1. March 2005 1R. Smith - University of St Thomas - Minnesota QMCS 490 - Class Today “Enigma” recap and finish“Enigma” recap and finish The quiz/surveyThe quiz/survey Next homework assignmentNext homework assignment Desktop Crypto implementationsDesktop Crypto implementations

2. March 2005 2R. Smith - University of St Thomas - Minnesota Homework Assignment Look up some things in Chapter 5Look up some things in Chapter 5 Use Moore’s Law to guess how large of a crypto key a DES Cracker-style computer can crack in a given year.Use Moore’s Law to guess how large of a crypto key a DES Cracker-style computer can crack in a given year. Turn the calculation around and guess the year in which such a machine will be able to crack a key of a given size.Turn the calculation around and guess the year in which such a machine will be able to crack a key of a given size. Print out Chapters 1 and 2. Look at pretty picture and diagrams. Read a few stories. Bring them to class on Monday.Print out Chapters 1 and 2. Look at pretty picture and diagrams. Read a few stories. Bring them to class on Monday.

3. March 2005 3R. Smith - University of St Thomas - Minnesota Desktop Crypto Implementations File encryptionFile encryption –User controlled; sharing and separation on computer Volume encryptionVolume encryption –Device driver encrypts data written to the drive –Can’t boot without a password/phrase/key –Users can steal from each other –Everything is safe if stolen (and key is unknown) Hard drive encryptionHard drive encryption –Fast crypto built into hard drive –Users can steal from each other –Crypto is harder to disable –Problem: how do we handle the key?

4. March 2005 4R. Smith - University of St Thomas - Minnesota Software Crypto Dilemmas How do we keep the crypto safe?How do we keep the crypto safe? –What can ‘they’ subvert Subversion examplesSubversion examples –File encryption –Hard drive encryption Access control protectionsAccess control protections

5. March 2005 5R. Smith - University of St Thomas - Minnesota Access Control for this class For Access Control ExamplesFor Access Control Examples Three elements to considerThree elements to consider –Operating system – always has full access –Owner (usually the creator) – always has full access –Everyone else – access may be restricted To specify access on a file or other assetTo specify access on a file or other asset –Identify the owner –Identify permissions granted to everyone else, if any Access permissions to grantAccess permissions to grant –Read, write – usual meaning –Execute – if executable, may be executed by other users –Search – for directories: can’t read but can search

6. March 2005 6R. Smith - University of St Thomas - Minnesota Access Control for Crypto Who owns the executable?Who owns the executable? Who can modify it?Who can modify it? Who owns keys?Who owns keys?

7. March 2005 7R. Smith - University of St Thomas - Minnesota Creative Commons License This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by- sa/3.0/us/ or send a letter to Creative Commons, 171 Second Street, Suite 300, San Francisco, California, 94105, USA.