generated from mwc/lab_subrosa
39 lines
1.4 KiB
Markdown
39 lines
1.4 KiB
Markdown
# Sub Rosa Analysis
|
|
|
|
## Checkpoint 1
|
|
|
|
Decrypt the message you received from the Sub Rosa administrator.
|
|
Include the code you used to decrypt it. What does the message say?
|
|
|
|
## Checkpoint 2
|
|
|
|
Once you have a fully-working client and server for encrypted chat, let's
|
|
analyze potential vulnerabilities of the system. Answer the following
|
|
questions:
|
|
|
|
1. When you interact with the server at `https://subrosa.makingwithcode.org`,
|
|
you have no way of knowing what code is running. If the people running
|
|
the server are dishonest, is it possible for them to read your encrypted
|
|
messages? If so, explain how. If not, explain why not.
|
|
|
|
|
|
2. Is it possible to impersonate another user, sending messages in their name?
|
|
If so, explain how--or demonstrate this with code. If not, explain why not.
|
|
|
|
|
|
3. You can use a signature (a message and its encrypted version) to prove you
|
|
have a private key, without sharing the key itself. After you send someone
|
|
a signature, what stops them from using the same signature to later
|
|
impersonate you?
|
|
|
|
|
|
4. On most websites, you can reset your password if you forget it, via a link
|
|
sent to your email or a code sent to your phone. If you lose your private
|
|
key, would it be possible to recover your messages?
|
|
|
|
|
|
5. Even if you can't read other peoples' messages, you can see the sender and the
|
|
recipient for each message. Is this a big deal? Could the server be redesigned
|
|
so that the sender and the recipient are also encrypted?
|
|
|