本文探讨了密码学中的关键概念,包括基于四词组合的密码熵(约67位),8字符随机字母数字密码的熵(约48位),并比较了两者的安全性。还介绍了使用OpenSSL进行AES加密操作,并通过校验Debian镜像的SHA256哈希来验证其完整性。此外,文章还涵盖了如何设置SSH密钥和使用GPG进行加密邮件及Git签名操作。
Security and Cryptography
文章目录
Q1
Question
Entropy
- Suppose a password is chosen as a concatenation of four lower-case dictionary words, where each word is selected uniformly at random from a dictionary of size 100,000. An example of such a password is
correcthorsebatterystaple. How many bits of entropy does this have? - Consider an alternative scheme where a password is chosen as a sequence of 8 random alphanumeric characters (including both lower-case and upper-case letters). An example is
rg8Ql34g. How many bits of entropy does this have? - Which is the stronger password?
- Suppose an attacker can try guessing 10,000 passwords per second. On average, how long will it take to break each of the passwords?
Solution
- l o g 2 ( 10000 0 4 ) = 66.4385 ≈ 67 log_2(100000^4)=66.4385 \approx 67 log2(1000004)=66.4385≈67
- l o g 2 ( 6 2 8 ) = 47.6335 ≈ 48 log_2(62^8)=47.6335 \approx 48 log2(628)=47.6335≈48
- the first one
-
10000
0
4
÷
10000
=
1
0
16
100000^4 \div 10000=10^{16}
1000004÷10000=1016 and
6
2
8
÷
10000
≈
21834010558
62^8 \div 10000 \approx 21834010558
628÷10000≈21834010558
前者破译大概需要317097919年,后者破译大概要693年。
Q2
Question
Cryptographic hash functions. Download a Debian image from a mirror (e.g. from this Argentinean mirror). Cross-check the hash (e.g. using the sha256sum command) with the hash retrieved from the official Debian site (e.g. this file hosted at debian.org, if you’ve downloaded the linked file from the Argentinean mirror).
Solution
从mirror中下载得到系统镜像iso文件,对比官网中的sha256序列。
$ wget http://debian.xfree.com.ar/debian-cd/current/amd64/iso-cd/debian-11.3.0-amd64-netinst.iso
$ sha256sum debian-11.3.0-amd64-netinst.iso
7892981e1da216e79fb3a1536ce5ebab157afdd20048fe458f2ae34fbc26c19b debian-11.3.0-amd64-netinst.iso
Q3
Question
Symmetric cryptography. Encrypt a file with AES encryption, using OpenSSL: openssl aes-256-cbc -salt -in {input filename} -out {output filename}. Look at the contents using cat or hexdump. Decrypt it with openssl aes-256-cbc -d -in {input filename} -out {output filename} and confirm that the contents match the original using cmp.
Solution
Q4
Question
- Asymmetric cryptography.
- Set up SSH keys on a computer you have access to (not Athena, because Kerberos interacts weirdly with SSH keys). Make sure your private key is encrypted with a passphrase, so it is protected at rest.
- Set up GPG
- Send Anish an encrypted email (public key).
- Sign a Git commit with
git commit -Sor create a signed Git tag withgit tag -s. Verify the signature on the commit withgit show --show-signatureor on the tag withgit tag -v.
Solution
$ ssh-keygen -t ed25519
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/wells/.ssh/id_ed25519): id_ed25519
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_ed25519
Your public key has been saved in id_ed25519.pub
The key fingerprint is:
SHA256:bi9RakjjCTXtbyaSk/HOKXruve/IhU9VsCnFNjOJQYY wells@HUIPU-Wells
The key's randomart image is:
+--[ED25519 256]--+
| . o++o. |
| o E...B+ |
| . o ..o+. |
| . + . .. . |
| + OS+ . |
| O.*.+. |
| *+*o |
| o+=* |
| .=o.=== |
+----[SHA256]-----+
另可以使用ssh-copy-id向客户端发送公钥,例如
ssh-copy-id git@github.com
2.TODO
扫一扫
8680
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
