Only part BPrerequisitesYou will need to set up and use a specified Python environment for this homework. Please refer to the instructions below:We recommend using Python 3.10. However, you must use...

1 answer below »



Only part B
Prerequisites






You will need to set up and use a specified Python environment for this homework. Please refer to the instructions below:










We recommend using Python 3.10. However, you must use version 3.8 or later. The code in the assignment won't work with earlier versions of Python.










There are subtle differences between versions of Python, and between versions of Python packages. We need to make sure we’re all using the same versions. Otherwise, your code may run differently while the TAs are grading it.










In the following instructions, we assume you have access to a computer with the following programs installed on it.










python3






pip






virtualenv






Note: the CS lab Linux computers satisfy this requirement.










We’re going to do the following:










create a virtual environment for running your cs642 hw2 code






install specific version of crypto library for that virtual environment.






Open a bash terminal and run the following commands:










# Make a directory where you can keep your virtual environments (if you don’t already have one)






$ mkdir ~/envs






# Install virtualenv






$ pip3 install --user virtualenv






# Make a virtual environment called ’cs642hw2’






$ python3 -m virtualenv --python=python3.10 ~/envs/cs642hw2






# activate the virtual environment






$ source ~/envs/cs642hw2/bin/activate






# install the allowed packages for your environment (You will need the “requirements.txt” file located in HW2.zip)






(cs642hw2) $ pip install -r requirements.txt






You now have a virtual environment identical to the one used by the TAs. You’ll know the virtual environment is active because its name will appear in parentheses to the left of the bash prompt, so run code files by:










(cs642hw2) $ python your_code.py






When you don’t need the virtual environment, just ‘deactivate’ it










(cs642hw2) $ deactivate






Packages in the virtual environment should be sufficient for HW2. If you want to use a Python package that isn’t included in the official virtual environment, contact the TAs for approval.














Part B: Encryption (40 pts)






Another colleague decided to build a symmetric encryption scheme. These are implemented in badencrypt.py and baddecrypt.py (see attached .zip file) and are designed to encrypt a sample message to demonstrate the encryption scheme. To use these demo programs, run:










CT=$(python3 badencrypt.py testkeyfile)






echo $CT






python3 baddecrypt.py testkeyfile $CT






Your job is to assess the security of this encryption scheme. Your solution will be a Python program attack.py that takes as input a ciphertext and modifies the ciphertext so that the decrypted message has a different (and more lucrative to the recipient) TOTAL field and still passes the verification in baddecrypt.py. The file attack.py must do this without access to the key file or knowledge of the key. You can assume the ciphertext contains the sample message hardcoded in badencrypt.py.










We will test your solution with original versions of badencrypt.py and baddecrypt.py and with different encryption keys than the test key provided. To ensure that attack.py produces the correct formatted output, you can run from the command line:










CT=$(python3 badencrypt.py testkeyfile)






MODCT=$(python3 attack.py $CT)






python3 baddecrypt.py testkeyfile $MODCT






Tasks:










1. Complete the attack program attack.py (feel free to make modifications to the pre-filled content. The skeleton is provided just to help you out)






2. In solutions.txt, describe what is wrong with your colleague's scheme and how it should be fixed so that it will be more secure.










(Your attack script will not have direct access to the key file and should not attempt to gain access to the process memory of baddecrypt or any other files to steal the key directly.)










it should get verified
s23hw2-1-34142-pm-vxrz4iov.zip
Answered Same DayFeb 27, 2023

Answer To: Only part BPrerequisitesYou will need to set up and use a specified Python environment for this...

Aditi answered on Feb 28 2023
50 Votes
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?