Q1: | Bob encrypted a file and copied it to a floppy disk. He also placed his key on the floppy to decrypt the file. Does Bob's encryption program use symmetric or asymmetric encryption? |
A1:
| Bob's encryption program uses symmetric encryption. You can tell because he plans to use the same key to decrypt the file that he used to encrypt it. Does it seem strange to you that Bob included the key on the floppy along with the encrypted file? This is a very bad idea. What is the point of encrypting the file if you are going to transport the key along with it? Anyone who finds the file will also find the key. |
Q2: | Why doesn't SSL work with UDP? |
A2:
| As you learned in Hour 6, UDP is a Transport layer protocol like TCP that also provides ports and sockets for accessing the network. However, SSL must operate through a connection, and UDP is a connectionless protocol. Therefore, SSL is designed to work only with TCP. |
Q3: | Ellen must figure out a way to make several legacy network applications work on a Windows XP computer. She has been instructed to provide confidentiality for communication using these ancient apps. Should she use SSL or IPSec? |
A3:
| SSL operates above the Transport layer, so an application that uses SSL must be able to be aware of the SSL interface. IPSec, on the other hand, operates lower in the stack. The application doesn't have to know about IPSec. From the sound of this scenario, it appears that Ellen might be better off trying IPSec. |
Q4: | What happens if an intruder tricks a Kerberos client into sending a session ticket to the wrong server? |
A4:
| Nothing (we hope). The session ticket is encrypted with the server's long-term key. As long as the intruder does not have access to the server's long-term key, he will not be able to crack the ticket. If the intruder has somehow discovered the server's long-term key, he could decrypt the ticket, extract the session key, and then possibly impersonate the server. |