explain why you do or do not believe that these keys do indeed belong to the EECE 412 staff. If you do not trust a public key, explain what would convince you otherwise. Your mail should be protected with PGP such that the EECE 412 TA, and only the EECE 312 TA, can obtain the plaintext contents. You must also sign the mail with your private key. We will only accept your first message, so make sure to get it right the first time. Are you able to finish the assignment in fewer than 90 minutes as in Whitten's experiment? Remember to cite all your sources (books, manuals, friends, etc.).
(2) (d) [group] Acting Presidential. Find a PGP key for president@whitehouse.gov on a PGP key server. Based on your findings, explain one useful feature and one drawback of PGP key servers. Limit your answer to two paragraphs. Remember to cite all your sources.
(10) Hash Collision Probabilities
Estimate the probability that there are two non-identical files, somewhere on the planet Earth, right now, that have the same MD5 hash code. Do the same for SHA-1. State your assumptions and cite all references used.