|
Jim Kurose and Keith Ross Computer Networking: A top-down approach. 6th edition 2013 Published by Pearson |
|
Charlie Kaufman, Radia Perlman and Mike Speciner Network Security: Private Communication in a Public World. 2nd edition 2002 Published by Prentice Hall |
Announcements:
netsec2013:$apr1$LJgyupye$GZQc9jyvrdP50vW77sYvz1has been generated with:
htpasswd -bnm netsec2013 8yhb34e1As you can see, the password 8yhb34e1 is not a dictionary word, and that, combined with the strength of MD5, makes it very difficult to break — unlike the first challenge:
perl -e 'print crypt("hotshots","3zNwtz.q23MAA")'One weakness of the 2nd challenge (8yhb34e1) is that this password is only 8 characters long; this is too short for real security. A few hundred dollars worth of computing power (say, from Amazon), can break this in a couple of days. You really need 11 characters at least to have security for valuable content.
But RC4, the researchers found, isn't sufficiently random, and with enough time and effort, an attacker could recover some plaintext from a communication secured using TLS and RC4. "We have found a new attack against TLS that allows an attacker to recover a limited amount of plaintext from a TLS connection when RC4 encryption is used," they said. "The attacks arise from statistical flaws in the keystream generated by the RC4 algorithm, which become apparent in TLS ciphertexts when the same plaintext is repeatedly encrypted at a fixed location across many TLS sessions."Read more here.
netsec2013:$apr1$LJgyupye$GZQc9jyvrdP50vW77sYvz1The crypt() challenge:
3zNwtz.q23MAAwas solved by Andrew Dunham in about 15 minutes, by using the following software:
http://openwall.com/john/By the way, you can confirm that the related password is hotshots with:
perl -e 'print crypt("hotshots","3z")'
https://websvn.mcmaster.ca/cs3c03-se4c03/yourmacid
import socket import sys import time import string
Labs, Assignments and midterm :
Item | Due Date | PDF file | Comments |
Lab 1 | Week of January 28 | l1.pdf | Jan 16: Small change to the wording of question 3(d); thanks Kartikay Dani for pointing out the mistake. |
Midterm 1 | February 7 | midterm1.pdf | |
Assignment 1 | February 14 | a1.pdf | Jan 19: reposted with further instructions |
Lab 2 | Week of March 4 | l2.pdf | |
Midterm 2 | March 14 | midterm2.pdf | |
Assignment 2 | March 21 | a2.pdf | |
Exam | April 14 |