aboutsummaryrefslogtreecommitdiffstats
path: root/csci5271/hw4
diff options
context:
space:
mode:
Diffstat (limited to 'csci5271/hw4')
-rw-r--r--csci5271/hw4/ex4-template.tex86
1 files changed, 86 insertions, 0 deletions
diff --git a/csci5271/hw4/ex4-template.tex b/csci5271/hw4/ex4-template.tex
new file mode 100644
index 0000000..7ea8019
--- /dev/null
+++ b/csci5271/hw4/ex4-template.tex
@@ -0,0 +1,86 @@
+\documentclass[11pt]{article}
+\usepackage{fullpage}
+\usepackage{times}
+
+\begin{document}
+\begin{center}
+CSci 5271 Fall 2021 Exercise Set 4 answers template
+\end{center}
+
+Please use this document as a template for submitting your answers to
+exercise Set 4. (This template is available from the course web site
+in either LaTeX or Google Doc formats). Type your answers on each page
+after the question prompt (you can use additional pages, though that
+we expect that would rarely be required). If you can write all your
+answers electronically, please do so and export to a PDF to submit.
+If you would prefer to hand-draw figures, you can also submit a scan.
+
+Please ensure that the names and UMN email addresses of all of your
+group members are recorded on Gradescope, and also confirm them below:
+
+\vspace{10pt}
+
+\begin{tabular}{|p{2.6in}|p{2.6in}|}\hline
+Name & UMN email address\\\hline
+\vspace{20pt} & \\\hline
+\vspace{20pt} & \\\hline
+\vspace{20pt} & \\\hline
+\end{tabular}
+
+\vspace{10pt}
+
+Random numbers with limited entropy. (36 pts):
+
+Part 1(a), Time Seed
+
+Having a predictable time seed will help an attacker brute force the seed by reducing the number of possible guesses needed.
+
+\vspace{2in}
+
+Part 1(b), PID Seed
+
+Having such a small number of seeds allows a malicious user to brute force guessing the seed.
+
+Related CVE: https://nvd.nist.gov/vuln/detail/CVE-2008-0166
+
+\newpage
+
+Part 1(c), Time XOR PID
+
+
+
+\vspace{1.5in}
+
+Part 1(d), Consultant
+
+\vspace{1.5in}
+
+One possible implementation of the seed is to start out with concatenating the PID onto the time (time + PID, where the time is the one appended to), XOR the new number with the time, and encoding the result with base64.
+
+Question 2 (Cross-site scripting variations, 18 pts):
+
+Replace text/html with text/plain in the content type. This will cause the browser to display the page as plain text, not as HTML, mitigating the risk of cross-site scripting for this one use case.
+
+\newpage
+
+Question 3 (Denial of Service Denial, 22 pts):
+
+No, it will not. A simple exploit of this module would be to simply have multiple devices behind different IPs all send singular requests to the server at various times, making sure to slowly delay the rate of requests. This would allow the server to be overwhelmed from a Distributed DoS (DDoS) attack.
+
+\newpage
+
+Question 4 (Virus Virii, 24 pts):
+
+\vspace{1.5in}
+
+Part 4(a), Halting Problem
+
+
+
+\vspace{1.5in}
+
+Part 4(b), Reverse Engineering
+
+
+
+\end{document} \ No newline at end of file