3156-17 - COMS W3156: Software Engineering, Fall 2001...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
COMS W3156: Software Engineering, Fall 2001 Lecture #17: Security/Crypto II, Integration/Tools II Janak J Parekh janak@cs.columbia.edu
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Administrativia We have more homework than you, for once: prototype Implementation assignment posted Modified schedule to allow final at end of semester See homeworks page Guest speaker on Nov. 15 th Not your typical lame guest speaker…
Background image of page 2
Next class Discuss maintenance Swing/AWT – client groups should listen up, considering that I implement the client prototype
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Today’s class Finish up security Talk integration tools
Background image of page 4
One-way hashes Also called “message digests” Like a hash function, but less predictable Take a message and generate this “garbage” out of it If message changes, garbage will as well Difficult (impossible?) to reverse engineer garbage to original message Simpler and faster than encryption
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Applications of one-way hashes As long as you don’t need to know the original message… or already know it Signatures: create a digest of stuff to be encrypted, and encrypt it with private key http://www.youdzone.com/signature.html Crypt-ing passwords You don’t care what the password is If someone grabs the crypt, they can use it, but much more limited Not at all foolproof, just limits damage
Background image of page 6
One-time passwords Two mechanisms: On an insecure link, once you log in, server changes password to the “next” one that you will know (or turns it off) Backdoor for emergencies, less used today with tools like ssh Client and server generate unique digests
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
One-time hash passwords Variation on one-way hash Both the client and server reliably generate a psuedorandom digest based on time SecurID Should never use alone, but useful additional mechanism Issue: physical/electronic security of generator
Background image of page 8
Applications of crypto pgp SSL, https ssh S/MIME Kerberos crypt (already covered) etc.
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
PGP Pretty Good Privacy Written by Phil Zimmerman several years ago Pre-SSH, pre-SSL Revolutionized public-key encryption: demonstrated its viability Caused much consternation in government
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 06/09/2010 for the course COMS W3156 taught by Professor Janakjparekh during the Fall '01 term at Columbia.

Page1 / 37

3156-17 - COMS W3156: Software Engineering, Fall 2001...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online