Sample Final Questions
1. Assume that a service encrypts data it stores by xor-ing pseudo-random generated
numbers to data objects. (For many purposes, this encryption is sufficiently secure and is
pioneered by RC4.) Thus, given data bytes d1, d2, ... dn, the service stores c1, c2, ... cn,
where ci = di  pi with pseudo-random number pi.
Assume that a given record has the form 0x13 0x49 0xe1 0x0c 0x39 0xd9 0xad ... , that
you have (correctly) guessed that the data is 0x54 0x68 0x6f 0x6d 0x61 0x73 ... and that
you want the data to start reading 0x4a 0x6F 0x68 0x61 0x6e 0x6e . How do you change
the encrypted record? Show your work.
2. The augmented form of PDE is based on computing W and a prime p from a user
password. The protocol between Alice (user) and Bob (server) runs as follows:
Round 1:
Alice chooses a, calculates W and p from the password. Alice sends 2a
mod p.
Round 2:
Bob stores “Alice, p, 2W mod p” in a database. Bob picks a random b and
sends 2b mod p, hash( 2ab mod p, 2bW mod p) to Alice
Round 3:
Alice verifies Bob’s message and – using a different hash function – sends
hash’(2ab mod p, 2bW mod p) to Bob
Question: How can Bob calculate the values 2ab mod p and 2bW mod p? How can Alice
calculate the same values?