130 likes | 339 Views
main(int ac, char** av){ int i; for(i=1; i<ac; i++) printf(av[i]); }. main(int ac, char** av){ int i; for(i=1; i<ac; i++) printf(strlen(av[i])); }. #define MAX 100 main(){ int i; char t[200]; for(i=1; i<=MAX; i++){ scanf(“%s<br>”, t); printf(t); } }.
E N D
main(int ac, char** av){ int i; for(i=1; i<ac; i++) printf(av[i]); }
main(int ac, char** av){ int i; for(i=1; i<ac; i++) printf(strlen(av[i])); }
#define MAX 100 main(){ int i; char t[200]; for(i=1; i<=MAX; i++){ scanf(“%s\n”, t); printf(t); } }
#include <stdio.h> #include <string.h> #include <stdlib.h> main(int ac, char** av){ char key[]="HelloWorld"; int i; char ct[200]; for(i=0;i<strlen(av[1]);i++) ct[i] = av[1][i] ^ key[i%strlen(key)]; printf(ct); }
Eve ALICE BOB
Challenge response(the lab door protocol) Eve Challenge: n Id, {Id+n}Kid ALICE OK
What can go wrong? • One sided authentication • But isn’t the visual authentication of the door enough!? • n is not really random • n is not really unrepeatable • PDA compromise / copy • PDA loss • Key compromise or theft • Brute force attacks • Algorithm weaknesses
MIG in the middle(not true but interesting)http://www.cl.cam.ac.uk/~rja14/errata.html MIG In The Middle Attack south african air defense = SAAD south african bomber = SAB Angolan air defense = AAD Angolan MIG = MIG SAAD --> MIG: N MIG --> AAD: N AAD --> SAB: N SAB --> AAD: KT{SAB, N} AAD --> MIG: KT{SAB, N} MIG --> SAAD: KT{SAB, N}
Good protocol wrong problem! • Aircraft verification vs. detection
Microsoft has proposed the so-called passport protocol for authenticating users on the web. The protocol works as follows: (a) Initially users connect to the passport web site and create profiles for themselves (each profile includes a user name and password); (b)When the user wants to login to a secure site (e.g., secure.com) he/she direct their browser to site; (c) The secure site then redirects the user to the passport web site; (d)The user then enters his/her username and password; (e) If logging in is successful the passport site sets a special cookie in the user’s browser and redirects him/her back to the original site (secure.com, in this case); (f) The cookies contain information about the user’s identity and are encrypted and signed so that they cannot be forged; (g)Secure.com collects the cookie from the user and decrypts it to verify the user’s identity and the authenticity of the cookie; and (h)If all is well the user is allowed access to the site.