Discuss, Learn and be Happy דיון בשאלות

help brightness_4 brightness_7 format_textdirection_r_to_l format_textdirection_l_to_r

מה המשמעות של המושג non-repudiation כפי שנלמד בהרצאה?

1
done
by
מיין לפי
by Shachar Adam
Shachar Adam 0 נקודות · לפני 3 חודשים
מוניטין: 126
Non-repudiation is a key concept in computer security and refers to the assurance that someone cannot deny the validity of something. Specifically, it ensures that: The sender of a message cannot deny having sent it. The receiver of a message cannot deny having received it.
by

מה הפקודה -usermod מבצעת? (קיבלו 2 תשובות)

1
done
mood
by
מיין לפי
by Shachar Adam
Shachar Adam 0 נקודות · לפני 3 חודשים
מוניטין: 126
Prints a status about the user: This is incorrect. The usermod command is not used to print user status. To print user information, you would use commands like id, whoami, or getent passwd. Creates a new group in the system: This is incorrect. The usermod command does not create a new group. The command to create a group is groupadd. Creating a new user in the system: This is incorrect. To create a new user, you would use the useradd command, not usermod. Neither answer is correct: This is correct because none of the options accurately describe the usermod command. Defines the user's home directory: This is correct. The usermod command can be used with the -d option to change a user's home directory.
by

מהו מהבאים הוא יתרון של שיטת ה- Cipher block chaining?

1
done
by
מיין לפי
by Shachar Adam
Shachar Adam 0 נקודות · לפני 3 חודשים
מוניטין: 126
A. Always use the same key: This is incorrect because while CBC does use the same key for all blocks in a single session, it's not considered an advantage specific to CBC. Reusing the same key over multiple sessions can be insecure if not paired with an initialization vector (IV) for each message. B. In decoding, an error in the information in a block will not affect any other block: This is incorrect. In CBC, if there's an error in one block, it propagates to subsequent blocks during decryption. This is known as error propagation. So, an error in one block can affect other blocks. C. Encryption of one block does not depend on the next block and this is an advantage in security: This is incorrect because, in CBC, each block's encryption depends on the previous block (and the IV for the first block). This interdependence provides some security benefits, but this description does not apply to CBC. Real Advantage of CBC: One of the key advantages of CBC is that the same plaintext block will encrypt to different ciphertexts if it appears in different positions in the message, due to the XOR with the previous block's ciphertext. This ensures more secure encryption compared to modes like Electronic Codebook (ECB). Since none of the provided answers describe CBC correctly, D (Neither answer is correct) is the appropriate choice.
by
by Shachar Adam
Shachar Adam 0 נקודות · לפני 3 חודשים
מוניטין: 126
ב-CBC יש קסור בין פליין טקסט לוקטור התחלתי, זה עובר הצפנה יחד עם המפתח, ואז הסייפר טקסט המתקבל עושה קסור יחד עם הפליין טקסט הבא ואז זה מוצפן עם המפתח וכן הלאה.
by

נתון גרף ה-ROC עבור מערכת בקרת גישה ביומטרית אשר מציין עבור כל ערך סף את ה-True Acceptance Rate כאשר ציר ה-Y מתייחס לאישור נכון של משתמש ו-False Acceptance Rate כלומר ציר ה-X מתייחס לאישור לא נכון של משתמש של המערכת. נתון כי ביום מתבצעות 1000 ניסיונות הזדהות. בממוצע יש כ-20 ניסיונות התחזות. במידה והמערכת הוגדרה לעבוד עם ערך סף של נקודה 6, מספר הניסיונות שיתפספסו בממוצע בכל יום הוא ____ ומספר False Rejection Rate שיעלו בממוצע בכל יום הוא _____ הנקודות על הגרף הן: 1. X=0, Y=0 2. X = 0.01, Y= 0.7 3. X = 0.05, Y= 0.8 4. X = 0.1, Y= 0.85 5. X = 0.15, Y= 0.9 6. X = 0.2, Y= 0.95 7. X = 0.25, Y= 0.98 8. X = 1.0, Y= 1.0

1
done
by
מיין לפי
by Shachar Adam
Shachar Adam 0 נקודות · לפני 3 חודשים
מוניטין: 126
Key Data: Total authentication attempts per day: 1000 Impersonation attempts per day: 20 Threshold point: X = 0.2, Y = 0.95 (FAR = 0.2, TAR = 0.95) 1. Calculating Missed Impersonation Attempts (FAR): The False Acceptance Rate (FAR) at this threshold is 0.2, which means 20% of the impersonation attempts will be incorrectly accepted as legitimate users. Since there are 20 impersonation attempts per day, the number of missed attempts (incorrectly accepted impersonators) is: Missed impersonation attempts = 20 × 0.2 = 4 Missed impersonation attempts=20×0.2=4 2. Calculating False Rejections (FRR): The True Acceptance Rate (TAR) is 0.95, which means 95% of legitimate users are correctly accepted. The False Rejection Rate (FRR) is the percentage of legitimate users incorrectly rejected: FRR = 1 − TAR = 1 − 0.95 = 0.05 FRR=1−TAR=1−0.95=0.05 Since there are 980 legitimate attempts (1000 total attempts minus 20 impersonation attempts), the number of false rejections per day (incorrectly rejected legitimate users) is: False rejections = 980 × 0.05 = 49 False rejections=980×0.05=49 Answer: The number of missed impersonation attempts per day is 4, and the number of false rejections per day is 49. Therefore, the correct answer is 49:4.
by

באוניברסיטת בן גוריון יש 2 מערכות הצפנה חדישות: מערכת DES-5 בעלת 5 מפתחות (כל אחד בגודל 56 ביטים) כך שהצפנתה מופעלת באופן הבא: C=DEC_K1(ENC_K2(ENC_K3(DEC_K4(ENC_K5(M)))) כמו כן, נתון כי: K2=K3 K4=K5 ומערכת DES-2 בעלת שני מפתחות (כל אחד בגודל 56 ביטים). לא ידוע כלום על המפתחות שלה. מה יעילות הזמן של לפרוץ את שתי המערכות בהתקפת Brute-Force?

1
done
by
מיין לפי
by Shachar Adam
Shachar Adam 0 נקודות · לפני 3 חודשים
מוניטין: 126
Let's break down the problem and explain why the correct answer is as follows: Understanding DES-5 System: The encryption for DES-5 is structured as: 𝐶 = DEC 𝐾 1 ( ENC 𝐾 2 ( ENC 𝐾 3 ( DEC 𝐾 4 ( ENC 𝐾 5 ( 𝑀 ) ) ) ) ) C=DEC K1 ​ (ENC K2 ​ (ENC K3 ​ (DEC K4 ​ (ENC K5 ​ (M))))) Given: K2 = K3 and K4 = K5, this reduces the system to 3 unique keys: 𝐾 1 K1, 𝐾 2 / 𝐾 3 K2/K3, and 𝐾 4 / 𝐾 5 K4/K5. Since each key is 56 bits, brute-forcing a single key requires testing 2 56 2 56 possible keys. For DES-5, with 3 unique keys to brute-force, the total number of combinations is: Time complexity for DES-5 = 𝑂 ( 2 56 ) × 𝑂 ( 2 56 ) × 𝑂 ( 2 56 ) = 𝑂 ( 2 3 × 56 ) = 𝑂 ( 2 168 ) Time complexity for DES-5=O(2 56 )×O(2 56 )×O(2 56 )=O(2 3×56 )=O(2 168 ) Thus, the brute-force time complexity for DES-5 is O(2^168). Understanding DES-2 System: For the DES-2 system, it uses 2 unknown keys, each 56 bits long. To brute-force both keys, you would have to try all combinations of the two keys, resulting in a time complexity of: Time complexity for DES-2 = 𝑂 ( 2 56 ) × 𝑂 ( 2 56 ) = 𝑂 ( 2 2 × 56 ) = 𝑂 ( 2 112 ) Time complexity for DES-2=O(2 56 )×O(2 56 )=O(2 2×56 )=O(2 112 ) Thus, the brute-force time complexity for DES-2 is O(2^112). Answer: Method A (DES-5) has a brute-force time complexity of O(2^{168}), or O(2^{3 \times 56}). Method B (DES-2) has a brute-force time complexity of O(2^{112}), or O(2^{2 \times 56}). This matches the correct answer: Method A: O(2^{3 \times 56}) Method B: O(2^{2 \times 56})
by

מה ההבדל בין MAC לבין DS?

1
done
by
מיין לפי
by Shachar Adam
Shachar Adam 0 נקודות · לפני 3 חודשים
מוניטין: 126
Message Authentication Code (MAC): Purpose: A MAC is used to ensure the integrity and authenticity of a message, ensuring that the message has not been tampered with and that it comes from a legitimate source. Key-based: The MAC is generated using a secret key shared between the sender and the receiver. Integrity: It ensures the integrity of the message but does not guarantee non-repudiation, since both the sender and receiver share the same key. Either party could have generated the MAC, so the sender can deny having sent the message. Digital Signature (DS): Purpose: A digital signature is used to ensure authenticity, integrity, and non-repudiation. It provides evidence that the message originated from a specific sender and that the message has not been altered. Public/Private key-based: The digital signature is generated using the sender’s private key, and the receiver can verify it using the sender’s public key. Non-repudiation: A key difference is that a digital signature provides non-repudiation, meaning the sender cannot deny having signed the message, since only the sender holds the private key used for signing.
by

מה מהבאים משמש להעברת הודעה מוצפנת?

1
done
by
מיין לפי
by Shachar Adam
Shachar Adam 0 נקודות · לפני 3 חודשים
מוניטין: 126
Here's an explanation of each option: SHA-256: What it does: SHA-256 is a cryptographic hash function, not an encryption algorithm. It takes an input and produces a fixed-size (256-bit) hash. Hash functions are typically used for integrity checks, not for encryption or message transmission. Conclusion: It does not transmit encrypted messages. Diffie-Hellman: What it does: Diffie-Hellman is a key exchange algorithm used to securely exchange cryptographic keys over a public channel. It does not directly encrypt or transmit messages but helps establish a shared secret key for later encryption. Conclusion: It does not directly transmit encrypted messages. Digital Signature: What it does: A digital signature is used to verify the authenticity and integrity of a message, ensuring it was sent by the claimed sender and has not been altered. It does not encrypt the message itself. Conclusion: It does not transmit encrypted messages. Random Salt: What it does: A salt is random data added to a password or message before hashing, typically to enhance security in password storage. It is not used for encryption or transmission of messages. Conclusion: It does not transmit encrypted messages.
by

אילו מהבאים מהווה פגיעות (vulnerability)?

1
done
by
מיין לפי
by Shachar Adam
Shachar Adam 0 נקודות · לפני 3 חודשים
מוניטין: 126
Use of password only and not 2-way verification: While not using 2-factor authentication (2FA) increases risk, it does not necessarily constitute a clear vulnerability. It would be considered a security weakness or bad practice, but not necessarily a vulnerability by itself. This is why it's likely not included in the final answer. Using telnet to configure the system: Vulnerability: Telnet transmits data, including passwords, in plain text, making it susceptible to eavesdropping. It’s a known security risk, especially when configuring systems remotely. More secure alternatives like SSH should be used. Failure to keep activity logs: Vulnerability: Without activity logs, tracking unauthorized access or detecting security breaches becomes difficult. It is a significant vulnerability, as you would have no evidence of suspicious activity or intrusions. Using default passwords on networked devices: Vulnerability: Default passwords are well-known and easily exploitable by attackers. Failure to change default passwords is a classic security vulnerability. Answer 2, 3, 4: This suggests that the most severe vulnerabilities identified are those in answers 2, 3, and 4. All three involve clear, well-established vulnerabilities in system security. Everything: This would imply that all the items listed are vulnerabilities. However, as mentioned earlier, not using 2FA is more of a bad practice than a direct vulnerability, which is likely why this was not the correct answer.
by

אילו מבין שיטות ה-block cipher הבאות מקיימות את התנאי: "בזמן ההצפנה, כאשר יש שגיאה באחד הביטים ב-plaintext, שגיאה זו תפגע ב-ciphertext ובכל הבלוקים שאחריו"?

1
done
by
מיין לפי

איזה סוג מידע Firewalk בעיקר אוסף?

1
done
by
מיין לפי
by Shachar Adam
Shachar Adam 0 נקודות · לפני חודשיים
מוניטין: 126
Firewalk (L4 determination) An active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass (TCP/UDP) Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway ▪ If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. Else, it will likely drop the packets.
by