Answer Happy

Question 1 This question concerns a hypothetical new social media site, Witter. (a) Witter's marketing material boasts that "our unique symmetric encryption algorithms, designed specially by our programmers, use uncrackable 128-bit keys to protect your valuable content!" Discuss the merits of the claims made in this quote. [4 marks] (b) Witter's server has been implemented in Java. A security analyst performing a source code review comes across the following lines of code, intended to create the 128-bit encryption key: Random rng = new Random (seed); byte[] key = new byte[16]; rng.nextBytes (key); The class Random is part of the standard Java API and "uses a 48-bit seed, which is modified using a linear congruential formula", according to the documentation. This documentation also notes that the next Bytes method of the class fills the provided array with random bytes. Discuss the suitability of this code for key generation, stating any assumptions you have made about other code not shown here. [4 marks] (c) Witter's 'specially designed' symmetric cipher uses 64-bit blocks. An analyst studying the content of an encrypted post stored on Witter's servers notices that a particular pattern of 64 bits occurs at three distinct locations in the encrypted file. What weaknesses does this highlight in Witter's approach to protecting users' posts, and how should they be fixed? [4 marks] (d) Witter suffers a data breach. One of the files stolen in the breach is named users.csv. The first few lines of this file are as follows: USERNAME, PASSWORD [email protected], mypassword [email protected], friday [email protected], x On the basis of this evidence, identify two different problems in Witter's approach to user authentication. In each case, give a detailed explanation of a good solution to the problem. [8 marks] [Question 1 total: 20 marks]