aspose file tools*
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Doubts on Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Doubts on Security" Watch "Doubts on Security" New topic
Author

Doubts on Security

Rajiv Shr
Ranch Hand

Joined: Aug 11, 2010
Posts: 37
Hi, I came across two questions in Whizlabs which I have a doubt on

Q-1) You want to encrypt the PIN of an ATM transaction using a one-way encryption algorithm to prevent data theft. Which of the following would you use.
a) 3DES
b) SHA < Correct Answer as per whizlabs
c) Blowfish
d) RSA

Now, I know that SHA is a one-way hashing algorithm. But, I think the purpose of a one-way hash function is to calculate a checksum style message digest so that client can re-calculate the message checksum using SHA and verify that value with the server's value. As two different messages would not compute to the same hash value, matching of client's value with server's value would ensure that the message was not modified in transport by the malicious party. I don't think the purpose of SHA is to provide message level security. You could use asymmetric or symmetric cryptography in addition to SHA/MD5 to provide message level encryption.
Am I wrong?

Q-2) Company B wants to encrypt some sales figures and send it to Company A, but company B does not have a key to encrypt the data. Competitor X is highly interested in these figures and is sniffing the traffic between A and B. What should Company A and B do to prevent X from getting its hands on the sales figures. Choose two options -
a) Use asymmetric cryptography < correct answer
b) Use symmetric cryptography
c) Use HTTPS
d) Use HTTP < use this as per whizlabs and not HTTPS

As per the authors, since the data is already encrypted using asymmetric keys, you do not need to use HTTPS. My doubt was - isn't exchanging keys a part of using SSL protocol over HTTPS?


Kumar Kausikasa
Ranch Hand

Joined: Jun 04, 2002
Posts: 45
Only SHA and MD5 are valid one way hash algorithms. From the list all the other SHA reamining algorithms are used for symmetric and asymmetric ciphers.

Please reply if my understanding is wrong
Rajiv Shr
Ranch Hand

Joined: Aug 11, 2010
Posts: 37
Yes, that is true. But my question was not about which one's are one-way hash functions and which one's are symmetric-asymmetric. That is pretty obvious. The question is whether one-way hash functions can be used to encrypt data. I thought they were only used to validate that the message was not modified in transport.
Rajiv Shr
Ranch Hand

Joined: Aug 11, 2010
Posts: 37
More information here - http://en.wikipedia.org/wiki/Cryptographic_hash_function

Are there any whizlab authors on this forum?
 
 
subject: Doubts on Security