ha2_11sol - CIS 4360 Introduction to Computer Security Home...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: CIS 4360 Introduction to Computer Security Home Assignment 2, Fall 2011 ANSWERS This concerns the basic requirements for Computer Security. Examples taken from: Matt Bishops Introduction to Computer Security, Addison-Wesley. 1. The aphorism security through obscurity suggests that hiding information provides some level of security. Give an example of a situation in which hiding information does not add appreciably to the security of a system. Then give an example of a situation in which it does. Answer. An example of a situation in which hiding information does not add appreciably to the security of a system is hiding the implementation of the UNIX password hashing algorithm. The algorithm can be determined by extracting the object code from the relevant library routine. Revealing the algorithm does not appreciably simplify the task of an attacker because he still must guess the password itself. An example of a situation in which hiding information adds appreciably to the security of a system is hiding the password or a cryptographic key. This is private informationto the security of a system is hiding the password or a cryptographic key....
View Full Document

Ask a homework question - tutors are online