Due: Thursday, May 12
Suppose Alice and Bob have RSA public keys in a file on a server. They communicate regularly using authenticated, confidential messages. Eve wants to read the messages but is unable to crack the RSA private keys of Alice and Bob. However, she is able to break into the server and alter the file containing Alice's and Bob's public keys.
A web server requires each user to log in. However, the implementers of the web site are worried about storing passwords on the server, since they are afraid someone might break in and steal them. Therefore, they decide to use a clever idea. When a user creates an account, the account number is stored on the server and the user's password is stored in a cookie on the user's machine. Then, when the user tries to log in later, the server compares the password typed in by the user with the password stored in the user's cookie.
Consider a web-based mail system such as HotMail. Suppose the web system displays incoming email messages in a web browser using the following HTML sketch:
<HTML> <BODY> --- Headers --- <DIV ID="msg"> --- Verbatim Email Message --- </DIV> </BODY> </HTML>