54 properly encrypted? If you identified an abuse, then how |
54 properly encrypted? If you identified an abuse, then how |
55 would you encrypt the data so that such an abuse is |
55 would you encrypt the data so that such an abuse is |
56 prevented? Hint: Consider the fact that every person |
56 prevented? Hint: Consider the fact that every person |
57 uses approximately 120l of water every day. |
57 uses approximately 120l of water every day. |
58 |
58 |
59 %\item And another one: Nowadays everybody and their |
|
60 % grandmother seems to be scared about a bomb going off at |
|
61 % a big event, say a football game. To mitigate such a |
|
62 % threat, you order expensive metal detectors and hire a |
|
63 % security team that will staff these detectors at each |
|
64 % game. Think whether people are really safer at a |
|
65 % football game with metal detectors or not. Hint: People |
|
66 % certainly might *\emph{feel}* safer by going through |
|
67 % metal detectors, but the question is whether they |
|
68 % *\emph{are}* safer. Hint: Consider how people arrive at |
|
69 % such an event: within a relative short amount of time, |
|
70 % thousands, if not more, spectators will arrive at your |
|
71 % football game. |
|
72 |
|
73 %% CYA security - cover-your-ass |
|
74 % It's an attitude I've seen before: "Something must |
|
75 % be done. This is something. Therefore, we must do it." |
|
76 % Never mind if the something makes any sense or not. |
|
77 |
|
78 |
|
79 |
|
80 |
|
81 %\item Imagine there was recently a break in where computer criminals |
|
82 % stole a large password database containing |
|
83 |
|
84 \item Explain what hashes and salts are. Describe how they can be used |
59 \item Explain what hashes and salts are. Describe how they can be used |
85 for ensuring data integrity and storing password information. |
60 for ensuring data integrity and storing password information. |
86 |
61 |
87 \item What is the difference between a brute force attack and a |
62 \item What is the difference between a brute force attack and a |
88 dictionary attack on passwords? |
63 dictionary attack on passwords? |