Return-Path: william@bourbon.usc.edu Delivery-Date: Sun May 6 16:42:08 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l46Ng8VD022458 for ; Sun, 6 May 2007 16:42:08 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l46Nf1om024197 for ; Sun, 6 May 2007 16:41:01 -0700 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l46Nf1od024196 for cs530@merlot; Sun, 6 May 2007 16:41:01 -0700 Date: Sun, 6 May 2007 16:41:01 -0700 From: william@bourbon.usc.edu Message-Id: <200705062341.l46Nf1od024196@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Anonymous e-mail messages to me... Hi, I think I got an anonymous e-mail message from a student in this class accusing some people of inappropriate behavior. When I replied, it turned out the e-mail address was invalid. Just want to mention that the accuser somehow jump to conclusion that just because he/she *thought* that someone got an unexpected grade, it doesn't mean that something inappropriate has happened. I cannot give the accuser details because e-mail address was invalid. Anyway, if any one of you want to accuse someone of something, please come see me. If you would like to stay anonymous, that can be discussed. (Usually, things can remain anonymous at my level. If it gets above me, then I may not be able to control it.) But sending an anonymous e-mail from a faked account is not very professional. Also, making assumptions without facts can also be problematic. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed May 2 14:58:51 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_50, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l42Lwp91006443; Wed, 2 May 2007 14:58:51 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l42LvxMn027944; Wed, 2 May 2007 14:57:59 -0700 Message-Id: <200705022157.l42LvxMn027944@bourbon.usc.edu> To: cs558l@merlot.usc.edu, cs551@merlot.usc.edu, cs530@merlot.usc.edu Subject: FWD: "Securing Peer-to-peer Systems" - CS Colloquium Talk - 3:30pm May 3 Date: Wed, 02 May 2007 14:57:59 -0700 From: william@bourbon.usc.edu Hi, Just forwarding information about a CS Colloquium talk with a topic that may be of interest to some of you. -- Bill Cheng // bill.cheng@usc.edu -------- Original Message -------- Subject: [colloq_org_stu] USC CS Colloquium Talk Reminder: May3 Date: Wed, 02 May 2007 14:00:02 -0700 From: Sumit Rangwala To: CS Colloquia Student Organizers Securing Peer-to-peer Systems Prof. Yongdae Kim University of Minnesota May 3, 2007 3:30 - 4:50 pm SSL 150 Host: Prof. Ramesh Govindan Abstract: The emergence of peer-to-peer (P2P) systems and applications signifies a revolutionary paradigm shift in building large-scale distributed systems over the Internet. This talk focuses on cooperative peer-to-peer systems, in which peer nodes are more close-knit, forming a "community of common interest" with shared goals and mutual benefits. Since the value and utility of a cooperative P2P system lie in the service it offers to its users, ensuring its correct and efficient operation despite the existence of potentially untrustworthy nodes is of utmost importance. Several infrastructure-level, currently-deployed cooperative P2P systems are vulnerable to various attacks by participating nodes that can impede the service provided by the system. Other systems are vulnerable to misuse or abuse of the services by a few peers. To prevent these attacks, we have developed two core mechanisms that can be used to build trustworthy, accountable and secure cooperative P2P systems. In the first part of the talk, I present a secure overlay routing mechanism, called Myrmic, that guarantees efficient and robust delivery of message even when significant fraction (say 30%) of nodes are compromised. Our experimental and simulation results confirm efficiency and robustness of Myrmic. The second part of the talk introduces how to "emulate" central entity on P2P systems, which is robust against collaboration attacks. Such central entity can be used for enforcing security policy as in traditional client-server systems. We also show how to enforce quota (or guarantee fairness) in a P2P file archiving system using this emulated central entities. Bio: Prof. Yongdae Kim has been working on various projects in data and communication security. During his PhD study, he designed group key agreement protocols, TGDH and STR protocol, which are integrated with Secure Spread. He received NSF career award on storage security and McKnight Land-Grant Professorship Award from University of Minnesota in 2005. His research interests include security issues for distributed systems such as P2P systems, storage systems, sensor and ad hoc networks. ------------------------------------------------------------------- Schedule for upcoming seminar available at http://enl.usc.edu/colloq _______________________________________________ colloq_org_stu mailing list colloq_org_stu@enl.usc.edu http://enl.usc.edu/mailman/listinfo/colloq_org_stu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue May 1 10:02:52 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l41H2qeE031844 for ; Tue, 1 May 2007 10:02:52 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l41H25BE008380 for ; Tue, 1 May 2007 10:02:05 -0700 Message-Id: <200705011702.l41H25BE008380@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: News Article regarding One Time Pass Date: Tue, 01 May 2007 10:02:05 -0700 From: william@bourbon.usc.edu Hi, Just forwarding an e-mail from a student. This is what was mentioned on slide 8 of lecture 11. Looks like may be soon everyone will be using something like this. -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Tue, 01 May 2007 09:17:32 -0700 To: william@bourbon.usc.edu Subject: News Article regarding One Time Pass I found the below article very interesting and feels like sharing it with class. http://news.yahoo.com/s/ap/20070501/ap_on_hi_te/verisign_disposable_passwords Thanks! Return-Path: william@bourbon.usc.edu Delivery-Date: Tue May 1 07:45:45 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l41Ejjnd021109 for ; Tue, 1 May 2007 07:45:45 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l41EiwGh006930 for ; Tue, 1 May 2007 07:44:58 -0700 Message-Id: <200705011444.l41EiwGh006930@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: CS 530 HW4 grade... Date: Tue, 01 May 2007 07:44:58 -0700 From: william@bourbon.usc.edu I sent out a bunch of updated grades for HW4 last night. Here is the current statistics: Count = 25 Avg = 81.64 StdDev = 28.81 Max = 100.00 Min = 5.00 17 90+ XXXXXXXXXXXXXXXXX 2 80+ XX 0 70+ 2 60+ XX 0 50+ 1 40+ X 0 30+ 1 20+ X 1 10+ X 1 00+ X -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 26 11:36:51 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3QIapF3026235 for ; Thu, 26 Apr 2007 11:36:51 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3QIaM4k005508 for ; Thu, 26 Apr 2007 11:36:22 -0700 Message-Id: <200704261836.l3QIaM4k005508@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Regarding OFT Date: Thu, 26 Apr 2007 11:36:22 -0700 From: william@bourbon.usc.edu Someonew rote: > So in OFT there is still (log n) keys in msg if multicasted? Correct. > Or this means > the server has to compute (log n) keys, no matter how it is send to client? The KDC should use multicast and send all the keys in one message. (You shouldn't say "server" if you meant the KDC. All the nodes are "servers".) > Similar question for Logical Key H for 2log n ? Correct. Well, you should subtract 1 from it according to the "mistake" mentioned in my previous message. So, it should be: 2 * (log n) - 1 -- Bill Cheng // bill.cheng@usc.edu On 4/26/07, william@bourbon.usc.edu wrote: > > Someone wrote: > > > Thanks for answering my previous query. I got another doubt with > > that explanation. > > > > As why server need private channel for {g(K4)}K'3, I can > > understand that for K'3. > > I'm not sure what "server" you meant. The joining node needs > g(K4). If it has a private channel with the KDC when it > joins, it can just receive g(K4) on that channel. No need > to encrypt it with K'3. > > > And why it is done differently in LKH(Logical Key Hierarchy) in > > lecture#10 slide#23 as server sends {K'34}K'3 to K3 in multicast. > > It's a mistake in the slide! {K'34}K'3 is *redundant* on > slide 23 of lecture 10 (and on the right hand side of slide > 25 of lecture 10) since K'34 can be sent to the joining node > in the private channel. > -- > Bill Cheng // bill.cheng@usc.edu > > > > > ----- Original Message ----- > From: william@bourbon.usc.edu > Date: Wednesday, April 25, 2007 10:38 pm > Subject: Re: Regarding OFT > To: cs530@merlot.usc.edu > > > Someone wrote: > > > > > In One Way function tree its given U4 needs {g(K'3)}K4 to compute > > > new keys up in hierarchy > > > I believe U3(new node) too needs {g(K4)}K'3, because then only it > > > can compute new keys too in hierarchy. > > > Please suggest on this. > > > > You are talking about slide 25 of lecture 10. You are > > correct that the joing node (U3) needs g(K4). U3 does get > > this from the KDC or Group Controller via a private channel > > when it was doing the join. This is not shown in slide 25 of > > lecture 10. The slide is about what's in the message the KDC > > needs to multicast to the whole group. > > > > > Also if u can provide brief difference between El-Gamma and > > > Deffi-hellman then it will be great! > > > > Diffie-Hellman is a *key exchange* system for Alice and Bob to > > agree on a shared secret g^{xy} mod p. Once there is a way > > for Alice and Bob to agree on a shared secret, you can specify > > protocols to do other stuff (such as encryption and decryption). > > > > You can think of ElGamal encryption as a protocol developed on > > top of Diffie-Hellman that encrypts message m by computing: > > > > c = m * g^{xy} mod p > > > > and decrypts ciphertext c by computing: > > > > c * g^{-xy} mod p > > -- > > Bill Cheng // bill.cheng@usc.edu > > Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 26 10:00:27 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3QH0RFh018671 for ; Thu, 26 Apr 2007 10:00:27 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3QGxwK3004265 for ; Thu, 26 Apr 2007 09:59:58 -0700 Message-Id: <200704261659.l3QGxwK3004265@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: full domain hash Date: Thu, 26 Apr 2007 09:59:58 -0700 From: william@bourbon.usc.edu Someone wrote: > Why do stamp be encrypted using full domain hash? A stamp does *not* need to be encrypted. A stamp is ("_" menas subscript): C_S, DS_S[i,t] where DS means digital signature. The usual digital signature schemes that we have seen has the problem that, if you sign the exact same document twice, the digital signatures will be different. This is because there is randomness added in these digital signature schemes. At the bottom of slide 5 of lecture 12, it states that in order to create *unique* signatures, FDH can be used. Digital signature here is still encrypting the hash of a document with the private key, but you are using FDH instead (and no randomness will need to be added when you sign). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 26 09:46:07 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3QGk627017505 for ; Thu, 26 Apr 2007 09:46:06 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3QGjcKm004099 for ; Thu, 26 Apr 2007 09:45:38 -0700 Message-Id: <200704261645.l3QGjcKm004099@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Regarding OFT Date: Thu, 26 Apr 2007 09:45:38 -0700 From: william@bourbon.usc.edu Someone wrote: > Thanks for answering my previous query. I got another doubt with > that explanation. > > As why server need private channel for {g(K4)}K'3, I can > understand that for K'3. I'm not sure what "server" you meant. The joining node needs g(K4). If it has a private channel with the KDC when it joins, it can just receive g(K4) on that channel. No need to encrypt it with K'3. > And why it is done differently in LKH(Logical Key Hierarchy) in > lecture#10 slide#23 as server sends {K'34}K'3 to K3 in multicast. It's a mistake in the slide! {K'34}K'3 is *redundant* on slide 23 of lecture 10 (and on the right hand side of slide 25 of lecture 10) since K'34 can be sent to the joining node in the private channel. -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Wednesday, April 25, 2007 10:38 pm Subject: Re: Regarding OFT To: cs530@merlot.usc.edu > Someone wrote: > > > In One Way function tree its given U4 needs {g(K'3)}K4 to compute > > new keys up in hierarchy > > I believe U3(new node) too needs {g(K4)}K'3, because then only it > > can compute new keys too in hierarchy. > > Please suggest on this. > > You are talking about slide 25 of lecture 10. You are > correct that the joing node (U3) needs g(K4). U3 does get > this from the KDC or Group Controller via a private channel > when it was doing the join. This is not shown in slide 25 of > lecture 10. The slide is about what's in the message the KDC > needs to multicast to the whole group. > > > Also if u can provide brief difference between El-Gamma and > > Deffi-hellman then it will be great! > > Diffie-Hellman is a *key exchange* system for Alice and Bob to > agree on a shared secret g^{xy} mod p. Once there is a way > for Alice and Bob to agree on a shared secret, you can specify > protocols to do other stuff (such as encryption and decryption). > > You can think of ElGamal encryption as a protocol developed on > top of Diffie-Hellman that encrypts message m by computing: > > c = m * g^{xy} mod p > > and decrypts ciphertext c by computing: > > c * g^{-xy} mod p > -- > Bill Cheng // bill.cheng@usc.edu > Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 26 09:39:12 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3QGdCkn016831 for ; Thu, 26 Apr 2007 09:39:12 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3QGchKe004000 for ; Thu, 26 Apr 2007 09:38:43 -0700 Message-Id: <200704261638.l3QGchKe004000@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Bistro Date: Thu, 26 Apr 2007 09:38:43 -0700 From: william@bourbon.usc.edu Someone wrote: > I have some questions regarding bistro. > > Bistro Question: > > How does a client know which Bistro it can connect to. The explanation says > user can connect to any Bistro X. Does that mean they send (ticket, > Eses(T),EID) on the link and nearest Bistro catches up, or is there > any queue like step up for all Bistros in Bistro system. How is does bistro > system avoid of not sending on ticket at two bistros? The client knows which bistro server is the destination bistro because the name of the destination bistro is encoded in EID. The bistro X can be any bistro sever. The selection criteria is not covered in our class. In the simplest case, it can be specified in a configuration file (just like when you configure Outlook to send e-mail, you need to tell it what is the name of the out-going e-mail server). > In practice, bistro software are implemented on Destination Server ? The bistro server software are installed on all bistro servers (including the destination server). > In our (CS 530) submission procedure, how many bistros we are using ? (I > guess one) Just one. The destination bistro is also bistro X. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Apr 25 22:38:30 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3Q5cU2R029499 for ; Wed, 25 Apr 2007 22:38:30 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3Q5c3cO030085 for ; Wed, 25 Apr 2007 22:38:03 -0700 Message-Id: <200704260538.l3Q5c3cO030085@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Regarding OFT Date: Wed, 25 Apr 2007 22:38:03 -0700 From: william@bourbon.usc.edu Someone wrote: > In One Way function tree its given U4 needs {g(K'3)}K4 to compute > new keys up in hierarchy > I believe U3(new node) too needs {g(K4)}K'3, because then only it > can compute new keys too in hierarchy. > Please suggest on this. You are talking about slide 25 of lecture 10. You are correct that the joing node (U3) needs g(K4). U3 does get this from the KDC or Group Controller via a private channel when it was doing the join. This is not shown in slide 25 of lecture 10. The slide is about what's in the message the KDC needs to multicast to the whole group. > Also if u can provide brief difference between El-Gamma and > Deffi-hellman then it will be great! Diffie-Hellman is a *key exchange* system for Alice and Bob to agree on a shared secret g^{xy} mod p. Once there is a way for Alice and Bob to agree on a shared secret, you can specify protocols to do other stuff (such as encryption and decryption). You can think of ElGamal encryption as a protocol developed on top of Diffie-Hellman that encrypts message m by computing: c = m * g^{xy} mod p and decrypts ciphertext c by computing: c * g^{-xy} mod p -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Apr 25 10:32:19 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3PHWJIt004988 for ; Wed, 25 Apr 2007 10:32:19 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3PHVrHO022246 for ; Wed, 25 Apr 2007 10:31:53 -0700 Message-Id: <200704251731.l3PHVrHO022246@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Regarding Reference in Internship Date: Wed, 25 Apr 2007 10:31:53 -0700 From: william@bourbon.usc.edu Someone wrote: > I have one doubt in Group key management. > > I am confused between forward secrecy and backwards secrecy. > > Suppose, there is one group. Now, one person leaves the group. So, does > forward secrecy means that new key will be issued to everyone else in the > group in order to revoke access to the person who left the group? Correct. > And, lets say, if someone joins the group. So, does backwards secrecy means > that, new key is assigned to everyone in the group before the new one > joins, so that the person who joined does not have access to old message ? Correct. (The joining person also get the new group key when he/she during the join process.) -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Apr 23 23:39:22 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3O6dM5s031725 for ; Mon, 23 Apr 2007 23:39:22 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3O6d2qd031630 for ; Mon, 23 Apr 2007 23:39:02 -0700 Message-Id: <200704240639.l3O6d2qd031630@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: CS 530 HW4 regrade requests... Date: Mon, 23 Apr 2007 23:39:02 -0700 From: william@bourbon.usc.edu Hi, Just want to mention that for regrade requests, please send an e-mail to the grader and request an appointment. (He will not be holding office hours since no one showed up for HW2!) Thanks! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Apr 23 23:30:01 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3O6U0lK030933 for ; Mon, 23 Apr 2007 23:30:00 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3O6Teps030982 for ; Mon, 23 Apr 2007 23:29:40 -0700 Message-Id: <200704240629.l3O6Teps030982@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question Date: Mon, 23 Apr 2007 23:29:40 -0700 From: william@bourbon.usc.edu Someone wrote: > In the discussion about SPAM, you mention: > > 'If the digital signature scheme contains randomness, a spammer can generate > many stamps witht he same {i,t}. ' > > Can yu please explain this On slide 4 of lecture 12, it says that the key for doing the lookup in the Enforcer is SHA1(stamp) (or SHA1(SHA1(stamp))). Therefore, if you digitally sign a stamp twice and the result is two different stamps, then the two stamps will have different SHA1(stamp) values and the Enforcer will say that the two stamps are different, even though they have the same {i,t} and should be treated as a re-use. Commonly used digital signature schemes would add a nonce to a digital signature. Therefore, if you take the same input and digitally sign it twice, the outputs will be different. So, you cannot use these schemes to sign a stamp in this particular application. > Also, how does using a RSA private key aggrevate the problem here? The RSA digital signature scheme is basically encrypting the hash of a message with the private key. RSA encryption has a "multiplicative property" such that if you do: c1 = m1^d mod n c2 = m2^d mod n then: c1*c2 = (m1*m2)^d mod n This means that if you have c1 and c2, you can *forge* a signature even if you don't have the RSA private exponent! This is very dangerous since no one should be able to forge a legitimate signature. This can happen especially if m1 and m2 are small, which is the case if m1 and m2 are hashes. Therefore, what often happens is that a nonce is appended to m1 or m2 before encrypting. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Apr 23 22:21:20 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3O5LK9C025620 for ; Mon, 23 Apr 2007 22:21:20 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3O5L0a0028646 for ; Mon, 23 Apr 2007 22:21:00 -0700 Message-Id: <200704240521.l3O5L0a0028646@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: midterm questions Date: Mon, 23 Apr 2007 22:21:00 -0700 From: william@bourbon.usc.edu Someone wrote: [ I think the subject line above should be "Exam #2 Questions". ] > In Intrusion Detection topic, the last bullet is "response", in > the lecture you skipped the slides for "phases of response" will > those be in the final? Since it's part of the textbook, it is included in the topics for Exam #2. > Also, on the "Upload" topic, will the questions be about bistro? > how it works, goals, and how bistro "solves" the deadline > problem? Yes. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Apr 23 22:19:22 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3O5JMgu025434 for ; Mon, 23 Apr 2007 22:19:22 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3O5J26J028539 for ; Mon, 23 Apr 2007 22:19:02 -0700 Message-Id: <200704240519.l3O5J26J028539@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: query - exam 2 Date: Mon, 23 Apr 2007 22:19:02 -0700 From: william@bourbon.usc.edu Someone wrote: > I have question regarding course material > > Questions: > > 1. Difference between: key encryption key and group/traffic encryption > key. The traffic encryption key (TEK) encrypts the traffic (data). When you need to send a new key, you use the key encryption key (KEK) to encrypt the TEK. > 2. In SSL slides there is red column for the attacker. In the lecture I > could not get enough details of how this attacker can get his work done in > SSL protocol. The attacker can be an active attacker and can do anything it wants. It won't be able to hurt SSL (if you verify the hostname is spelled correctly and that certificates are issued properly). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Apr 23 14:14:21 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3NLELgo019271 for ; Mon, 23 Apr 2007 14:14:21 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3NLE23M022104 for ; Mon, 23 Apr 2007 14:14:02 -0700 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l3NLE2Iw022103 for cs530@merlot; Mon, 23 Apr 2007 14:14:02 -0700 Date: Mon, 23 Apr 2007 14:14:02 -0700 From: william@bourbon.usc.edu Message-Id: <200704232114.l3NLE2Iw022103@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Changes to the termpaper grading guidelines... Hi, I've decided to eliminate A+ from the termpaper grades (since I have only given out an A+ once before). So, the point assignment for the new A is the same as the point assignment for the previous A+, and so on. Please see: http://merlot.usc.edu/cs530-s07/termpaper.html#grading If this is a problem, please let me know (I'm assuming this doesn't create any problem). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Apr 23 12:30:34 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3NJUYoq011103 for ; Mon, 23 Apr 2007 12:30:34 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3NJUFeo020904 for ; Mon, 23 Apr 2007 12:30:15 -0700 Message-Id: <200704231930.l3NJUFeo020904@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Exam #2 coverage... Date: Mon, 23 Apr 2007 12:30:15 -0700 From: william@bourbon.usc.edu Someone wrote: > Do you mean to say that 70% will come from topics covered before > midterm. and 30% after midterm. No. Just the opposite. (Again, *approximately*.) -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Monday, April 23, 2007 11:36 am Subject: Exam #2 coverage... To: cs530@merlot.usc.edu > Hi, > > I'm making up Exam #2 and it looks like approximately 70% of > the points will come from materials not covered by Exam #1. > (This is an approximation, so please don't hold me to it!) > -- > Bill Cheng // bill.cheng@usc.edu > > Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Apr 23 11:36:20 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3NIaKf5006837 for ; Mon, 23 Apr 2007 11:36:20 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3NIa1HS019899 for ; Mon, 23 Apr 2007 11:36:01 -0700 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l3NIa1CE019898 for cs530@merlot; Mon, 23 Apr 2007 11:36:01 -0700 Date: Mon, 23 Apr 2007 11:36:01 -0700 From: william@bourbon.usc.edu Message-Id: <200704231836.l3NIa1CE019898@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Exam #2 coverage... Hi, I'm making up Exam #2 and it looks like approximately 70% of the points will come from materials not covered by Exam #1. (This is an approximation, so please don't hold me to it!) -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Apr 23 10:29:32 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3NHTOQR001393; Mon, 23 Apr 2007 10:29:24 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3NHT62P018299; Mon, 23 Apr 2007 10:29:06 -0700 Message-Id: <200704231729.l3NHT62P018299@bourbon.usc.edu> To: cs530@merlot.usc.edu, cs551@merlot.usc.edu, cs558l@merlot.usc.edu Subject: Re: CSCI 530 relevant news article . . . Date: Mon, 23 Apr 2007 10:29:06 -0700 From: william@bourbon.usc.edu Thanks for sending it! I guess sonner or later, this is going to happen since IRS would not accept better solution to their scalability problem. -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Mon, 23 Apr 2007 06:23:48 -0700 To: william@bourbon.usc.edu Subject: CSCI 530 relevant news article . . . Per this article, it sounds like Intuit should have been using Bistro ... http://www.nytimes.com/2007/04/23/technology/23intuit.html ;) Return-Path: william@bourbon.usc.edu Delivery-Date: Sat Apr 21 20:36:06 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3M3a6HL015382 for ; Sat, 21 Apr 2007 20:36:06 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3M3Zrja002816 for ; Sat, 21 Apr 2007 20:35:53 -0700 Message-Id: <200704220335.l3M3Zrja002816@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Crypt Date: Sat, 21 Apr 2007 20:35:53 -0700 From: william@bourbon.usc.edu Someone wrote: > In des variats and application there is a bullet telling encrypt > no 0.Can you please elaborate it a bit , why is it used? Please do not ask me to elaborate becuase the explanations are in the recorded lectures. Please ask more specific questions. Thanks! As far as why was it used goes, it was basically used as a cryptographic hash function. This was before the MD5/SHA1 days. One way to create a hash function is to use a block cipher such as DES. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Apr 20 23:02:15 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_40, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3L626wJ009125; Fri, 20 Apr 2007 23:02:06 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3L61up0022395; Fri, 20 Apr 2007 23:01:56 -0700 Message-Id: <200704210601.l3L61up0022395@bourbon.usc.edu> To: cs530@merlot.usc.edu, cs558l@merlot.usc.edu, cs551@merlot.usc.edu Cc: Hariram Yogendran Subject: Re: Your recommendation for candidates in a fast growing startup Date: Fri, 20 Apr 2007 23:01:56 -0700 From: william@bourbon.usc.edu Hi, I'm forwarding a job opportunity from a startup company, Inhance.Net. I've put the two Word attachments mentioned in the e-mail at the following places: Software Development Engineer Job Description: http://merlot.usc.edu/cs530-s07/misc/InhanceJob.doc Inhance Media Exec Summary: http://merlot.usc.edu/cs530-s07/misc/InhanceSummary.doc Please check the Job Description and make sure you have to qualifications before applying. Thanks! -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Mon, 16 Apr 2007 14:46:41 -0700 From: Hariram Yogendran To: chengw@usc.edu Subject: Your recommendation for candidates in a fast growing startup Dear Professor Cheng, I am a recent USC Alumnus who graduated from the Computer Science Dept last year. I had taken my security systems course under you. After earning my MSCS, I was recruited by some fellow Alumni from the USC Schools of Business, Engineering and Music who have founded a very interesting, music-centric internet company. We have development centers in the United States, India and Canada and we are currently expanding our operations in the Los Angeles area. We are looking to partner with the Computer Science department at USC to find the best and brightest talent to join our team. We need bright, passionate engineers looking to really make an impact in a very dynamic, (well-funded) internet startup with tremendous potential. We are entering our site launch phase over the next couple of months so it is a very exciting time to get involved. We have very competitive compensation packages, including pre-IPO stock options and immense opportunities to work with an exceptional pool of talent. Our ideal candidate would have the following: * Primary interests in some of the following areas: networking hardware & software, security, web technologies, algorithms and databases. * Scalable vision. Big thinkers able to push the boundaries with great, forward thinking vision. * Natural problem solver with very strong Mathematical and Analytical skills. * Great aptitude, strong drive and a positive attitude. I have attached a job description for Software Development Engineers and our Management Bio's for your review. I'd like to talk further about possible students that you think may be of interest. This is a very special career opportunity and I want to thank you in advance for any assistance you may have in connecting us with up & coming talented Trojans! See our teaser web site at: www.inhance.net Looking forward to a long-term partnership with you! Sincerely, Hariram Yogendran IT Manager Inhance.Net 15912 Arminta St. Van Nuys, CA 91406 work. 818.455.4340 ext 223 cell. 213.210.9643 Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 19 22:20:23 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3K5KNS5020533 for ; Thu, 19 Apr 2007 22:20:23 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3K5KHm7004620 for ; Thu, 19 Apr 2007 22:20:17 -0700 Message-Id: <200704200520.l3K5KHm7004620@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Reg: Figures and Tables in term paper Date: Thu, 19 Apr 2007 22:20:17 -0700 From: william@bourbon.usc.edu Someone wrote: > As we are writing only a review paper and not giving our own idea, is it > alright to have figures and tables taken from other papers if we provide > the appropriate references? Yes. That would be fine. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 19 07:41:56 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3JEfuQj015701 for ; Thu, 19 Apr 2007 07:41:56 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3JEfr5w027686 for ; Thu, 19 Apr 2007 07:41:53 -0700 Message-Id: <200704191441.l3JEfr5w027686@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: page limit on the termpaper Date: Thu, 19 Apr 2007 07:41:53 -0700 From: william@bourbon.usc.edu Someone wrote: > thank you very much for the prompt reply. But I have one > question from this email. I am still not clear what exactly > does appendix means? And what is the need for it? Is it the > list of references? Appendix is a separate section of the paper that appears at the end of a paper (after list of references). If the appendix is removed, the paper is still complete. If your paper is too long, you can move parts of it into the appendix. You can then summarize and refer to what's in the appendix. For example, you want to present an algorithm or/and mathematical derivation in detail. But the detail doesn't really have to appear in the main part of your paper. In this case, you can move these to the appendix and summarize and refer to them. > Please explain me. I did not see the appendix in any research > paper i read ! Ah! That's because some of these papers has appendix when they were submitted for review. As soon as they are accepted, the appendices were removed because there is often a strict limit (set by the publisher) on the number of pages in a published paper. -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Wednesday, April 18, 2007 10:51 pm Subject: page limit on the termpaper To: cs530@merlot.usc.edu > Just a reminder that you should try very hard to keep your > paper to be at most 5 pages long (reference and appendix > excluded). You will lose points if your paper is longer > than 5 pages. > -- > Bill Cheng // bill.cheng@usc.edu > Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Apr 18 22:51:10 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3J5p99k005735 for ; Wed, 18 Apr 2007 22:51:09 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3J5p795022559 for ; Wed, 18 Apr 2007 22:51:07 -0700 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l3J5p7ot022558 for cs530@merlot; Wed, 18 Apr 2007 22:51:07 -0700 Date: Wed, 18 Apr 2007 22:51:07 -0700 From: william@bourbon.usc.edu Message-Id: <200704190551.l3J5p7ot022558@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: page limit on the termpaper Just a reminder that you should try very hard to keep your paper to be at most 5 pages long (reference and appendix excluded). You will lose points if your paper is longer than 5 pages. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Apr 18 13:49:22 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3IKnMRi027837 for ; Wed, 18 Apr 2007 13:49:22 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3IKnL6S017654 for ; Wed, 18 Apr 2007 13:49:21 -0700 Message-Id: <200704182049.l3IKnL6S017654@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Exam/Lecture Que? Date: Wed, 18 Apr 2007 13:49:21 -0700 From: william@bourbon.usc.edu Someone wrote: > Lecture Question? > > UNIX Login: > > - Salted as defense against pre-computed dictionary attacks. > > What does salting means ? How does it work? The general salting concept is to prepend or append a randomly generated salt value to an input (such as passphrase) before encrypting or hashing and store the salt value along with the ciphertext or hash result. When it's time to authenticate, the user is prompted to give a passphrase, the procedure mentioned above is applied and the result is compared with the stored ciphertext or hash value. > What is format of shadow password file? The general format is not important. But it should contain a mapping from a user ID to a stored salt value and a ciphertext (if encryption was used) or hash (if a hash was used). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 17 19:50:51 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3I2opMW006807 for ; Tue, 17 Apr 2007 19:50:51 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3I2or2K005420 for ; Tue, 17 Apr 2007 19:50:53 -0700 Message-Id: <200704180250.l3I2or2K005420@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: term paper formating Date: Tue, 17 Apr 2007 19:50:53 -0700 From: william@bourbon.usc.edu Someone wrote: > In term Paper requirements its mentioned "The formating > requirement is fairly flexible. You may format the paper in > single column, double columns, singly spaced, or doubly spaced." > > Above by singly spaced/ doubly spaced, I hope you mean line > spacing(Gap between two lines). Correct. > I am keeping it 1.5(Normally its 1) is it ok? Sure, as mentioned above. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 17 11:46:46 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3HIkkM3000903 for ; Tue, 17 Apr 2007 11:46:46 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3HIknsh000464 for ; Tue, 17 Apr 2007 11:46:49 -0700 Message-Id: <200704171846.l3HIknsh000464@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: term paper Date: Tue, 17 Apr 2007 11:46:49 -0700 From: william@bourbon.usc.edu Someone wrote: > Some of the notations, players and symboles I have taken from references as > I m writting an extened idea of the reference paper with different situation > and extra players to it. > > Can I use these notations, players and symboles name from reference. Yes. But you must explain the notations in your termpaper. You must *not* assume that your readers have read your references! -- Bill Cheng // bill.cheng@usc.edu On 4/17/07, william@bourbon.usc.edu wrote: > > Someone wrote: > > > Since we are writing extended abstract most of our idea and > > concepts are going to come from the original data itself. So do > > we need to give citation on each statement that is based on the > > original paper. > > No! You just need to make it clear where your material came > from. > > If you are going to *quote* something explicitly, you should > definitely cite it right at the quotation and make the > quotation a separate paragraph. If you are not quoting, you > should not copy text from your references (or copy most of > the text from your references and change a few words here and > there). > -- > Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 17 11:34:07 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3HIY7is032387 for ; Tue, 17 Apr 2007 11:34:07 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3HIYAMa032599 for ; Tue, 17 Apr 2007 11:34:10 -0700 Message-Id: <200704171834.l3HIYAMa032599@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: CS530: Regarding Term Paper Date: Tue, 17 Apr 2007 11:34:10 -0700 From: william@bourbon.usc.edu Someone wrote: > I am thinking of changing my topic, is this possible? I have > submitted my proposal but I'm thinking of writing about something > else. It's not a problem. But you are running out of time and there will be no extension for this. > Before I do that, I would like to verify it with you first. > I will of course send you my references and the topic to make sure > they're okay. Please do! Thanks! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 17 11:04:23 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3HI4N32029832 for ; Tue, 17 Apr 2007 11:04:23 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3HI4Q7U032282 for ; Tue, 17 Apr 2007 11:04:26 -0700 Message-Id: <200704171804.l3HI4Q7U032282@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: term paper Date: Tue, 17 Apr 2007 11:04:26 -0700 From: william@bourbon.usc.edu Someone wrote: > Since we are writing extended abstract most of our idea and > concepts are going to come from the original data itself. So do > we need to give citation on each statement that is based on the > original paper. No! You just need to make it clear where your material came from. If you are going to *quote* something explicitly, you should definitely cite it right at the quotation and make the quotation a separate paragraph. If you are not quoting, you should not copy text from your references (or copy most of the text from your references and change a few words here and there). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Apr 16 13:58:52 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3GKwq0r027231 for ; Mon, 16 Apr 2007 13:58:52 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3GKwx1V021079 for ; Mon, 16 Apr 2007 13:58:59 -0700 Message-Id: <200704162058.l3GKwx1V021079@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: friday's lecture Date: Mon, 16 Apr 2007 13:58:59 -0700 From: william@bourbon.usc.edu Someone wrote: > Can you please let us know what part are you going to cover this > friday, so that we can take slides for that. It's what's on the lectures web page at: http://merlot.usc.edu/cs530-s07/lectures.html Lecture 14 will cover wireless, privacy, and application of security - bistro. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Apr 15 08:59:15 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3FFxFqX019859 for ; Sun, 15 Apr 2007 08:59:15 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3FFxPSK005727 for ; Sun, 15 Apr 2007 08:59:25 -0700 Message-Id: <200704151559.l3FFxPSK005727@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question about CS530 termpaper Date: Sun, 15 Apr 2007 08:59:25 -0700 From: william@bourbon.usc.edu Someone wrote: > I have a question about termpaper. > > Can I add some table or graph to termpaper ? Yes. > If so, can we use those figure as a part of 5 pages ? > Or only texts are counted? Depends on where you put them. You can put them in the appendix, if you'd like. Then it doesn't count as part of the 5 pages. If you don't put them in the appendix, then it should be counted as part of the 5 pages. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 12 22:34:50 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3D5YoV7008472 for ; Thu, 12 Apr 2007 22:34:50 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3D5Z9IH009012 for ; Thu, 12 Apr 2007 22:35:09 -0700 Message-Id: <200704130535.l3D5Z9IH009012@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: cs530 : Research Paper Date: Thu, 12 Apr 2007 22:35:09 -0700 From: william@bourbon.usc.edu Someone wrote: > I had some questions regarding the paper > 1. From the class website : "The term paper must be 5 pages or less, > with a list of references which may extend beyond the end of the 5th page." > > Is this a strict rule.. can we extend the paper to 6-7 pages ? It's a strict rule. Some conferences will not review papers that are too long! I will deduct points for longer papers. It's up to you to decide how to cut it to make it fit within 5 pages. (Please remember that you can format the paper in many different ways to squeeze in more stuff.) > 2. Is a slight deviation in the final outcome in the paper as compared > to the original proposal acceptable ? If it is conveyed to you before > submitting the paper ? If you stick with your approved references, it's no problem at all. If you end up not using a reference that was approved, you need to make sure you substitute it with another qualified reference. Otherwise, you may lose a lot of points! If you decide to do this, please ask me to check if the new reference is okay as early as possible. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 12 22:02:53 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3D52raX005923 for ; Thu, 12 Apr 2007 22:02:53 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3D53CJV008599 for ; Thu, 12 Apr 2007 22:03:12 -0700 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l3D53CgV008598 for cs530@merlot; Thu, 12 Apr 2007 22:03:12 -0700 Date: Thu, 12 Apr 2007 22:03:12 -0700 From: william@bourbon.usc.edu Message-Id: <200704130503.l3D53CgV008598@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Exam #2 will *not* cover "cryptographic protocols"! Hi, After thinking about it for a while, I've decided to drop "cryptographic protocols" from Exam #2 coverage. Exam #2 will still be comprehensive and you will be responsible for materials in "cryptography" and "public-key cryptography". But nothing will come from "cryptographic protocols". I'll post a summary of covered topics after the lecture next week. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 12 21:11:42 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3D4BgwW001676 for ; Thu, 12 Apr 2007 21:11:42 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3D4C2uo007880 for ; Thu, 12 Apr 2007 21:12:02 -0700 Message-Id: <200704130412.l3D4C2uo007880@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: IEEE Security & Privacy... Date: Thu, 12 Apr 2007 21:12:02 -0700 From: william@bourbon.usc.edu Actually, it's an interesting exercise to compare articles published in "IEEE Security & Privacy" vs. in "IEEE Symposium on Security and Privacy". You may notice that one can pretty much say anything without providing much supporting technical evidence in a magazine article. Although there are very good articles in magazines, they often do not have enough technical depth for a graduate-level computer science class (although they may be deep philosophically). -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Thu, 12 Apr 2007 20:38:49 -0700 From: william@bourbon.usc.edu To: cs530@merlot.usc.edu Subject: IEEE Security & Privacy... Hi, Some people are submitting papers in "IEEE Security & Privacy" (not to be confused with the "IEEE Symposium on Security and Privacy"). "IEEE Security & Privacy" is a magazine (similar to "IEEE Computer Magazine") while the "IEEE Symposium on Security and Privacy" is a symposium. Therefore, papers in "IEEE Security & Privacy" cannot be counted as a qualifying reference while papers in the "IEEE Symposium on Security and Privacy" can. Sorry about the confusion. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 12 20:38:30 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3D3cUUN031599 for ; Thu, 12 Apr 2007 20:38:30 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3D3cnLR007505 for ; Thu, 12 Apr 2007 20:38:49 -0700 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l3D3cnwh007504 for cs530@merlot; Thu, 12 Apr 2007 20:38:49 -0700 Date: Thu, 12 Apr 2007 20:38:49 -0700 From: william@bourbon.usc.edu Message-Id: <200704130338.l3D3cnwh007504@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: IEEE Security & Privacy... Hi, Some people are submitting papers in "IEEE Security & Privacy" (not to be confused with the "IEEE Symposium on Security and Privacy"). "IEEE Security & Privacy" is a magazine (similar to "IEEE Computer Magazine") while the "IEEE Symposium on Security and Privacy" is a symposium. Therefore, papers in "IEEE Security & Privacy" cannot be counted as a qualifying reference while papers in the "IEEE Symposium on Security and Privacy" can. Sorry about the confusion. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 12 16:00:31 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3CN0VUc009038 for ; Thu, 12 Apr 2007 16:00:31 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3CN0pe1004417 for ; Thu, 12 Apr 2007 16:00:51 -0700 Message-Id: <200704122300.l3CN0pe1004417@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: CS530 - In case your termpaper proposal is not complete... Date: Thu, 12 Apr 2007 16:00:51 -0700 From: william@bourbon.usc.edu Hi, Many of you have not sent your termpaper proposals. This would be fine if you plan on getting all your references right the first time you submit. But if you don't get all your references right the first time and you send your proposal close to the deadline, I may not be able to respond to you early enough so that your fix can be submitted in time, then you may lose some points! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 12 15:41:36 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_40, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3CMfaRM007454 for ; Thu, 12 Apr 2007 15:41:36 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3CMfuoE004095 for ; Thu, 12 Apr 2007 15:41:56 -0700 Message-Id: <200704122241.l3CMfuoE004095@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Online Course Evaluations for DEN Sections Date: Thu, 12 Apr 2007 15:41:56 -0700 From: william@bourbon.usc.edu Hi, The following only concerns *remote* students... If you are not a on-campus student, please read the message below regarding online course evaluation. The PowerPoint slide mentioned in the e-mail is available in PDF form at: http://merlot.usc.edu/cs530-s07/den-eval.pdf -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Thu, 12 Apr 2007 14:48:19 -0700 From: Neil Teixeira To: "'Neil Teixeira'" Cc: "'Binh Tran'" , "'Dominic K. Lau'" Subject: Online Course Evaluations for DEN Sections Dear Professors, The online course evaluations for DEN students are now available. The course evaluation period begins Monday, April 9 and ends Friday, April 27. Please let all the DEN students in these courses know that they can access their online evaluation by logging in to http://den.usc.edu and immediately clicking on the "DEN Tools" link. Please review the attached instructions with your class as well. These evaluations are available for DEN students only. ON CAMPUS STUDENTS SHOULD FILL OUT COURSE EVALUATIONS IN CLASS AS USUAL. As a reminder, this only applies to your DEN sections. DEN courses will have online evaluations for DEN students ONLY, and the traditional paper-based evaluations will need to be distributed to the on-campus students. Attached is an instructional PowerPoint slide that you can post to Blackboard, present to the class, and distribute to your students in any other way. Please go over these instructions with your students and make clear that their feedback is essential and that their responses remain anonymous. ... Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 12 10:28:18 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3CHSIFw015024 for ; Thu, 12 Apr 2007 10:28:18 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3CHQv4q032092 for ; Thu, 12 Apr 2007 10:26:57 -0700 Message-Id: <200704121726.l3CHQv4q032092@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: CS530: Regarding Term Paper Date: Thu, 12 Apr 2007 10:26:57 -0700 From: william@bourbon.usc.edu Someone wrote: > As i have not started working on my term paper, yet. But i am > quite sure that i would need to add some more reference as i am > working on it. So can we add the reference after we have > submitted the proposal. I hope that we will be able to add some > more papers. Sure! But you must submit 3 qualified references for approval by the end of today. If you do not submit anything, you will lose 20 out of 100 points. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 10 23:23:23 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3B6NN5d009269 for ; Tue, 10 Apr 2007 23:23:23 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3B6M8ZX007642 for ; Tue, 10 Apr 2007 23:22:08 -0700 Message-Id: <200704110622.l3B6M8ZX007642@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: proposal for term paper Date: Tue, 10 Apr 2007 23:22:08 -0700 From: william@bourbon.usc.edu Someone wrote: > Can you please provide us with a sample paper. You can think of all the papers by the 5 approved authors as "sample papers". These are all very good papers by which you can model your termpaper. If your paper end up to be nothing like these papers, you should wonder if you wrote a good paper! You can also see the pappers in: http://merlot.usc.edu/cs530-s07/papers.html If you have questions about your termpaper, please feel free to come talk to me. > Also you had said > that quesstion or probs those appeard in midterm wont be repeated > in final. Can you please post the midterm question paper so that > we can skip the things that appeared in midterm since no one > might be remembering the questions. Sorry, I cannot do that. If you end up studying something that was in exam #1 and didn't realize that it was in exam #1, then I think it's time well spent. (My goal is to have you learn as much as you can!) -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 10 23:14:48 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3B6EmFd008636 for ; Tue, 10 Apr 2007 23:14:48 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3B6DWW6007531 for ; Tue, 10 Apr 2007 23:13:32 -0700 Message-Id: <200704110613.l3B6DWW6007531@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Term Paper Proposal Date: Tue, 10 Apr 2007 23:13:32 -0700 From: william@bourbon.usc.edu Someone wrote: > Question, > Am I limited to the references I mentioned on the proposal? > can I change them later or add more? There is no problem with adding references. It is expected that you may add references. You can also change your references which has been approved, but you must do it carefully. If you end up with not enough "approved references", you will lose a lot of points. One way to make sure is to send the new references to me before your final submission so I can check on them. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 10 14:05:39 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3AL5djt029913 for ; Tue, 10 Apr 2007 14:05:39 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3AL4PqN001961 for ; Tue, 10 Apr 2007 14:04:25 -0700 Message-Id: <200704102104.l3AL4PqN001961@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: List of valid references Date: Tue, 10 Apr 2007 14:04:25 -0700 From: william@bourbon.usc.edu Someone wrote: > is it safe to assume that all publications in the DBLP list are valid > references? Hmm... most likely they are. But I wouldn't say for sure. I think some references are put in by hand in DBLP. When in doubt, please send me e-mail (and please be sure to send me *full citation*)! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Apr 9 21:38:42 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3A4cgfS016001 for ; Mon, 9 Apr 2007 21:38:42 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l3A4bUk1022829 for ; Mon, 9 Apr 2007 21:37:30 -0700 Message-Id: <200704100437.l3A4bUk1022829@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: deadline Date: Mon, 09 Apr 2007 21:37:30 -0700 From: william@bourbon.usc.edu Someone wrote: > Can you please let me know when is the deadline for proposal. Please see: http://merlot.usc.edu/cs530-s07/termpaper.html By the way, it says that: Although your proposal will not be graded, you will lose 20 points (out of 100) if you do not submit a proposal that meets the reference requirement by the proposal deadline. Regarding the 20 points mentioned above, if some of your references meet the requirement, you may get partial credit. So, it's not all or nothing. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Apr 8 11:06:34 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l38I6YdQ014508 for ; Sun, 8 Apr 2007 11:06:34 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l38I5RcY030951 for ; Sun, 8 Apr 2007 11:05:27 -0700 Message-Id: <200704081805.l38I5RcY030951@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Class website is down Date: Sun, 08 Apr 2007 11:05:27 -0700 From: william@bourbon.usc.edu Someone wrote: > Could you please check.. it looks like the class web site is down There was a power outage last night around 7:30pm. Apparently, the machine in question did not survive a reboot. I went in and manually rebooted the machine this morning around 9am. Things should be fine now. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Apr 6 08:47:47 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l36FllFm020421 for ; Fri, 6 Apr 2007 08:47:47 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l36FkWRO031618 for ; Fri, 6 Apr 2007 08:46:32 -0700 Message-Id: <200704061546.l36FkWRO031618@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question about location of hash Date: Fri, 06 Apr 2007 08:46:32 -0700 From: william@bourbon.usc.edu Someone wrote: > In a real usage scenario, wouldn't it be better to append the SHA1 > hash of the cleartext to the cleartext, and encrypt that as well. You are talking about the file format that we use in HW4. You are correct that in a real situation, we would not put the SHA1 hash of the original file in the encrypted file. Although in most cases, as long as the hash function you are using is preimage resistant, then putting the hash of the original file in the encrypted file should not be a problem. > In addition to exposing yourself to any weaknesses in the hashing > algorithm, by leaving the SHA1 hash unencrypted, you allow anyone who > can see the encrypted file to be able to do things like prove that you > have a (albeit encrypted) copy of a specific file. > > Ex. Lets say you get access to a secret company document- and you > want to keep it (because its long and you haven't finished reading it) > so you encrypt it- and place it on a shared NFS. If you didn't know > about the implementation of the encryption, you would have no idea > that your boss could tell (by the plainly visible hash) that your > document is the secret company document in question. You are correct that if you do this directly, you can just look at the last 20 bytes of an encrypted file and you will know that the original document is a company secret. But this problem can be easily solved if you prepend or append a nonce before encrypting (and throw away the nonce after you are done). And you are correct that without this modification, there was a weakness. > I guess my point is- people expect that encryption will not reveal > anything to anyone unless they have the key, but here thats not the > case. Is there a name for this kind of weakness? proof-of-content > failure? I don't know what it would be called. But in general, you can say that the scheme did not provide complete confidentiality since some information about the original file is not hidden. But given the properties of a good hash function, you are not leaking much information, except in the special case you mentioned. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Apr 6 08:29:30 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l36FTUJT018975 for ; Fri, 6 Apr 2007 08:29:30 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l36FSGrp031367 for ; Fri, 6 Apr 2007 08:28:16 -0700 Message-Id: <200704061528.l36FSGrp031367@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: CSCI-530 HW4 (A1) grading script Date: Fri, 06 Apr 2007 08:28:16 -0700 From: william@bourbon.usc.edu Someone wrote: > I'm having difficulty trying to understand why my implementation is > producing a Segmentation Fault when tested against the following > Compatibility test (grading guideline): > > # (A1) > ./hw4 sign -so=./libhw4sc.so $srcdir/f0 >! f0.sign > diff $srcdir/f0.sign f0.sign > > My code appears to be crashing after calling the SC_sign() function within > the shared object. I have verified that my SC_Sign_Func pointer is *not* > NULL, the handle I pass the function is *not* NULL, the SHA1 hash I pass the > function is valid, and that I have allocated a large enough buf_return > (determined by SC_get_signature_size()). > > I'm not sure why my code is producing a Segmentation Fault. > Could you maybe provide a hint as to what the above grading > script is trying to check? You need to get into the debugger and find out why you are crashing. If you compile both your smartcard and hw4 with "-g", you should be able to "step" across from your hw4 to the smartcard. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 5 23:47:51 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l366lpum009516 for ; Thu, 5 Apr 2007 23:47:51 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l366kcJi026005 for ; Thu, 5 Apr 2007 23:46:38 -0700 Message-Id: <200704060646.l366kcJi026005@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Bad commandline Date: Thu, 05 Apr 2007 23:46:38 -0700 From: william@bourbon.usc.edu Someone wrote: > Is it ok if we don't show exact same error messages as given > in grading guidelines. The point of error messages is for the user to fix what's wrong and enter a good command. So, as long as it's clear what the problem is, the error message doesn't have to be exact. But it must point to a real problem. > For Ex > ./hw4 verify -so=./libhw4sc.so /bin/ls > (/bin/ls is not generated by the sign command) > > In above error messages, if I don't print the name of file > and just mentioned : > (File is not generated by the sign command) "File" is not very specific! libhw4sc.so is also a file. So, you need to be more specific. By the way, in this example, you can also print something like: Malformed input: /bin/ls > or for this > cp ~csci530/public/hw4/f0 fin > ./hw4 edit -so=./libhw4sc.so fin > /bin/rm -f fin > (should get a SHA1 checksum error or complain > about malformed input file) > > I print: > (File is not generated by the enc command) > (edit failed!) Again, libhw4sc.so is also a file, so "File" is not specific enough for the user to fix the command. > Moreover in my HW4 implementation, I am using 4 parameters > for SC_sign in smartcard and everything is working for me. > I hope its fine to do? I don't know that it means to have a 4 parameter SC_sign. You cannot change the smartcard interface! SC_sign() is defined as: int SC_sign( SmartcardState pSS, unsigned char sha1_buf[SHA_DIGEST_LENGTH], unsigned char *buf_return); You must stick to this! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 5 22:54:08 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l365s8eO005327 for ; Thu, 5 Apr 2007 22:54:08 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l365qsWY025291 for ; Thu, 5 Apr 2007 22:52:54 -0700 Message-Id: <200704060552.l365qsWY025291@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Temp file Date: Thu, 05 Apr 2007 22:52:54 -0700 From: william@bourbon.usc.edu Someone wrote: > Can we use any name to name the temp file? You should call mkstemp(), tempnam(), or equivalent to let the system create a temporary filename for you. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 5 22:52:40 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l365qe23005163 for ; Thu, 5 Apr 2007 22:52:40 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l365pRqD025263 for ; Thu, 5 Apr 2007 22:51:27 -0700 Message-Id: <200704060551.l365pRqD025263@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question about HW4 Date: Thu, 05 Apr 2007 22:51:27 -0700 From: william@bourbon.usc.edu Someone wrote: > I have a couple of questions about HW4. > > 1) > You said, > >It's a very very bad idea to hardcode path. The only thing > >that you probably can hardcode is "/tmp". For anything else, > >you need to do it programmatically. > > However, can we hardcode the file name itself of temporary file? > e.g. "/tmp/temporary.txt" No! You should call mkstemp() or tempnam() or equivalent to create a temporary file. > Looks like this causes no problems. If you have two instances of your program running, it will create problem! > 2) > In "hw4 secret" command, we are asked to use callback function to > report our progress. Could tell me about "callback function" more > specifically? Should we use "bio_set_callback()"? > Or just inserting "fprintf(stderr, "XXXX generating...\n")" to > appropriate places is not enough? Neither! If you do "man RSA_generate_key", the 3rd argument to RSA_generate_key() is a callback function. You should use a callback function there to give user feedback on the progress about RSA_generate_key(). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 5 22:44:17 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l365iHhr004452 for ; Thu, 5 Apr 2007 22:44:17 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l365h4Rx025082 for ; Thu, 5 Apr 2007 22:43:04 -0700 Message-Id: <200704060543.l365h4Rx025082@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: what do these do Date: Thu, 05 Apr 2007 22:43:04 -0700 From: william@bourbon.usc.edu Someone wrote: > Can you please explain following scripts. > > ./hw4 sign -so=/usr/lib/libz.so $srcdir/f0 > > ./hw4 sign -so=/bin/ls $srcdir/f0 > > ./hw4 sign -so=/bin/xyzzy $srcdir/f0 > > ./hw4 edit -so=./libhw4sc.so /usr/bin/xyzz Please ask me more specific questions! Thanks! (By the way, there were explanations right below each of the above commands. I'm not sure why you deleted them.) -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Apr 5 17:27:33 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l360RXQF011678 for ; Thu, 5 Apr 2007 17:27:33 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l360QLMa021735 for ; Thu, 5 Apr 2007 17:26:21 -0700 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l360QLoj021734 for cs530@merlot; Thu, 5 Apr 2007 17:26:21 -0700 Date: Thu, 5 Apr 2007 17:26:21 -0700 From: william@bourbon.usc.edu Message-Id: <200704060026.l360QLoj021734@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Termpaper reference requirement changes and updates... Hi, Someone has sent me a termpaper proposal and it included a paper published in Communications of the ACM, which is basically a technical magazine. The main problem I have with technical magazines is that they usually do not have technical depth. This prompted me to change the termpaper spec to exclude papers published in magazines such as the Communication of the ACM, IEEE Spectrum, IEEE Computer Magazine, etc. Please see the updated spec: http://merlot.usc.edu/cs530-s07/termpaper.html -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Apr 4 22:18:50 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l355IojQ016578 for ; Wed, 4 Apr 2007 22:18:50 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l355Heug009324 for ; Wed, 4 Apr 2007 22:17:40 -0700 Message-Id: <200704050517.l355Heug009324@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: cant understand the script Date: Wed, 04 Apr 2007 22:17:40 -0700 From: william@bourbon.usc.edu Someone wrote: > Can you please tell me what this script for edit is doing: > > # make sure that when you get into the editor, you see > # readable text strings; type the following in "vi": > # :q > # please use "yesnomaybe" as the passphrase for all tests > # here > # > foreach f (10 11 12 13 14) > ./hw4 edit -so=./libhw4sc.so f$f.edit > diff $srcdir/f$f.edit f$f.edit > echo "make sure there's no difference above " > echo -n "press to continue..." > set foo=$< > clear > end > ITs the second script in G1 of edit part. Could you ask a more specific question? (You can also just run the commands by hand, change a few things, and watch what they do.) -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Apr 4 10:33:38 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l34HXb6O025755 for ; Wed, 4 Apr 2007 10:33:37 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l34HWUUk030649 for ; Wed, 4 Apr 2007 10:32:30 -0700 Message-Id: <200704041732.l34HWUUk030649@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: file doesnt exits Date: Wed, 04 Apr 2007 10:32:30 -0700 From: william@bourbon.usc.edu Someone wrote: > I am done with when file exists. > This is for,when the file does not exists. > > bullet 5. says "if modified ask for the passphrase again". If I > move 5 after 1, then at that point of time I dont have file > itselt so what should I check for modification. > > Please correct me if I am wrong. Sorry that I wasn't very clear. In (1), you should ask for the passphrase twice. If they are not the same, you do not continue. (5) and (6) should be combined into: 5. if modified, encryptypt the modified file and write it to give file name -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Wednesday, April 4, 2007 9:02 am Subject: Re: file doesnt exits To: cs530@merlot.usc.edu > Someone wrote: > > > Respected Sir, > > Please tell me if I am right. If the file doesnt exits then > > 1. we ask for passphrase > > 2 if the file doesnot exits proceed as follows > > 3. open editor and allow the user to edit a temporary file > > 4. after editor is closed check if the temp file was modified > > 5. if modified ask for the passphrase again > > 6. encryptypt the modified file and write it to give file name. > > You should move (5) to right after (1). (2) is redundant > since you already said that the first does not exist. If > you are checking if the file exists or not, you should do > that before (1). > -- > Bill Cheng // bill.cheng@usc.edu > Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Apr 4 10:02:07 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l34H27gq023366 for ; Wed, 4 Apr 2007 10:02:07 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l34H0xjN029853 for ; Wed, 4 Apr 2007 10:00:59 -0700 Message-Id: <200704041700.l34H0xjN029853@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: file doesnt exits Date: Wed, 04 Apr 2007 10:00:59 -0700 From: william@bourbon.usc.edu Someone wrote: > Respected Sir, > Please tell me if I am right. If the file doesnt exits then > 1. we ask for passphrase > 2 if the file doesnot exits proceed as follows > 3. open editor and allow the user to edit a temporary file > 4. after editor is closed check if the temp file was modified > 5. if modified ask for the passphrase again > 6. encryptypt the modified file and write it to give file name. You should move (5) to right after (1). (2) is redundant since you already said that the first does not exist. If you are checking if the file exists or not, you should do that before (1). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Apr 4 07:49:01 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l34En1p6012787 for ; Wed, 4 Apr 2007 07:49:01 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l34Elrlt028151 for ; Wed, 4 Apr 2007 07:47:53 -0700 Message-Id: <200704041447.l34Elrlt028151@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: 530 : Hw4 Date: Wed, 04 Apr 2007 07:47:53 -0700 From: william@bourbon.usc.edu Someone wrote: > Is it mandatory to check if the file has been changed when usiing the > EDIT command. Yes. > Whatever temp file i have if i encrypt the same and overwrite the > original file it wont make a difference if the contents have changed or not. > Please let me know if i am looking at things wrongly here You are suppose to check the SHA1 value and see if it has changed. If there is no change, you should not overwrite the file (or create the file in the case where the file does not exist in the first place). Actually, the case where the file does not exist in the first place is a special case. In this case, you will create an empty file (file size is zero) in the temporary file and let the user edit it. If the user simply writes out an empty file (again, file size is zero), should you encrypt an empty file and write it into the specified filename? The answer is no. And the reason for this is due to the "algorithm" I described above. Even though one may argue that encrypting an empty may have value some times, for the sake of this assignment, please stick to doing it this way. This is an deviation from the model of "vi -x". -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Apr 4 07:41:47 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l34EfkZu012144 for ; Wed, 4 Apr 2007 07:41:47 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l34Eedtb028081 for ; Wed, 4 Apr 2007 07:40:39 -0700 Message-Id: <200704041440.l34Eedtb028081@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Bad command line tests Date: Wed, 04 Apr 2007 07:40:39 -0700 From: william@bourbon.usc.edu Someone wrote: > ./hw4 edit -so=./libhw4sc.so /usr/bin/xyzz > > The above command should not allow the to edit /usr/bin/xyzz file. right? You should go through your regular code and catch this problem at appropriate time. The would probably at the time when you try to output your encrypted file and that would be fine. You just need to eventually detect that this command will fail. -- Bill Cheng // bill.cheng@usc.edu On 4/3/07, william@bourbon.usc.edu wrote: > > Someone wrote: > > > about the new bad commandline > > > > > > ./hw4 sign -so=/usr/lib/libz.so $srcdir/f0 (cannot find smartcard > > functions in this library) > > > > ./hw4 sign -so=/bin/ls $srcdir/f0 (bad shared object file, dlopen() > > should fail) > > > > ./hw4 sign -so=/bin/xyzzy $srcdir/f0 (invalid shared object file) > > > > > > my program working fine with the last two command but not with the > first > > one. Once i put the dot after the "=" > > > > it start to work fine !... > > > > > > do not we have to write a dot after the -so= for the shared library ? > > > > to be > > > > -so=./usr/lib/libz.so > > > > rather than > > > > -so=/usr/lib/libz.so > > > > > > or it is an optional thing ? > > "./usr/lib/libz.so" is very different from "/usr/lib/libz.so". > "./usr/lib/libz.so" means start from the current working > directory and look for the "." subdirectory (which is the > current working directory itself) and look for a subdirectory > "usr", etc. This is the same as saying "usr/lib/libz.so". > > "/usr/lib/libz.so" means start from the root ("/") directory > and look for the "usr" subdirectory, etc. This is independent > of where your current working directory is. > -- > Bill Cheng // bill.cheng@usc.edu > > > > william@bourbon.usc.edu wrote: > > > Someone wrote: > > > > > For the below tests, I think a file name is required > for the > > > application to start loading the smartcard library to memory and > output > > > the smartcard related errors. Since these are also malformed > commands, > > > the application never loads the shared library and outputs a > malformed > > > command error for the below tests. > > > > > > ./hw4 sign -so=/usr/lib/libz.so > > > (cannot find smartcard functions in this > library) > > > ./hw4 sign -so=/bin/ls > > > (bad shared object file, dlopen() should fail) > > > ./hw4 sign -so=/bin/xyzzy > > > (invalid shared object file) > > > > Oh! You are correct. I've just updated the grading > > guidelines to add $srcdir/f0 after these 3 cases. Thanks for > > pointing this out. > > -- > > Bill Cheng // bill.cheng@usc.edu http://merlot.usc.edu/william/usc/> Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 3 22:49:56 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l345nurJ002234 for ; Tue, 3 Apr 2007 22:49:56 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l345moJu022856 for ; Tue, 3 Apr 2007 22:48:50 -0700 Message-Id: <200704040548.l345moJu022856@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Bad command line tests Date: Tue, 03 Apr 2007 22:48:50 -0700 From: william@bourbon.usc.edu Someone wrote: > about the new bad commandline > > > ./hw4 sign -so=/usr/lib/libz.so $srcdir/f0 (cannot find smartcard > functions in this library) > > ./hw4 sign -so=/bin/ls $srcdir/f0 (bad shared object file, dlopen() > should fail) > > ./hw4 sign -so=/bin/xyzzy $srcdir/f0 (invalid shared object file) > > > my program working fine with the last two command but not with the first > one. Once i put the dot after the "=" > > it start to work fine !... > > > do not we have to write a dot after the -so= for the shared library ? > > to be > > -so=./usr/lib/libz.so > > rather than > > -so=/usr/lib/libz.so > > > or it is an optional thing ? "./usr/lib/libz.so" is very different from "/usr/lib/libz.so". "./usr/lib/libz.so" means start from the current working directory and look for the "." subdirectory (which is the current working directory itself) and look for a subdirectory "usr", etc. This is the same as saying "usr/lib/libz.so". "/usr/lib/libz.so" means start from the root ("/") directory and look for the "usr" subdirectory, etc. This is independent of where your current working directory is. -- Bill Cheng // bill.cheng@usc.edu william@bourbon.usc.edu wrote: > Someone wrote: > > > For the below tests, I think a file name is required for the > > application to start loading the smartcard library to memory and output > > the smartcard related errors. Since these are also malformed commands, > > the application never loads the shared library and outputs a malformed > > command error for the below tests. > > > > ./hw4 sign -so=/usr/lib/libz.so > > (cannot find smartcard functions in this library) > > ./hw4 sign -so=/bin/ls > > (bad shared object file, dlopen() should fail) > > ./hw4 sign -so=/bin/xyzzy > > (invalid shared object file) > > Oh! You are correct. I've just updated the grading > guidelines to add $srcdir/f0 after these 3 cases. Thanks for > pointing this out. > -- > Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 3 22:44:58 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l345iwPH001860 for ; Tue, 3 Apr 2007 22:44:58 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l345hqYp022792 for ; Tue, 3 Apr 2007 22:43:52 -0700 Message-Id: <200704040543.l345hqYp022792@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: temp dir Date: Tue, 03 Apr 2007 22:43:52 -0700 From: william@bourbon.usc.edu Someone wrote: > DO we need to delete the temporary dir? i.e. $HOME/tmp or we > should delete only the temporary file in it? Only files in it. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 3 22:30:08 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l345U8KK000669 for ; Tue, 3 Apr 2007 22:30:08 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l345T20v022488 for ; Tue, 3 Apr 2007 22:29:02 -0700 Message-Id: <200704040529.l345T20v022488@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: directory Date: Tue, 03 Apr 2007 22:29:02 -0700 From: william@bourbon.usc.edu Someone wrote: > I meant by the naming convention. can i encrypt the file named 'testfile' > and have the same name as 'testfile' instead of testfile.11 (as showin > example on website) If you run: ./hw4 edit -so=./libhw4sc.so testfile the output filename must be "testfile". (In the spec, I use the file names "yesnomaybe.11.hw4" and "yesnomaybe.10.hw4" to show different *versions* of the same file. Sorry about the confusion. I just didn't want to use the same filename in the example. I did not mean that you should use a different filename for output. This should be clear from the grading guidelines.) -- Bill Cheng // bill.cheng@usc.edu On 4/3/07, william@bourbon.usc.edu wrote: > > Someone wrote: > > > For this command > > > > ./hw4 edit -so=./libhw4sc.so testfile > > after completing this command we have to encode same file "testfile" > > or we have to create another > > file called testfile.11 for respective editors ? > > I'm not sure what you meant. If "testfile" does not exist in > the current working directory, you need to create an empty > file in $HOME/tmp and let the user edit it with the editor. > After the user is done, if the file in $HOME/tmp is not > empty, you need to encrypt it and have the output go to > "testfile" in the current working directory. > > If "testfile" exists already in the current working > directory, you should decrypt it and have to output goes to a > temporary file in $HOME/tmp and let the user edit it with the > editor. After the user is done, if the temporary file has > changed, you need to encrypt it and have the output > overwrites "testfile" in the current working directory. > -- > Bill Cheng // bill.cheng@usc.edu > > > > On 4/3/07, william@bourbon.usc.edu wrote: > > > > Someone wrote: > > > > > the directory $HOME/tmp should be created (if it does not > > > exist) by the application? > > > > Correct. > > -- > > Bill Cheng // bill.cheng@usc.edu http://merlot.usc.edu/william/usc/> Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 3 22:16:37 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l345Gbus031918 for ; Tue, 3 Apr 2007 22:16:37 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l345FVSQ022339 for ; Tue, 3 Apr 2007 22:15:31 -0700 Message-Id: <200704040515.l345FVSQ022339@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Bad command line tests Date: Tue, 03 Apr 2007 22:15:31 -0700 From: william@bourbon.usc.edu Someone wrote: > For the below tests, I think a file name is required for the > application to start loading the smartcard library to memory and output > the smartcard related errors. Since these are also malformed commands, > the application never loads the shared library and outputs a malformed > command error for the below tests. > > ./hw4 sign -so=/usr/lib/libz.so > (cannot find smartcard functions in this library) > ./hw4 sign -so=/bin/ls > (bad shared object file, dlopen() should fail) > ./hw4 sign -so=/bin/xyzzy > (invalid shared object file) Oh! You are correct. I've just updated the grading guidelines to add $srcdir/f0 after these 3 cases. Thanks for pointing this out. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 3 22:11:20 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l345BK7f031366 for ; Tue, 3 Apr 2007 22:11:20 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l345AEiM022197 for ; Tue, 3 Apr 2007 22:10:14 -0700 Message-Id: <200704040510.l345AEiM022197@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Testing Script Date: Tue, 03 Apr 2007 22:10:14 -0700 From: william@bourbon.usc.edu Someone worte: > for testing scropt > > ./hw4 verify -so=./libhw4sc.so /bin/ls (/bin/ls is not generated by the sign > command) > how i verify that /bin/ls is not signature file? A signature file, as defined by HW4, must contain a hexstring of length 256. So, you can just read 256 bytes from the input file and make sure every character is a valid hexstring character. If it is, you can convert it to binary and go from there. If not, you can just quit. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 3 22:07:12 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l3457CLW031015 for ; Tue, 3 Apr 2007 22:07:12 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l34566uG022120 for ; Tue, 3 Apr 2007 22:06:06 -0700 Message-Id: <200704040506.l34566uG022120@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: directory Date: Tue, 03 Apr 2007 22:06:06 -0700 From: william@bourbon.usc.edu Someone wrote: > For this command > > ./hw4 edit -so=./libhw4sc.so testfile > after completing this command we have to encode same file "testfile" > or we have to create another > file called testfile.11 for respective editors ? I'm not sure what you meant. If "testfile" does not exist in the current working directory, you need to create an empty file in $HOME/tmp and let the user edit it with the editor. After the user is done, if the file in $HOME/tmp is not empty, you need to encrypt it and have the output go to "testfile" in the current working directory. If "testfile" exists already in the current working directory, you should decrypt it and have to output goes to a temporary file in $HOME/tmp and let the user edit it with the editor. After the user is done, if the temporary file has changed, you need to encrypt it and have the output overwrites "testfile" in the current working directory. -- Bill Cheng // bill.cheng@usc.edu On 4/3/07, william@bourbon.usc.edu wrote: > > Someone wrote: > > > the directory $HOME/tmp should be created (if it does not > > exist) by the application? > > Correct. > -- > Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 3 19:39:35 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l342dZuT019353 for ; Tue, 3 Apr 2007 19:39:35 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l342cUA6020442 for ; Tue, 3 Apr 2007 19:38:30 -0700 Message-Id: <200704040238.l342cUA6020442@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: directory Date: Tue, 03 Apr 2007 19:38:30 -0700 From: william@bourbon.usc.edu Someone wrote: > the directory $HOME/tmp should be created (if it does not > exist) by the application? Correct. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Apr 3 19:37:08 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l342b87j019185 for ; Tue, 3 Apr 2007 19:37:08 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l342a215020345 for ; Tue, 3 Apr 2007 19:36:02 -0700 Message-Id: <200704040236.l342a215020345@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Editor Date: Tue, 03 Apr 2007 19:36:02 -0700 From: william@bourbon.usc.edu Someone wrote: > For the editor, > > Do we need to have the same requirements for encripting the file > as the "enc" part of HW4 (header, SHA1 value at the end, > padding)? Yes. When you do encryption under the "edit" command, the output file must be in the same format as the "enc" command. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Apr 2 22:28:58 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l335SwBe015395 for ; Mon, 2 Apr 2007 22:28:58 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l335Ru2A005331 for ; Mon, 2 Apr 2007 22:27:56 -0700 Message-Id: <200704030527.l335Ru2A005331@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: cs530 hw4 -so=sopath Date: Mon, 02 Apr 2007 22:27:56 -0700 From: william@bourbon.usc.edu Someone wrote: > what is the purpose of having the -so=sopath in the command line? To use different smartcard with your application. > every example and grading guideline i looked at always use libhw4sc.so. I've just changed the grading guidelines to test other values for sopath. > can we assume the shared library will always be libhw4sc.so? No. Your application should work with anything that's compatible. > can we assuem it will always be in the current directory? No. If you don't change your current working directory programmatically, you can simply do a dlopen() on sopath. > or do we have to parse it > out everytime and use whatever library name the user wants? Parsing is very simple here. If arg holds -so=sopath, you can simply do: char *c_ptr=strchr(arg, '='); char *sopath=NULL; if (c_ptr == NULL) return BAD; sopath = ++c_ptr; ... > will the > library ever be in a different directory path then where our program is > running? Yes. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Apr 2 12:11:40 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l32JBePg031833 for ; Mon, 2 Apr 2007 12:11:40 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l32JAd9n028927 for ; Mon, 2 Apr 2007 12:10:39 -0700 Message-Id: <200704021910.l32JAd9n028927@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Separate compilation wrt hw4 Date: Mon, 02 Apr 2007 12:10:39 -0700 From: william@bourbon.usc.edu Someone wrote: > I know separate compilation is a requirement for all assignments, but > I have a question about whether it is ok to put the code that > interfaces with for example "SC_Sign" in hw4.c or whether we should > have a sign.h and sign.c, etc,etc for all different functions in order > to make hw4.c as small as possible. > > I can easily do that, but it seems kind of silly since I'll be doing > the dlopen/dlsym calls in hw4.c, so either I'm stuck making my > SC_Blank_Func pointers global (which academics tend to frown upon) or > I have to keep passing these things around which is a pain. You can decide how you want to break things up. Since we don't really specify that you must use one module per command, you can simply take the "secret" command and put it in another module. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Apr 1 22:13:16 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l325DFgX027947 for ; Sun, 1 Apr 2007 22:13:15 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l325CHu9019498 for ; Sun, 1 Apr 2007 22:12:17 -0700 Message-Id: <200704020512.l325CHu9019498@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: HW 4 Parity check Date: Sun, 01 Apr 2007 22:12:17 -0700 From: william@bourbon.usc.edu Someone wrote: > I have one question regarding implementation. > > we have to set odd parity and check for weak key after retrieving it from > smart card (libhw4sc.so). So we have to set that in > our hw4 application. Am i right ? Correct. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Apr 1 18:49:41 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l321nfZU011916 for ; Sun, 1 Apr 2007 18:49:41 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l321mhKb017176 for ; Sun, 1 Apr 2007 18:48:43 -0700 Message-Id: <200704020148.l321mhKb017176@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: edit Date: Sun, 01 Apr 2007 18:48:43 -0700 From: william@bourbon.usc.edu Someone wrote: > If the file already exits do we need to verify the file if its > valid. Yes. You should use the SHA1 value in the file. > Also to decrypt the file should we ask for the passpharase? You must, since the passphrase is not stored anywhere. > Also IF the content is changed we need to encrypt > the file again. So should we ask for the passphrase again? No. I've mentioned this in a previous e-mail. > here we r asking for passphrase twice when the file exits. You should only ask once if the file already exists. > Or should we use the same passphrase that we used for decrypting > file previously? You should use the same passphrase. -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Sunday, April 1, 2007 10:12 am Subject: Re: edit To: cs530@merlot.usc.edu > Someone wrote: > > > I am usin > > flag =mkdir(filename, S_IRWXU); > > where file name has the complete path still mkdir returns me -1. > > I think it's complaining that your "filename" does not hold > a valid directory. Did you go into the debugger and print > out exactly what your "filename" is right before this call? > > If this directory does not belong to you, then clearly you > cannot do mkdir(). May be you can send me the content of > "filename" right before you call mkdir(). > > You should also try creating the directory in your csh/bash. > Just do "mkdir $filename" where $filename is the content of > your "filename" variable. > > > do I have to change the permission of all the directory which are > > in the path? > > If this directory belongs to you (e.g., it's your ${HOME}/tmp), > since you have permission to create directory in ${HOME}, then > you should have no problem. > -- > Bill Cheng // bill.cheng@usc.edu > > > > ----- Original Message ----- > From: william@bourbon.usc.edu > Date: Saturday, March 31, 2007 9:22 pm > Subject: Re: edit > To: cs530@merlot.usc.edu > > > Someone wrote: > > > > > In the example provided for opening editor, the path for > the file > > > has been hard coded > > > > > > static char > > > gszFileToEdit[]="/home/scf- > 12/csci530/public/hw1/yesterday.txt"; > > > > > can we also hardcode the path as > > > static char gszFileToEdit[]="$HOME/tmp"; > > > > It's a very very bad idea to hardcode path. The only thing > > that you probably can hardcode is "/tmp". For anything else, > > you need to do it programmatically. > > > > By the way, the text that reference this file said: > > > > Here is a sample program that illustrates how to use the > > EDITOR environment variable. > > > > So, the purpose of this code is to illustrate how to use the > > EDITOR environment variable. Please use it as an *hint* and > > don't copy the code. > > > > > wont it create any problem while grading ? > > > > Of course! Please follow the spec and not blindly use code > > from the sample (or from anywhere else)! > > -- > > Bill Cheng // bill.cheng@usc.edu > > Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Apr 1 11:11:49 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l31IBnMe008691 for ; Sun, 1 Apr 2007 11:11:49 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l31IAqjt013067 for ; Sun, 1 Apr 2007 11:10:52 -0700 Message-Id: <200704011810.l31IAqjt013067@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: edit Date: Sun, 01 Apr 2007 11:10:52 -0700 From: william@bourbon.usc.edu Someone wrote: > I am using > flag =mkdir(filename, S_IRWXU); > where file name has the complete path still mkdir returns me -1. I think it's complaining that your "filename" does not hold a valid directory. Did you go into the debugger and print out exactly what your "filename" is right before this call? If this directory does not belong to you, then clearly you cannot do mkdir(). May be you can send me the content of "filename" right before you call mkdir(). You should also try creating the directory in your csh/bash. Just do "mkdir $filename" where $filename is the content of your "filename" variable. > do I have to change the permission of all the directory which are > in the path? If this directory belongs to you (e.g., it's your ${HOME}/tmp), since you have permission to create directory in ${HOME}, then you should have no problem. -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Saturday, March 31, 2007 9:22 pm Subject: Re: edit To: cs530@merlot.usc.edu > Someone wrote: > > > In the example provided for opening editor, the path for the file > > has been hard coded > > > > static char > > gszFileToEdit[]="/home/scf-12/csci530/public/hw1/yesterday.txt"; > > > > can we also hardcode the path as > > static char gszFileToEdit[]="$HOME/tmp"; > > It's a very very bad idea to hardcode path. The only thing > that you probably can hardcode is "/tmp". For anything else, > you need to do it programmatically. > > By the way, the text that reference this file said: > > Here is a sample program that illustrates how to use the > EDITOR environment variable. > > So, the purpose of this code is to illustrate how to use the > EDITOR environment variable. Please use it as an *hint* and > don't copy the code. > > > wont it create any problem while grading ? > > Of course! Please follow the spec and not blindly use code > from the sample (or from anywhere else)! > -- > Bill Cheng // bill.cheng@usc.edu > Return-Path: william@bourbon.usc.edu Delivery-Date: Sat Mar 31 22:22:21 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l315MLGH015056 for ; Sat, 31 Mar 2007 22:22:21 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l315LQYh011562 for ; Sat, 31 Mar 2007 22:21:26 -0700 Message-Id: <200704010521.l315LQYh011562@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: edit Date: Sat, 31 Mar 2007 22:21:26 -0700 From: william@bourbon.usc.edu Someone wrote: > In the example provided for opening editor, the path for the file > has been hard coded > > static char > gszFileToEdit[]="/home/scf-12/csci530/public/hw1/yesterday.txt"; > > can we also hardcode the path as > static char gszFileToEdit[]="$HOME/tmp"; It's a very very bad idea to hardcode path. The only thing that you probably can hardcode is "/tmp". For anything else, you need to do it programmatically. By the way, the text that reference this file said: Here is a sample program that illustrates how to use the EDITOR environment variable. So, the purpose of this code is to illustrate how to use the EDITOR environment variable. Please use it as an *hint* and don't copy the code. > wont it create any problem while grading ? Of course! Please follow the spec and not blindly use code from the sample (or from anywhere else)! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sat Mar 31 08:00:43 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2VF0dZe012174; Sat, 31 Mar 2007 08:00:39 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2VExkPT004425; Sat, 31 Mar 2007 07:59:46 -0700 Message-Id: <200703311459.l2VExkPT004425@bourbon.usc.edu> To: cs551@merlot.usc.edu, cs530@merlot.usc.edu, cs558l@merlot.usc.edu Subject: Re: class web server downtime Saturday morning... Date: Sat, 31 Mar 2007 07:59:46 -0700 From: william@bourbon.usc.edu Hi, The servers apparently automatically came on around 6am when the power came back on. -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Fri, 30 Mar 2007 19:21:47 -0700 From: william@bourbon.usc.edu To: cs551@merlot.usc.edu, cs530@merlot.usc.edu, cs558l@merlot.usc.edu Subject: class web server downtime Saturday morning... Hi, I got the message below about another power shutdown in SAL this Saturday morning between 3:45am and 6:30am. So, I will be shutting down the class web server (merlot) and my e-mail server (bourbon) tonight probably around 10:30pm. So, if you would like to work on something that requires information on the class web server, please make a copy of the web pages. Hopefully, bourbon and merlot will automatically reboot when SAL gets power back around 6:30am tomorrow. If not, I have to come to campus to turn on these servers manually, and that may not happen until Monday. So, it's important to keep copies of web pages if your work this weekend depends on them. Sorry about the short notice. -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Fri, 30 Mar 2007 11:40:14 -0700 From: CS Web Consultant To: cswebmst@usc.edu Subject: IT Alert! Prepare for power shutdown- SAL, PHE, WAH -31st March 20 07 Dear All, FMS will shutdown power in SAL, WAH and PHE between 3:45am and 6:30am on 31st March 2007 (tomorrow). Schedule and details are given in the attached notices. It is recommended that all computers and electrical equipment are shut down to prepare for this scheduled power outage. Thank you, Regards, Vishal Thakkar IT and Web Consultant Computer Science Department, USC SAL and WAH 4:15am to 6:15am PHE 3:45am to 6:30am Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Mar 30 23:17:11 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2V6HBmK022790 for ; Fri, 30 Mar 2007 23:17:11 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2V6GJBP003009 for ; Fri, 30 Mar 2007 23:16:19 -0700 Message-Id: <200703310616.l2V6GJBP003009@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: SC_*() Date: Fri, 30 Mar 2007 23:16:19 -0700 From: william@bourbon.usc.edu Someone wrote: > Pre last email, you mentioned thta the smartcard has limited set > of interfaces, does this mean that we can not add more interfaces > if we need them? ie. if this is true, the verify and edit should > be in the application? All right... Last e-mail before I shutdown the server... You can add more function in the smartcard but they will be useless since your application are not allowed to call them. Your application can only call the listed functions. If an application (written correctly by another person) tries to use your smartcard, how would it know that it should call these extra functions? If your application tries to use a correctly implemented smartcard, you must not expect these extra functions to be present. For "verify", you need to call SC_public_size_query() and SC_public_query() to get the public key from the smartcard and call RSA_public_decrypt() to verify signature. For "edit", you need to call SC_3des_key_gen() to get the IV and keys from the smartcard and do the encryption in the application. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Mar 30 22:49:13 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2V5nDwr020444 for ; Fri, 30 Mar 2007 22:49:13 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2V5mKH8002690 for ; Fri, 30 Mar 2007 22:48:20 -0700 Message-Id: <200703310548.l2V5mKH8002690@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: 3DES Date: Fri, 30 Mar 2007 22:48:20 -0700 From: william@bourbon.usc.edu Someone wrote: > For the 3des encription/decription, we need to send the SHA1 of > the passphrase to the smartcard and it will return > RB1,Rb2,IV,KEY1,KEY2 and KEY3. is this correct? No. Please read the spec. RB1 and RB2 are *secrets* and they should never *leave* the smartcard. > also, the actual > "encryption", padding and formating of the file will be done in > the application or the smartcard (calling DES_ede3_cbc_encrypt)? The smartcard only has a limited set of interface functions (the SC_*() functions). There's no "encrypt with 3DES" interface function. Therefore, "encryption with 3DES" must be done in the application (hw4). > I have the sign working, and it generates the correct data output > (hexstring). But when I "pass" the sign to do the verify it does > not work, I have checked the parameters I pass to the smart card > and they are correct. I read a previouse email that we need to > pass octects and not hex char as in the generated file from > sign(). What exactly do you mean with this? That was about RSA_private_decrypt(). Someone said that the input to this function is "hex char". I was just making a correction that the input to this function is "octets" (which simply means binary data). "Hex char" is not the same as "octets". An "octet" can have a "hex char" representation and you've done that in HW1 when you treated an input file as a binary file. > I do not understand > correctly this part, I am passing the hex value of sign() to the > smartcard, this could be my problem. But how do I pass or > generate the octect? If buf_in[] holds an input hexstring and buf_out[] will hold the output binary data, then for every two characters in buf_in[], you need to convert it to a single byte of binary data and store it into buf_out[]. For example, if the 2 input characters is "5a", you should convert it to 0x5a. You should write a function to do this conversion. By the way, I'm going to shutdown the servers very soon. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Mar 30 19:22:44 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2V2Mexi003770; Fri, 30 Mar 2007 19:22:40 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2V2LlMX032275; Fri, 30 Mar 2007 19:21:47 -0700 Message-Id: <200703310221.l2V2LlMX032275@bourbon.usc.edu> To: cs551@merlot.usc.edu, cs530@merlot.usc.edu, cs558l@merlot.usc.edu Subject: class web server downtime Saturday morning... Date: Fri, 30 Mar 2007 19:21:47 -0700 From: william@bourbon.usc.edu Hi, I got the message below about another power shutdown in SAL this Saturday morning between 3:45am and 6:30am. So, I will be shutting down the class web server (merlot) and my e-mail server (bourbon) tonight probably around 10:30pm. So, if you would like to work on something that requires information on the class web server, please make a copy of the web pages. Hopefully, bourbon and merlot will automatically reboot when SAL gets power back around 6:30am tomorrow. If not, I have to come to campus to turn on these servers manually, and that may not happen until Monday. So, it's important to keep copies of web pages if your work this weekend depends on them. Sorry about the short notice. -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Fri, 30 Mar 2007 11:40:14 -0700 From: CS Web Consultant To: cswebmst@usc.edu Subject: IT Alert! Prepare for power shutdown- SAL, PHE, WAH -31st March 2007 Dear All, FMS will shutdown power in SAL, WAH and PHE between 3:45am and 6:30am on 31st March 2007 (tomorrow). Schedule and details are given in the attached notices. It is recommended that all computers and electrical equipment are shut down to prepare for this scheduled power outage. Thank you, Regards, Vishal Thakkar IT and Web Consultant Computer Science Department, USC SAL and WAH 4:15am to 6:15am PHE 3:45am to 6:30am Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 29 21:48:02 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2U4m23R031171 for ; Thu, 29 Mar 2007 21:48:02 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2U4lDMT011632 for ; Thu, 29 Mar 2007 21:47:13 -0700 Message-Id: <200703300447.l2U4lDMT011632@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: HW 4 - RSA_generate_key Date: Thu, 29 Mar 2007 21:47:13 -0700 From: william@bourbon.usc.edu Someone wrote: > i don't know if anyone else used this function or not, but i think it is > wrong. I think it's not wrong; it's just not what you were expecting! > i used RSA_print_fp(stdout, rsa* keyptr, 0) to look at the > values of the rsa structure and the modulus number appears to print two > leading zeros (00:) on the front. do you know why they put those zeros > there or do you think it is a mistake in the print function? the only > thing i can think of is that they represent the sign of the number, but > it is confusing to have them printed like they are. just thought i'd > bring it up in case anyone else tries this function in these last few > days before the due date. i don't know if it adds numbers to any other > values yet b/c i haven't checked yet, but i wouldn't be surprised. If you count the number of bytes in the output of RSA_print_fp(), you will see that it's outputing 129 bytes, while the key size we use is 128 bytes. So, clearly there is nothing wrong with adding a leading byte of 0x00. I have no idea why it's done this way. May be it's some kind of a convention. -- Bill Cheng // bill.cheng@usc.edu william@bourbon.usc.edu wrote: > Someone wrote: > > > I also have one confusion regarding to private key. > > > > As we generate private key using RSA_generate_key, but it does not > > contain private key . instead of that it use some encoding form. > > Yes, it uses something called BIGNUM. > > > what we have to use ? > > Please see the OpenSSL page on BIGNUM: > > http://www.openssl.org/docs/crypto/bn.html > > There are a few conversion routines there for converting > BIGNUM to and from a few other formats (such as binary, > decimal, and hex). > > > Like RSA structure contain many values > > rsa_st > > { > > n > > e > > d > > } > > which is private key ? > > Well, part of this exercise is to read through some OpenSSL > documentation to learn about all this. You need to explore > a little more! > > Also, I'm hoping that by the time you've finished studying > for exam #1, you would have known the answer! :-) > -- > Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 29 15:55:57 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2TMtvc0002814 for ; Thu, 29 Mar 2007 15:55:57 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2TMt972006589 for ; Thu, 29 Mar 2007 15:55:09 -0700 Message-Id: <200703292255.l2TMt972006589@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Regarding Research papers Date: Thu, 29 Mar 2007 15:55:09 -0700 From: william@bourbon.usc.edu Someone wrote: > I have a doubt regarding the research papers you have provided on > the class website. Are those also a part of the syllabus for the > final exam? Or are they for reference only? Well, the ones that are not marked as "supplementary" are *required reading* for this class. This means that if you take a class that has CS 530 as a prerequisite, it is reasonable to expect that you have read these papers since you have completed the course. Of course, I cannot ask question on every topic that is required reading. My exam questions usually come from the lectures (as you have seen in Exam 1). So, most likely, Exam 2 will not ask questions from these papers on parts that are not explicitly covered in lectures. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Mar 28 10:25:29 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2SHPT5Q023698 for ; Wed, 28 Mar 2007 10:25:29 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2SHOjw2015730 for ; Wed, 28 Mar 2007 10:24:45 -0700 Message-Id: <200703281724.l2SHOjw2015730@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: CS530 hw4 secret output Date: Wed, 28 Mar 2007 10:24:45 -0700 From: william@bourbon.usc.edu Someone wrote: > I wanted the clarify the output of the "hw4 secret" operation. > Specifically, should the default output go to stdout (user must redirect > stdout to "secret.c")? > Or should the program attempt to create/overwrite > "secret.c" directly? Please see my message with timestamp "Mon 26 Mar 2007 20:47" for answer to exactly the same question! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Mar 27 21:58:49 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2S4wngq029143 for ; Tue, 27 Mar 2007 21:58:49 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2S4w7uW007180 for ; Tue, 27 Mar 2007 21:58:07 -0700 Message-Id: <200703280458.l2S4w7uW007180@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Reg: HW4 Edit Date: Tue, 27 Mar 2007 21:58:07 -0700 From: william@bourbon.usc.edu Someone wrote: > On a doc change, I'm asking the user to enter the passphrase again so that > it can be saved under a different passphrase if required. I'm hoping that is > okay. Please let me know if that is not the case. This is not a good way to go since changing passphrase does not happen often. Please stick to what was discussed. (By the way, this is the style in "vi". If you do "vi -x", the interaction would be the same as what we are doing.) -- Bill Cheng // bill.cheng@usc.edu On 3/27/07, william@bourbon.usc.edu wrote: > > Someone wrote: > > > I just wanted get clarified with the steps needed for the 'edit' option > > of hw4. > > > > I have mentioned out the steps. > > //If the file exists get the passphrase. If the passphrase is right, > > //Unencrypt the file contents to a temporary file. > > //Allow the user to edit the contents of the temporary file. > > //At the end of the user actions, check if there is any change > > in the temporary file by calculating the digest. If there is change, > > save the temporary file encrypted into the actual file. Else discard > > the temporary file. > > //If the passphrase is wrong, exit immediately. > > > > //If the file doesnt exist already, get the passphrase for the new file. > > Go through the user's actions. Save it back in encrypted form. > > > > Kindly tell me if am getting the order right especially first getting > > the passphrase and then proceeding. > > Looks right to me! > -- > Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Mar 27 15:06:43 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2RM6h5m028541 for ; Tue, 27 Mar 2007 15:06:43 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2RM62Aa002831 for ; Tue, 27 Mar 2007 15:06:02 -0700 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l2RM628B002830 for cs530@merlot; Tue, 27 Mar 2007 15:06:02 -0700 Date: Tue, 27 Mar 2007 15:06:02 -0700 From: william@bourbon.usc.edu Message-Id: <200703272206.l2RM628B002830@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: HW4: secrets must never leave the smartcard Hi, I've just added the following item in the Miscellaneous Requirements and Hints section of the spec: [BC: Added 3/27/2007] You must *not* include "secret.c" in your application. You must *only* include "secret.c" in your smartcard since the main idea of a smartcard is that *secrets must never leave the smartcard*. The above has always been implied for HW4. I'm just making it explicit because I noticed that some students are including the secret in the application! So, please do not do that because it violates the whole idea of a smartcard. I've also added the following to the grading guidelines: Please do this first: Do a "grep 'secret.c' *.c* *.h*" and see what files are #include "secret.c". The only source or header file that is allowed to #include "secret.c" is the smartcard source file. If any other file is including "secret.c", skip all the positive points. All these do not really change the spec. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Mar 27 14:49:57 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2RLnvB0027027 for ; Tue, 27 Mar 2007 14:49:57 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2RLnGSG002613 for ; Tue, 27 Mar 2007 14:49:16 -0700 Message-Id: <200703272149.l2RLnGSG002613@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Reg: HW4 Edit Date: Tue, 27 Mar 2007 14:49:16 -0700 From: william@bourbon.usc.edu Someone wrote: > I just wanted get clarified with the steps needed for the 'edit' option > of hw4. > > I have mentioned out the steps. > //If the file exists get the passphrase. If the passphrase is right, > //Unencrypt the file contents to a temporary file. > //Allow the user to edit the contents of the temporary file. > //At the end of the user actions, check if there is any change > in the temporary file by calculating the digest. If there is change, > save the temporary file encrypted into the actual file. Else discard > the temporary file. > //If the passphrase is wrong, exit immediately. > > //If the file doesnt exist already, get the passphrase for the new file. > Go through the user's actions. Save it back in encrypted form. > > Kindly tell me if am getting the order right especially first getting > the passphrase and then proceeding. Looks right to me! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 26 20:48:28 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2R3mSTj005878 for ; Mon, 26 Mar 2007 20:48:28 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2R3loob023973 for ; Mon, 26 Mar 2007 20:47:50 -0700 Message-Id: <200703270347.l2R3loob023973@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: CS530 hw4 secret output Date: Mon, 26 Mar 2007 20:47:50 -0700 From: william@bourbon.usc.edu Someone wrote: > I wanted the clarify the output of the "hw4 secret" operation. > Specifically, should the default output go to stdout (user must redirect > stdout to "secret.c")? Yes. > Or should the program attempt to create/overwrite > "secret.c" directly? It's very bad to hardcode any file name. So, this should never be the case for any of my assignments! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 26 10:29:28 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2QHTS7N021952 for ; Mon, 26 Mar 2007 10:29:28 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2QHPwir017928 for ; Mon, 26 Mar 2007 10:25:59 -0700 Message-Id: <200703261725.l2QHPwir017928@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question on compatibility test Date: Mon, 26 Mar 2007 10:25:58 -0700 From: william@bourbon.usc.edu So, there was an inconsistency between the spec and the my library (~csci530/public/hw4/libhw9sc.so). After looking at it a bit more, I've decided to *change the spec*! [BC: Modified 3/26/2007] Please do *not* set parity bits and do *not* check for DES weak keys. (That is the responsiblity of an application that uses the smartcard.) So, please set parity bits and check for DES weak keys in the application. I have extended the HW4 submission deadline by one day for this change. -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Sun, 25 Mar 2007 23:58:39 -0700 From: william@bourbon.usc.edu To: cs530@merlot.usc.edu Subject: Re: Question on compatibility test Someone wrote: > In running the compatibility test labeled D1, E1 and F1, > it appears that the keys passed from the smartcard is not set to odd > parity. According to the spec., the smartcard is supposed to set parity > bits and return the keys. (page 5 under secret key generation). Should > the hw4 application set the parity bits if it is not set by the > smartcard?. Please let me know. I think you are correct. I'll check these tomorrow and fix them if they are wrong. I'll send an update tomorrow afternoon. Thanks! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 26 00:02:08 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2Q7275j004698 for ; Mon, 26 Mar 2007 00:02:07 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2Q6wdNB011716 for ; Sun, 25 Mar 2007 23:58:39 -0700 Message-Id: <200703260658.l2Q6wdNB011716@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question on compatibility test Date: Sun, 25 Mar 2007 23:58:39 -0700 From: william@bourbon.usc.edu Someone wrote: > In running the compatibility test labeled D1, E1 and F1, > it appears that the keys passed from the smartcard is not set to odd > parity. According to the spec., the smartcard is supposed to set parity > bits and return the keys. (page 5 under secret key generation). Should > the hw4 application set the parity bits if it is not set by the > smartcard?. Please let me know. I think you are correct. I'll check these tomorrow and fix them if they are wrong. I'll send an update tomorrow afternoon. Thanks! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sat Mar 24 15:50:17 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2OMoHVV016551 for ; Sat, 24 Mar 2007 15:50:17 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2OMkrRx031842 for ; Sat, 24 Mar 2007 15:46:53 -0700 Message-Id: <200703242246.l2OMkrRx031842@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: hw4-enc Date: Sat, 24 Mar 2007 15:46:53 -0700 From: william@bourbon.usc.edu Someone wrote: > In Secret Key Generation, > The Smartcard stores 2 set of random bits. Each of these random > bits is 20 bytes long (same size as SHA1). Let's call them RB1 > and RB2. Given an input SHA1 value (let's call this X), you must > compute Y=SHA1(X+RB1) and Z=SHA1(Y+RB2), where + is the > concatenation operator. > > What is X. Is it the sha1 of the passphrase. For the smartcard, it's just the 2nd argument to SC_3des_key_gen(). For "hw4", it's the SHA1 hash of the passphrase. Please see the 3rd paragraph in the "Encryhpted File Format" section of the spec. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Mar 23 22:22:35 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2O5MZH0030986 for ; Fri, 23 Mar 2007 22:22:35 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2O5JFbE022222 for ; Fri, 23 Mar 2007 22:19:15 -0700 Message-Id: <200703240519.l2O5JFbE022222@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: hw4 Date: Fri, 23 Mar 2007 22:19:15 -0700 From: william@bourbon.usc.edu Someone wrote: > How to run the script below > > In Sign then Verify using student's program: > the spec says: > > make sure the signatures are different from what's > # in $srcdir, if any of the signatures are the same > # as what's in $srcdir, the tests in (C2) were invalid > # and a total of zero point should be given to (C2) diff f1.sign $srcdir/f1.sign diff f3.sign $srcdir/f3.sign diff f5.sign $srcdir/f5.sign diff f7.sign $srcdir/f7.sign diff f9.sign $srcdir/f9.sign -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Mar 23 22:16:38 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2O5Gc26030482 for ; Fri, 23 Mar 2007 22:16:38 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2O5DIZF022103 for ; Fri, 23 Mar 2007 22:13:18 -0700 Message-Id: <200703240513.l2O5DIZF022103@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: hw4 Date: Fri, 23 Mar 2007 22:13:18 -0700 From: william@bourbon.usc.edu Someone wrote: > In Sign then Verify using student's program: > the spec says: > > make sure the signatures are different from what's > # in $srcdir, if any of the signatures are the same > # as what's in $srcdir, the tests in (C2) were invalid > # and a total of zero point should be given to (C2) > what does that mean. The f$f.sign file should be different from $srcdir/f$f.sign, for $f being 1, 3, 5, 7, and 9. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Mar 23 13:50:28 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2NKoSxA022911 for ; Fri, 23 Mar 2007 13:50:28 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2NKl9Te016079 for ; Fri, 23 Mar 2007 13:47:09 -0700 Message-Id: <200703232047.l2NKl9Te016079@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: RSA_private_encrypt() Date: Fri, 23 Mar 2007 13:47:09 -0700 From: william@bourbon.usc.edu Someone wrote: > Below I am trying to invoke RSA_private_encrypt. > > RSA* rsa = (RSA*)HW4_rsa_private_key; > int q = RSA_private_encrypt(20, sha1_file, buf_return, rsa , > RSA_PKCS1_PADDING); > > I am getting bus error by this. I checked sha1_file and > buf_return they are not NULL. I print HW4_rsa_private_key too and > it is coming same as of secret.c. > Please suggest me where I am going wrong. The data type for HW4_rsa_private_key is (unsigned char *). It's not compatible with (RSA*) in RSA_private_encrypt(). You need to create an RSA pointer using RSA_new(). Then you need to figure out a way to set a few fields in this structure so that it is suitable for calling RSA_private_encrypt(). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 22 23:00:51 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2N60p6h016762 for ; Thu, 22 Mar 2007 23:00:51 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2N5vXGm006051 for ; Thu, 22 Mar 2007 22:57:33 -0700 Message-Id: <200703230557.l2N5vXGm006051@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: hw4 Date: Thu, 22 Mar 2007 22:57:33 -0700 From: william@bourbon.usc.edu Someone wrote: > When I am verifying the hash using the file the script run properly. > but when I run the verify without file, I open the stdin, using > fp=fdopen(0,"rb"); > and pass the file pointer the same function which I use with file. Actually, the would be the same as saying: fp = stdin; > I cant make out whats the error with this . Can you give me any hint. Looks like you are doing it correctly. You assign fp to be either stdin or a file stream pointer so you can use identical code to process the input. I have no idea what could be wrong. I think you should try a very small file (say a 1 byte long binary file) and find out exactly what data you are feeding to SHA1_*() and see if you are feeding different data. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 22 10:23:16 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2MHNGp1021583 for ; Thu, 22 Mar 2007 10:23:16 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2MHIr6D029367 for ; Thu, 22 Mar 2007 10:18:53 -0700 Message-Id: <200703221718.l2MHIr6D029367@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: HW4 compiling error Date: Thu, 22 Mar 2007 10:18:53 -0700 From: william@bourbon.usc.edu Someone wrote: > I received these two errors at compilation, originating from > the libcrypto executable files that we include: > nunki.usc.edu(8): make hw4 > gcc -g -Wall -I/home/scf-22/csci551b/openssl/include -o hw4 > hw4.c sign.o make_secret.o -ldl -lcrypto > -L/home/scf-22/csci551b/openssl/lib > Undefined first referenced > symbol in file > socket /home/scf-22/csci551b/openssl/lib/libcrypto.a(rand_egd.o) > connect /home/scf-22/csci551b/openssl/lib/libcrypto.a(rand_egd.o) > ld: fatal: Symbol referencing errors. No output written to hw4 > collect2: ld returned 1 exit status > *** Error code 1 > make: Fatal error: Command failed for target `hw4' > > Any idea how to resolve this? I was hoping it was simply a > placement of the flags and sources, but they haven't resolved much. I think you need to add "-lsocket -lnsl" before "-ldl -lcrypto". This is one of the strangeness of Solaris. On Linux, "-lsocket" is always added automatically (just like "-lc"). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Mar 21 22:43:25 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2M5hPar030952 for ; Wed, 21 Mar 2007 22:43:25 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2M5d3iT021933 for ; Wed, 21 Mar 2007 22:39:03 -0700 Message-Id: <200703220539.l2M5d3iT021933@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Passpharse in test script Date: Wed, 21 Mar 2007 22:39:03 -0700 From: william@bourbon.usc.edu Someone wrote: > The passphrase for G1 ( the edit command) in the compatability test is not > specified. It works with yesnomaybe. Is this what I need to use? Correct. You need to go back to (G1) and see that the passphrase is "yesnomaybe". -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Mar 20 10:38:41 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2KHcfKD021281 for ; Tue, 20 Mar 2007 10:38:41 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2KHYP97027895 for ; Tue, 20 Mar 2007 10:34:25 -0700 Message-Id: <200703201734.l2KHYP97027895@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: seg fault Date: Tue, 20 Mar 2007 10:34:25 -0700 From: william@bourbon.usc.edu Someone wrote: > i've had problems like this before and it turned out to be a > quota problem. maybe check that. i think the command is: > > quota -v Hmm... interesting! -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Monday, March 19, 2007 3:27 pm Subject: Re: seg fault To: cs530@merlot.usc.edu > Someone wrote: > > > I havent changed anything in the code.... I just checked and > > it seems that it cannot open the shared library in hw4.c as > > NULL is returned.... > > > > this is what I'm doing rigth now: > > > > make hw4 > > make smartcard > > hw4 > > > > >>segmentation fault > > Hmm... I'm not getting a NULL pointer when loading the > shared library. I cannot think of anything that can > cause this problem. You probably should come to my > office hour tomorrow and show this to me. > > If anyone else is getting the same thing (without modifying > any of the code from the spec), please let me know. > -- > Bill Cheng // bill.cheng@usc.edu > > > ----- Original Message ----- > From: william@bourbon.usc.edu > Date: Monday, March 19, 2007 4:11 pm > Subject: Re: RSA_private_encrypt > To: cs530@merlot.usc.edu > > > Someone wrote: > > > > > I'm getting a segmentation fault when i try to run just > > > "hw4". What am I doing here? > > > > I just tried it on nunki and it seemed to work. Could you get > > into the debugger and see where it seg faults? > > -- > > Bill Cheng // bill.cheng@usc.edu > > > > > > > > > > ----- Original Message ----- > > From: william@bourbon.usc.edu > > Date: Monday, March 19, 2007 3:02 pm > > Subject: Re: RSA_private_encrypt > > To: cs530@merlot.usc.edu > > > > > I guess there was a misunderstanding about what a "working > sample" > > meant in the HW4 spec. I just added a note in: > > > > > > http://merlot.usc.edu/cs530-s07/homeworks/hw4/#working > > > > > > to say: > > > > > > [BC: Paragraph added 3/19/2007] > > > By working, it simply means that the sample code can be > > > compiled and run. You are expected to change most of the > code > > to make it work according to this spec. > > > -- > > > Bill Cheng // bill.cheng@usc.edu > > > > > > > > > > > > -----Original Message----- > > > Date: Mon, 19 Mar 2007 12:51:13 -0700 > > > From: william@bourbon.usc.edu > > > To: cs530@merlot.usc.edu > > > Subject: Re: RSA_private_encrypt > > > > > > Someone wrote: > > > > > > > This is the defination which you have provided us. > > > > > > > > SmartcardState SC_init(void) > > > > { > > > > unsigned char *sha1_buf=NULL; > > > > > > > > /* > > > > * Here's some weird code. You should replace > this with > > > > * something useful if you'd like. > > > > */ > > > > sha1_buf = (unsigned char *)malloc(SHA_DIGEST_LENGTH); > > > > if (sha1_buf != NULL) { > > > > memset(sha1_buf, 0, SHA_DIGEST_LENGTH); > > > > SHA1(HW4_rsa_private_key, > > HW4_rsa_private_key_size, > > > sha1_buf); > } > > > > return (SmartcardState)sha1_buf; > > > > } > > > > > > > > Now when I define SC_sign if I write the following > > functionn and > > > > give a call to sha1_buf, buf_return, keypair, > > > RSA_PKCS1_PADDING); > then the data in the buf_return > > doesnt > > > change(i.e doesnt get > > > > digitally signed ) since we are using the same buffer > in both > > > > SC_init and SC_sign. > > > > > > > > SmartcardState SC_sign(parameters) > > > > { > > > > unsigned char *sha1_buf=NULL; > > > > > > > > /* > > > > * Here's some weird code. You should replace > this with > > > > * something useful if you'd like. > > > > */ > > > > sha1_buf = (unsigned char *)malloc(SHA_DIGEST_LENGTH); > > > > if (sha1_buf != NULL) { > > > > memset(sha1_buf, 0, SHA_DIGEST_LENGTH); > > > > SHA1(HW4_rsa_private_key, > > HW4_rsa_private_key_size, > > > sha1_buf); > } > > > > return (SmartcardState)sha1_buf; > > > > } > > > > > > The sample SC_init() is just some *random code* I wrote > > > (mostly to illustrate that SmartcardState can be anything. > > > You can return NULL if your other functions do not need > > > any SmartcardState. > > > > > > The sample SC_sign() is also just some *random code* I wrote. > > > You are suppose to rewrite it to make it work in your > smartcard. > > -- > > > Bill Cheng // bill.cheng@usc.edu > > > > > > > > > > > > ----- Original Message ----- > > > From: william@bourbon.usc.edu > > > Date: Monday, March 19, 2007 11:40 am > > > Subject: Re: RSA_private_encrypt > > > To: cs530@merlot.usc.edu > > > > > > > Someone wrote: > > > > > > > > > Actually I was using RSA_private_encrypt() , sorry > fo > > r > > > that. But > > > > > the problem was that I had declared and was using > > the same > > > > > buffer as used for SC_init() function. > > > > > > > > I'm not sure what you meant by using the same buffer > as used > > > > for SC_init(). Why can't use a different buffer and > why does > > > > SC_init() use a buffer? > > > > -- > > > > Bill Cheng // bill.cheng@usc.edu > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > From: william@bourbon.usc.edu > > > > Date: Monday, March 19, 2007 9:57 am > > > > Subject: Re: RSA_private_encrypt > > > > To: cs530@merlot.usc.edu > > > > > > > > > Someone wrote: > > > > > > > > > > > After calling the function flag1 = > > > RSA_private_encrypt(flen, > > > sha1_buf, buf_return, > > > keypair, RSA_PKCS1_PADDING); > > > > > > when I try to printt the value of buf_return , > it > > remains > > > > constant for all the files. It becos > there > > is no > > > > randomness ?? > > > > > > > > > > RSA_private_encrypt() just encrypts with the > private > > key, > > > i.e., > > it just computes m^d mod n (where "^" denotes > > > exponentiation). > > This is a deterministic operation. > > > > > > > > > > I'm not sure about RSA_sign() though; may be it > adds a > > nonce > > > when signing. That's why we specify "sign" > in > > HW4 using > > > > > RSA_private_encrypt() so that we can grade it. > > > > > -- > > > > > Bill Cheng // bill.cheng@usc.edu > > > > > Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 19 15:29:27 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2JMTR0w027281 for ; Mon, 19 Mar 2007 15:29:27 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2JMPDX9013533 for ; Mon, 19 Mar 2007 15:25:13 -0700 Message-Id: <200703192225.l2JMPDX9013533@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: seg fault Date: Mon, 19 Mar 2007 15:25:13 -0700 From: william@bourbon.usc.edu Someone wrote: > I havent changed anything in the code.... I just checked and > it seems that it cannot open the shared library in hw4.c as > NULL is returned.... > > this is what I'm doing rigth now: > > make hw4 > make smartcard > hw4 > > >>segmentation fault Hmm... I'm not getting a NULL pointer when loading the shared library. I cannot think of anything that can cause this problem. You probably should come to my office hour tomorrow and show this to me. If anyone else is getting the same thing (without modifying any of the code from the spec), please let me know. -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Monday, March 19, 2007 4:11 pm Subject: Re: RSA_private_encrypt To: cs530@merlot.usc.edu > Someone wrote: > > > I'm getting a segmentation fault when i try to run just > > "hw4". What am I doing here? > > I just tried it on nunki and it seemed to work. Could you get > into the debugger and see where it seg faults? > -- > Bill Cheng // bill.cheng@usc.edu > > > > > ----- Original Message ----- > From: william@bourbon.usc.edu > Date: Monday, March 19, 2007 3:02 pm > Subject: Re: RSA_private_encrypt > To: cs530@merlot.usc.edu > > > I guess there was a misunderstanding about what a "working sample" > > meant in the HW4 spec. I just added a note in: > > > > http://merlot.usc.edu/cs530-s07/homeworks/hw4/#working > > > > to say: > > > > [BC: Paragraph added 3/19/2007] > > By working, it simply means that the sample code can be > > compiled and run. You are expected to change most of the code > > to make it work according to this spec. > > -- > > Bill Cheng // bill.cheng@usc.edu > > > > > > > > -----Original Message----- > > Date: Mon, 19 Mar 2007 12:51:13 -0700 > > From: william@bourbon.usc.edu > > To: cs530@merlot.usc.edu > > Subject: Re: RSA_private_encrypt > > > > Someone wrote: > > > > > This is the defination which you have provided us. > > > > > > SmartcardState SC_init(void) > > > { > > > unsigned char *sha1_buf=NULL; > > > > > > /* > > > * Here's some weird code. You should replace this with > > > * something useful if you'd like. > > > */ > > > sha1_buf = (unsigned char *)malloc(SHA_DIGEST_LENGTH); > > > if (sha1_buf != NULL) { > > > memset(sha1_buf, 0, SHA_DIGEST_LENGTH); > > > SHA1(HW4_rsa_private_key, > HW4_rsa_private_key_size, > > sha1_buf); > } > > > return (SmartcardState)sha1_buf; > > > } > > > > > > Now when I define SC_sign if I write the following > functionn and > > > give a call to sha1_buf, buf_return, keypair, > > RSA_PKCS1_PADDING); > then the data in the buf_return > doesnt > > change(i.e doesnt get > > > digitally signed ) since we are using the same buffer in both > > > SC_init and SC_sign. > > > > > > SmartcardState SC_sign(parameters) > > > { > > > unsigned char *sha1_buf=NULL; > > > > > > /* > > > * Here's some weird code. You should replace this with > > > * something useful if you'd like. > > > */ > > > sha1_buf = (unsigned char *)malloc(SHA_DIGEST_LENGTH); > > > if (sha1_buf != NULL) { > > > memset(sha1_buf, 0, SHA_DIGEST_LENGTH); > > > SHA1(HW4_rsa_private_key, > HW4_rsa_private_key_size, > > sha1_buf); > } > > > return (SmartcardState)sha1_buf; > > > } > > > > The sample SC_init() is just some *random code* I wrote > > (mostly to illustrate that SmartcardState can be anything. > > You can return NULL if your other functions do not need > > any SmartcardState. > > > > The sample SC_sign() is also just some *random code* I wrote. > > You are suppose to rewrite it to make it work in your smartcard. > > -- > > Bill Cheng // bill.cheng@usc.edu > > > > > > > > ----- Original Message ----- > > From: william@bourbon.usc.edu > > Date: Monday, March 19, 2007 11:40 am > > Subject: Re: RSA_private_encrypt > > To: cs530@merlot.usc.edu > > > > > Someone wrote: > > > > > > > Actually I was using RSA_private_encrypt() , sorry fo > r > > that. But > > > > the problem was that I had declared and was using > the same > > > > buffer as used for SC_init() function. > > > > > > I'm not sure what you meant by using the same buffer as used > > > for SC_init(). Why can't use a different buffer and why does > > > SC_init() use a buffer? > > > -- > > > Bill Cheng // bill.cheng@usc.edu > > > > > > > > > > > > ----- Original Message ----- > > > From: william@bourbon.usc.edu > > > Date: Monday, March 19, 2007 9:57 am > > > Subject: Re: RSA_private_encrypt > > > To: cs530@merlot.usc.edu > > > > > > > Someone wrote: > > > > > > > > > After calling the function flag1 = > > RSA_private_encrypt(flen, > > > sha1_buf, buf_return, > > keypair, RSA_PKCS1_PADDING); > > > > > when I try to printt the value of buf_return , it > remains > > > > constant for all the files. It becos there > is no > > > randomness ?? > > > > > > > > RSA_private_encrypt() just encrypts with the private > key, > > i.e., > > it just computes m^d mod n (where "^" denotes > > exponentiation). > > This is a deterministic operation. > > > > > > > > I'm not sure about RSA_sign() though; may be it adds a > nonce > > > when signing. That's why we specify "sign" in > HW4 using > > > > RSA_private_encrypt() so that we can grade it. > > > > -- > > > > Bill Cheng // bill.cheng@usc.edu > > > > Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 19 14:13:29 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2JLDTPo021274 for ; Mon, 19 Mar 2007 14:13:29 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2JL9FJr012424 for ; Mon, 19 Mar 2007 14:09:15 -0700 Message-Id: <200703192109.l2JL9FJr012424@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: RSA_private_encrypt Date: Mon, 19 Mar 2007 14:09:15 -0700 From: william@bourbon.usc.edu Someone wrote: > I'm getting a segmentation fault when i try to run just > "hw4". What am I doing here? I just tried it on nunki and it seemed to work. Could you get into the debugger and see where it seg faults? -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Monday, March 19, 2007 3:02 pm Subject: Re: RSA_private_encrypt To: cs530@merlot.usc.edu > I guess there was a misunderstanding about what a "working sample" > meant in the HW4 spec. I just added a note in: > > http://merlot.usc.edu/cs530-s07/homeworks/hw4/#working > > to say: > > [BC: Paragraph added 3/19/2007] > By working, it simply means that the sample code can be > compiled and run. You are expected to change most of the code > to make it work according to this spec. > -- > Bill Cheng // bill.cheng@usc.edu > > > > -----Original Message----- > Date: Mon, 19 Mar 2007 12:51:13 -0700 > From: william@bourbon.usc.edu > To: cs530@merlot.usc.edu > Subject: Re: RSA_private_encrypt > > Someone wrote: > > > This is the defination which you have provided us. > > > > SmartcardState SC_init(void) > > { > > unsigned char *sha1_buf=NULL; > > > > /* > > * Here's some weird code. You should replace this with > > * something useful if you'd like. > > */ > > sha1_buf = (unsigned char *)malloc(SHA_DIGEST_LENGTH); > > if (sha1_buf != NULL) { > > memset(sha1_buf, 0, SHA_DIGEST_LENGTH); > > SHA1(HW4_rsa_private_key, HW4_rsa_private_key_size, > sha1_buf); > } > > return (SmartcardState)sha1_buf; > > } > > > > Now when I define SC_sign if I write the following functionn and > > give a call to sha1_buf, buf_return, keypair, > RSA_PKCS1_PADDING); > then the data in the buf_return doesnt > change(i.e doesnt get > > digitally signed ) since we are using the same buffer in both > > SC_init and SC_sign. > > > > SmartcardState SC_sign(parameters) > > { > > unsigned char *sha1_buf=NULL; > > > > /* > > * Here's some weird code. You should replace this with > > * something useful if you'd like. > > */ > > sha1_buf = (unsigned char *)malloc(SHA_DIGEST_LENGTH); > > if (sha1_buf != NULL) { > > memset(sha1_buf, 0, SHA_DIGEST_LENGTH); > > SHA1(HW4_rsa_private_key, HW4_rsa_private_key_size, > sha1_buf); > } > > return (SmartcardState)sha1_buf; > > } > > The sample SC_init() is just some *random code* I wrote > (mostly to illustrate that SmartcardState can be anything. > You can return NULL if your other functions do not need > any SmartcardState. > > The sample SC_sign() is also just some *random code* I wrote. > You are suppose to rewrite it to make it work in your smartcard. > -- > Bill Cheng // bill.cheng@usc.edu > > > > ----- Original Message ----- > From: william@bourbon.usc.edu > Date: Monday, March 19, 2007 11:40 am > Subject: Re: RSA_private_encrypt > To: cs530@merlot.usc.edu > > > Someone wrote: > > > > > Actually I was using RSA_private_encrypt() , sorry fo r > that. But > > > the problem was that I had declared and was using the same > > > buffer as used for SC_init() function. > > > > I'm not sure what you meant by using the same buffer as used > > for SC_init(). Why can't use a different buffer and why does > > SC_init() use a buffer? > > -- > > Bill Cheng // bill.cheng@usc.edu > > > > > > > > ----- Original Message ----- > > From: william@bourbon.usc.edu > > Date: Monday, March 19, 2007 9:57 am > > Subject: Re: RSA_private_encrypt > > To: cs530@merlot.usc.edu > > > > > Someone wrote: > > > > > > > After calling the function flag1 = > RSA_private_encrypt(flen, > > > sha1_buf, buf_return, > keypair, RSA_PKCS1_PADDING); > > > > when I try to printt the value of buf_return , it remains > > > > constant for all the files. It becos there is no > > randomness ?? > > > > > > RSA_private_encrypt() just encrypts with the private key, > i.e., > > it just computes m^d mod n (where "^" denotes > exponentiation). > > This is a deterministic operation. > > > > > > I'm not sure about RSA_sign() though; may be it adds a nonce > > > when signing. That's why we specify "sign" in HW4 using > > > RSA_private_encrypt() so that we can grade it. > > > -- > > > Bill Cheng // bill.cheng@usc.edu > > > Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 19 13:04:59 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2JK4xWE015849 for ; Mon, 19 Mar 2007 13:04:59 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2JK0jHW011272 for ; Mon, 19 Mar 2007 13:00:45 -0700 Message-Id: <200703192000.l2JK0jHW011272@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: RSA_private_encrypt Date: Mon, 19 Mar 2007 13:00:45 -0700 From: william@bourbon.usc.edu I guess there was a misunderstanding about what a "working sample" meant in the HW4 spec. I just added a note in: http://merlot.usc.edu/cs530-s07/homeworks/hw4/#working to say: [BC: Paragraph added 3/19/2007] By working, it simply means that the sample code can be compiled and run. You are expected to change most of the code to make it work according to this spec. -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Mon, 19 Mar 2007 12:51:13 -0700 From: william@bourbon.usc.edu To: cs530@merlot.usc.edu Subject: Re: RSA_private_encrypt Someone wrote: > This is the defination which you have provided us. > > SmartcardState SC_init(void) > { > unsigned char *sha1_buf=NULL; > > /* > * Here's some weird code. You should replace this with > * something useful if you'd like. > */ > sha1_buf = (unsigned char *)malloc(SHA_DIGEST_LENGTH); > if (sha1_buf != NULL) { > memset(sha1_buf, 0, SHA_DIGEST_LENGTH); > SHA1(HW4_rsa_private_key, HW4_rsa_private_key_size, sha1_buf); > } > return (SmartcardState)sha1_buf; > } > > Now when I define SC_sign if I write the following functionn and > give a call to sha1_buf, buf_return, keypair, RSA_PKCS1_PADDING); > then the data in the buf_return doesnt change(i.e doesnt get > digitally signed ) since we are using the same buffer in both > SC_init and SC_sign. > > SmartcardState SC_sign(parameters) > { > unsigned char *sha1_buf=NULL; > > /* > * Here's some weird code. You should replace this with > * something useful if you'd like. > */ > sha1_buf = (unsigned char *)malloc(SHA_DIGEST_LENGTH); > if (sha1_buf != NULL) { > memset(sha1_buf, 0, SHA_DIGEST_LENGTH); > SHA1(HW4_rsa_private_key, HW4_rsa_private_key_size, sha1_buf); > } > return (SmartcardState)sha1_buf; > } The sample SC_init() is just some *random code* I wrote (mostly to illustrate that SmartcardState can be anything. You can return NULL if your other functions do not need any SmartcardState. The sample SC_sign() is also just some *random code* I wrote. You are suppose to rewrite it to make it work in your smartcard. -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Monday, March 19, 2007 11:40 am Subject: Re: RSA_private_encrypt To: cs530@merlot.usc.edu > Someone wrote: > > > Actually I was using RSA_private_encrypt() , sorry fo r that. But > > the problem was that I had declared and was using the same > > buffer as used for SC_init() function. > > I'm not sure what you meant by using the same buffer as used > for SC_init(). Why can't use a different buffer and why does > SC_init() use a buffer? > -- > Bill Cheng // bill.cheng@usc.edu > > > > ----- Original Message ----- > From: william@bourbon.usc.edu > Date: Monday, March 19, 2007 9:57 am > Subject: Re: RSA_private_encrypt > To: cs530@merlot.usc.edu > > > Someone wrote: > > > > > After calling the function flag1 = RSA_private_encrypt(flen, > > > sha1_buf, buf_return, keypair, RSA_PKCS1_PADDING); > > > when I try to printt the value of buf_return , it remains > > > constant for all the files. It becos there is no > randomness ?? > > > > RSA_private_encrypt() just encrypts with the private key, i.e., > > it just computes m^d mod n (where "^" denotes exponentiation). > > This is a deterministic operation. > > > > I'm not sure about RSA_sign() though; may be it adds a nonce > > when signing. That's why we specify "sign" in HW4 using > > RSA_private_encrypt() so that we can grade it. > > -- > > Bill Cheng // bill.cheng@usc.edu > > Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 19 12:55:26 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2JJtQGB015002 for ; Mon, 19 Mar 2007 12:55:26 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2JJpD87010992 for ; Mon, 19 Mar 2007 12:51:13 -0700 Message-Id: <200703191951.l2JJpD87010992@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: RSA_private_encrypt Date: Mon, 19 Mar 2007 12:51:13 -0700 From: william@bourbon.usc.edu Someone wrote: > This is the defination which you have provided us. > > SmartcardState SC_init(void) > { > unsigned char *sha1_buf=NULL; > > /* > * Here's some weird code. You should replace this with > * something useful if you'd like. > */ > sha1_buf = (unsigned char *)malloc(SHA_DIGEST_LENGTH); > if (sha1_buf != NULL) { > memset(sha1_buf, 0, SHA_DIGEST_LENGTH); > SHA1(HW4_rsa_private_key, HW4_rsa_private_key_size, sha1_buf); > } > return (SmartcardState)sha1_buf; > } > > Now when I define SC_sign if I write the following functionn and > give a call to sha1_buf, buf_return, keypair, RSA_PKCS1_PADDING); > then the data in the buf_return doesnt change(i.e doesnt get > digitally signed ) since we are using the same buffer in both > SC_init and SC_sign. > > SmartcardState SC_sign(parameters) > { > unsigned char *sha1_buf=NULL; > > /* > * Here's some weird code. You should replace this with > * something useful if you'd like. > */ > sha1_buf = (unsigned char *)malloc(SHA_DIGEST_LENGTH); > if (sha1_buf != NULL) { > memset(sha1_buf, 0, SHA_DIGEST_LENGTH); > SHA1(HW4_rsa_private_key, HW4_rsa_private_key_size, sha1_buf); > } > return (SmartcardState)sha1_buf; > } The sample SC_init() is just some *random code* I wrote (mostly to illustrate that SmartcardState can be anything. You can return NULL if your other functions do not need any SmartcardState. The sample SC_sign() is also just some *random code* I wrote. You are suppose to rewrite it to make it work in your smartcard. -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Monday, March 19, 2007 11:40 am Subject: Re: RSA_private_encrypt To: cs530@merlot.usc.edu > Someone wrote: > > > Actually I was using RSA_private_encrypt() , sorry fo r that. But > > the problem was that I had declared and was using the same > > buffer as used for SC_init() function. > > I'm not sure what you meant by using the same buffer as used > for SC_init(). Why can't use a different buffer and why does > SC_init() use a buffer? > -- > Bill Cheng // bill.cheng@usc.edu > > > > ----- Original Message ----- > From: william@bourbon.usc.edu > Date: Monday, March 19, 2007 9:57 am > Subject: Re: RSA_private_encrypt > To: cs530@merlot.usc.edu > > > Someone wrote: > > > > > After calling the function flag1 = RSA_private_encrypt(flen, > > > sha1_buf, buf_return, keypair, RSA_PKCS1_PADDING); > > > when I try to printt the value of buf_return , it remains > > > constant for all the files. It becos there is no > randomness ?? > > > > RSA_private_encrypt() just encrypts with the private key, i.e., > > it just computes m^d mod n (where "^" denotes exponentiation). > > This is a deterministic operation. > > > > I'm not sure about RSA_sign() though; may be it adds a nonce > > when signing. That's why we specify "sign" in HW4 using > > RSA_private_encrypt() so that we can grade it. > > -- > > Bill Cheng // bill.cheng@usc.edu > > Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 19 11:42:51 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2JIgpiY009374 for ; Mon, 19 Mar 2007 11:42:51 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2JIcdLK009830 for ; Mon, 19 Mar 2007 11:38:39 -0700 Message-Id: <200703191838.l2JIcdLK009830@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: RSA_private_encrypt Date: Mon, 19 Mar 2007 11:38:39 -0700 From: william@bourbon.usc.edu Someone wrote: > Actually I was using RSA_private_encrypt() , sorry fo r that. But > the problem was that I had declared and was using the same > buffer as used for SC_init() function. I'm not sure what you meant by using the same buffer as used for SC_init(). Why can't use a different buffer and why does SC_init() use a buffer? -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Monday, March 19, 2007 9:57 am Subject: Re: RSA_private_encrypt To: cs530@merlot.usc.edu > Someone wrote: > > > After calling the function flag1 = RSA_private_encrypt(flen, > > sha1_buf, buf_return, keypair, RSA_PKCS1_PADDING); > > when I try to printt the value of buf_return , it remains > > constant for all the files. It becos there is no randomness ?? > > RSA_private_encrypt() just encrypts with the private key, i.e., > it just computes m^d mod n (where "^" denotes exponentiation). > This is a deterministic operation. > > I'm not sure about RSA_sign() though; may be it adds a nonce > when signing. That's why we specify "sign" in HW4 using > RSA_private_encrypt() so that we can grade it. > -- > Bill Cheng // bill.cheng@usc.edu > Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 19 10:59:24 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2JHxOFe005328 for ; Mon, 19 Mar 2007 10:59:24 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2JHtB78009151 for ; Mon, 19 Mar 2007 10:55:11 -0700 Message-Id: <200703191755.l2JHtB78009151@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: RSA_private_encrypt Date: Mon, 19 Mar 2007 10:55:11 -0700 From: william@bourbon.usc.edu Someone wrote: > After calling the function flag1 = RSA_private_encrypt(flen, > sha1_buf, buf_return, keypair, RSA_PKCS1_PADDING); > when I try to printt the value of buf_return , it remains > constant for all the files. It becos there is no randomness ?? RSA_private_encrypt() just encrypts with the private key, i.e., it just computes m^d mod n (where "^" denotes exponentiation). This is a deterministic operation. I'm not sure about RSA_sign() though; may be it adds a nonce when signing. That's why we specify "sign" in HW4 using RSA_private_encrypt() so that we can grade it. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Mar 18 19:56:33 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2J2uXqL031078 for ; Sun, 18 Mar 2007 19:56:33 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2J2qM3a000531 for ; Sun, 18 Mar 2007 19:52:22 -0700 Message-Id: <200703190252.l2J2qM3a000531@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: [CSCI-530] Grading Scripts Question Date: Sun, 18 Mar 2007 19:52:22 -0700 From: william@bourbon.usc.edu Someone wrote: > I am running the grading scripts and came across a problem. When the scripts > issue the following command: "cp secret.c.$f secret.c" secret.c.$f is not > found. Should the command be written as "cp $srcdir/secret.c.$f secret.c" > instead? If so, $srcdir only contains one secret.c file and does not contain > secret.c.$f files. Right above "Plus points", the script generates all these "secret.c.*" files: foreach f (0 1 2 3 4 5 6 7 8 9 10 11 12 13 14) ./hw4 secret > secret.c.$f end -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sat Mar 17 12:39:01 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2HJd1I4019457 for ; Sat, 17 Mar 2007 12:39:01 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2HJYt4U022000 for ; Sat, 17 Mar 2007 12:34:55 -0700 Message-Id: <200703171934.l2HJYt4U022000@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Smartcardstate Date: Sat, 17 Mar 2007 12:34:55 -0700 From: william@bourbon.usc.edu Someone wrote: > Why have you created a smartcard state in main function of hw4.c. > Is there any reason for creating state in main or you just wanted > to show us how to create the state. Are you talking about the following lines in the sample "hw4.c" at "http://merlot.usc.edu/cs530-s07/homeworks/hw4/template/hw4.c"? pss = (pfn_init)(); printf("sig size is %d\n", (pfn_getsigsize)(pss)); (pfn_cleanup)(pss); If you want to pass the compatibility/interoperability test, you must follow the protocol and whatever returned by SC_init(), you must keep it and pass it to subsequent SC_*() calls. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sat Mar 17 10:14:52 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2HHEqbL008231 for ; Sat, 17 Mar 2007 10:14:52 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2HHAl7s020860 for ; Sat, 17 Mar 2007 10:10:47 -0700 Message-Id: <200703171710.l2HHAl7s020860@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: CS530 HW4 question Date: Sat, 17 Mar 2007 10:10:47 -0700 From: william@bourbon.usc.edu Someone wrote: > the null pointer is coming from the handle pointer after i open the > dynamic library as following line > > handle = dlopen(path, RTLD_NOW|RTLD_GLOBAL); // path is the > ./libhw4sc.so extracted from the arguments > > then I wrote a code to make sure that the handle pointer is not null as > the following > > if(handle == NULL) > { > fprintf(stderr,"(Error with the library)\n"); > return 1; > } > the handle code is working fine with the given sample (the sample you > gave us in the hw4) BUT, it gives an null pointer for the handle once I > attepmt to call any RSA related function from the openssl library like > RSA_new() , setrsakey() or even the RSA_public_encrypt(). I see what you mean now. dlopen() returns NULL if the shared library file cannot be loaded. So, your question is why your shared library cannot be loaded. When a shared/dynamic library is loaded, the OS needs to resolved all the references in the shared library. If one reference cannot be resolved, then loading will fail. Unfortunately, it does not printout which function is causing the failure. What does "resolving references" mean? For a function you call in your shared library, let's say f(), the OS needs to find a *memory* location for this function. If it cannot find this function in memory, then it will look for libraries in your LD_LIBRARY_PATH for a particular shared library that your shared library references and try to load that shared library and then see if the function is in memory. It can do this recursively. If you look at your libhw4sc.so, it looks like it doesn't know about libcrypto.a (or libcrypto.so). So, if your shared library is trying to call some RSA_*() function, if this function is not in memory, then it will fail. So, to get around this problem, you need to make sure that when your "hw4" starts to run, all these function references are loaded into its memory! If you implemented your whole "hw4", then all these functions will be loaded. If you don't have the whole "hw4" implemented, you can just make these RSA functions called in your "hw4" in some functions but never call these functions. -- Bill Cheng // bill.cheng@usc.edu william@bourbon.usc.edu wrote: > Hi, > > Are you saying that RSA_new() returns a NULL pointer? > If not, which function is returning a NULL pointer? > -- > Bill Cheng // bill.cheng@usc.edu > > > > -----Original Message----- > Date: Fri, 16 Mar 2007 17:18:56 -0700 > From: Ahmed AlNatheer > To: william@bourbon.usc.edu > Subject: CS530 HW4 question > > Hi Professor, > > when trying to do this: > > RSA *key; > > key = RSA_new(); > > setrsakey(key,HW4_rsa_private_key); > > int j = RSA_size(key); > printf("Size of RSA Struct: %d",j); > > RSA_public_encrypt(SHA_DIGEST_LENGTH, sha1_buf, > buf_return, key, RSA_PKCS1_PADDING); > > and attepting to fill the RSA structure with the data from secret.c, I > get a null pointer back from the handle that was supposed to allow me to > call the function. I have no Idea why this is happening and also, can > you advise on how to properly fill or initialize this structure from the > arrays in the secret.c file? For example if there is a function in the > openssl library that I can use to do this. I searched many places and > couldn't find a reliable way to do this. I appreciate if you can give > some hints on howto do this and possibly how to get rid of the null > pointer error every time i attepmt to call any RSA related function from > the openssl library. Return-Path: william@bourbon.usc.edu Delivery-Date: Sat Mar 17 00:03:30 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2H73UhW023305 for ; Sat, 17 Mar 2007 00:03:30 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2H6xQxe014046 for ; Fri, 16 Mar 2007 23:59:26 -0700 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l2H6xQ1X014045 for cs530@merlot; Fri, 16 Mar 2007 23:59:26 -0700 Date: Fri, 16 Mar 2007 23:59:26 -0700 From: william@bourbon.usc.edu Message-Id: <200703170659.l2H6xQ1X014045@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Exam 2's coverage... Hi, I think I have mentioned that Exam 2 will not be comprehensive. I'm sorry but I just realized that I have made a mistake. Exam 2 will be comprehensive. But, if a problem appeared in Exam 1, it will *not* appear in Exam 2. Sorry about my mistake before. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 15 22:45:49 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2G5jnq7032572; Thu, 15 Mar 2007 22:45:49 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2G5fmOs018464; Thu, 15 Mar 2007 22:41:48 -0700 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l2G5fmJw018463; Thu, 15 Mar 2007 22:41:48 -0700 Date: Thu, 15 Mar 2007 22:41:48 -0700 From: william@bourbon.usc.edu Message-Id: <200703160541.l2G5fmJw018463@bourbon.usc.edu> To: cs530@merlot.usc.edu, cs551@merlot.usc.edu, cs558l@merlot.usc.edu Subject: Power outage in SAL tonight... class web server will go down soon Hi, Early tomorrow morning (on 3/16/2007), there will be a scheduled power outage in the SAL building between 3:45am and 6:30am. This means that merlot.usc.edu will lose power, and that's where our class web server runs on. Since I don't want the power outage to kill merlot.usc.edu, I will shut merlot.usc.edu down around *midnight* tonight. I will also shut bourbon.usc.edu down around the same time since it's also in SAL. So, I will not be able to receive any e-mail messages after that. I will be on campus around 10:30am tomorrow and will turn these machines back on. So, there is no need to send me e-mail telling me the class web server is down until after 10:30am tomorrow. If you need to keep a copy of the project or homework spec because you want to work on it tonight, please make a copy soon! Thanks! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 15 21:57:31 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2G4vVUM028490 for ; Thu, 15 Mar 2007 21:57:31 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2G4rTmO017902 for ; Thu, 15 Mar 2007 21:53:29 -0700 Message-Id: <200703160453.l2G4rTmO017902@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: confusion Date: Thu, 15 Mar 2007 21:53:29 -0700 From: william@bourbon.usc.edu Someone wrote: > The spec says: > > sign : Produce a digital signature for file. This is done by > computing the SHA1 hash of file and send the hash to the > Smartcard. The result should be printed to stdout (in hexstring > representation). I have created sha1 of the file > > I have got the sha1 hash of the file what do I do next. I know > every thing is given in specs. But I can see digital signature , > secret key generation at many places in the specs and m confused > what to do next. Can u please give me some hint? At this point, your "hw4" should call SC_sign(). The function prototype of SC_sign() is (defined in "scintrf.h"): extern int SC_sign( SmartcardState pSS, unsigned char sha1_buf[SHA_DIGEST_LENGTH], unsigned char *buf_return); So, you need to pass the SmartcardState as the 1st argument, the SHA1 hash of the file as the 2nd argument, and allocate a buffer large enough to keep the RSA ciphertest and pass it as the 3rd argument. Since you cannot call SC_sign() directly, you need to call dlopen() and dlsym() to get the SC_sign() function pointer and call it indirectly. Inside the smartcard, you implement SC_sign() by simply calling RSA_private_encrypt(), after you've setup all the parameters. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 15 16:19:13 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2FNJDEE001809 for ; Thu, 15 Mar 2007 16:19:13 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2FNFC63014390 for ; Thu, 15 Mar 2007 16:15:12 -0700 Message-Id: <200703152315.l2FNFC63014390@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Shared Library Date: Thu, 15 Mar 2007 16:15:12 -0700 From: william@bourbon.usc.edu I forgot to mention, you may not be able to load *this* shared library until your "hw4" is fully implemented because needs some symbols from your "hw4". -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Thu, 15 Mar 2007 16:12:38 -0700 From: william@bourbon.usc.edu To: cs530@merlot.usc.edu Subject: Re: Shared Library Someone wrote: > Is there a smart card shared library implementation that I can test my > application code with? You can use "~csci530/public/hw4/libhw9sc.so". Please note that this library has its symbol table stripped, so when you do "nm ~csci530/public/hw4/libhw9sc.so", it shows nothing. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 15 16:16:38 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2FNGcGo001625 for ; Thu, 15 Mar 2007 16:16:38 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2FNCcaT014334 for ; Thu, 15 Mar 2007 16:12:38 -0700 Message-Id: <200703152312.l2FNCcaT014334@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Shared Library Date: Thu, 15 Mar 2007 16:12:38 -0700 From: william@bourbon.usc.edu Someone wrote: > Is there a smart card shared library implementation that I can test my > application code with? You can use "~csci530/public/hw4/libhw9sc.so". Please note that this library has its symbol table stripped, so when you do "nm ~csci530/public/hw4/libhw9sc.so", it shows nothing. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 15 10:41:40 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2FHfeXS007381 for ; Thu, 15 Mar 2007 10:41:40 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2FHbfU8009961 for ; Thu, 15 Mar 2007 10:37:41 -0700 Message-Id: <200703151737.l2FHbfU8009961@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: RAND_bytes() Date: Thu, 15 Mar 2007 10:37:41 -0700 From: william@bourbon.usc.edu Someone wrote: > Its working without using RAND_seed() . So should I > continue without using RAND_seed() ? You do not need to seed the random number generator by calling RAND_seed() because once you've followed the procedure in the spec, it's already seeded. The information for the seed is stored in ~/.rnd. Every time you call an OpenSSL function that needs random numbers, ~/.rnd will be updated. It's a clever way of making your pseudorandom number generate hard to crack. -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Wednesday, March 14, 2007 9:34 pm Subject: Re: RAND_bytes() To: cs530@merlot.usc.edu > Someone wrote: > > > So we just need to run the given code right? > > we dont need to use RAND_seed() right? > > I think so. If it doesn't work and you are getting the > same error message, please let me know. > -- > Bill Cheng // bill.cheng@usc.edu > > > > > > ----- Original Message ----- > From: william@bourbon.usc.edu > Date: Wednesday, March 14, 2007 8:18 pm > Subject: Re: RAND_bytes() > To: cs530@merlot.usc.edu > > > Someone wrote: > > > > > Openssl says the following: > > > RAND_bytes() puts num cryptographically strong pseudo-random > > > bytes into buf. An error occurs if the PRNG has not been seeded > > > with enough randomness to ensure an unpredictable byte > sequence. > > Is it necessarry to seed PRNG. If yes give some > hint for doing > > > that. I have not seeded PRNG and I am using RAND_bytes() > > > directly. It is giving me output without error. > > > > > > Should I continue ?? or do something to seed PRNG. please give > > > some hint. > > > > Please see the Initializing OpenSSL Pseudo-random Number Generator > > section of the spec! It applies to both RSA_generate_key() and > > RAND_bytes(). > > -- > > Bill Cheng // bill.cheng@usc.edu > > Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Mar 14 22:36:45 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2F5aj5B014880 for ; Wed, 14 Mar 2007 22:36:45 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2F5WmC1007511 for ; Wed, 14 Mar 2007 22:32:48 -0700 Message-Id: <200703150532.l2F5WmC1007511@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: RAND_bytes() Date: Wed, 14 Mar 2007 22:32:48 -0700 From: william@bourbon.usc.edu Someone wrote: > So we just need to run the given code right? > we dont need to use RAND_seed() right? I think so. If it doesn't work and you are getting the same error message, please let me know. -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Wednesday, March 14, 2007 8:18 pm Subject: Re: RAND_bytes() To: cs530@merlot.usc.edu > Someone wrote: > > > Openssl says the following: > > RAND_bytes() puts num cryptographically strong pseudo-random > > bytes into buf. An error occurs if the PRNG has not been seeded > > with enough randomness to ensure an unpredictable byte sequence. > > Is it necessarry to seed PRNG. If yes give some hint for doing > > that. I have not seeded PRNG and I am using RAND_bytes() > > directly. It is giving me output without error. > > > > Should I continue ?? or do something to seed PRNG. please give > > some hint. > > Please see the Initializing OpenSSL Pseudo-random Number Generator > section of the spec! It applies to both RSA_generate_key() and > RAND_bytes(). > -- > Bill Cheng // bill.cheng@usc.edu > Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Mar 14 21:20:34 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2F4KYiv006692 for ; Wed, 14 Mar 2007 21:20:34 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2F4GbxO006542 for ; Wed, 14 Mar 2007 21:16:37 -0700 Message-Id: <200703150416.l2F4GbxO006542@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: RAND_bytes() Date: Wed, 14 Mar 2007 21:16:37 -0700 From: william@bourbon.usc.edu Someone wrote: > Openssl says the following: > RAND_bytes() puts num cryptographically strong pseudo-random > bytes into buf. An error occurs if the PRNG has not been seeded > with enough randomness to ensure an unpredictable byte sequence. > Is it necessarry to seed PRNG. If yes give some hint for doing > that. I have not seeded PRNG and I am using RAND_bytes() > directly. It is giving me output without error. > > Should I continue ?? or do something to seed PRNG. please give > some hint. Please see the Initializing OpenSSL Pseudo-random Number Generator section of the spec! It applies to both RSA_generate_key() and RAND_bytes(). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Mar 14 20:58:46 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2F3wkBj004947 for ; Wed, 14 Mar 2007 20:58:46 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2F3sn4n006105 for ; Wed, 14 Mar 2007 20:54:49 -0700 Message-Id: <200703150354.l2F3sn4n006105@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: RSA_public_decrypt Date: Wed, 14 Mar 2007 20:54:49 -0700 From: william@bourbon.usc.edu Someone wrote: > RSA_decrypt takes the form: > > int RSA_public_decrypt(int flen, unsigned char *from, > unsigned char *to, RSA *rsa, int padding); > > The function requires us to pass in a an array of hexadecimal charecters for > the input. An array of octets, not array of hex characters. > Can we assume that there would be an upperlimit on the size of > the input given the buffer size limitation? For this assignment, the size of input is part of the spec, so you can make the necessary assumption (by sticking to the spec). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Mar 13 22:54:38 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2E5sca6030430 for ; Tue, 13 Mar 2007 22:54:38 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2E5oi8X023466 for ; Tue, 13 Mar 2007 22:50:44 -0700 Message-Id: <200703140550.l2E5oi8X023466@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: RSA for SC_Sign Date: Tue, 13 Mar 2007 22:50:44 -0700 From: william@bourbon.usc.edu Someone wrote: > The function RSA_private_encrypt takes in an pointer to an RSA > structure . Should this be the one we used to create the smart card > or should the key be generated again? You should construct the RSA structure from "secret.c". Please see the "typical example of the order of things to run" in the Commandline Syntax section of the spec. It says: hw4 secret > secret.c make smartcard hw4 sign ... So, when you do "sign", you do not generate new keys. The smartcard is compiled with already-generated keys. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 12 23:19:24 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2D6JO5M015438 for ; Mon, 12 Mar 2007 23:19:24 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2D6FY6V006966 for ; Mon, 12 Mar 2007 23:15:34 -0700 Message-Id: <200703130615.l2D6FY6V006966@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Syntax Date: Mon, 12 Mar 2007 23:15:34 -0700 From: william@bourbon.usc.edu Someone wrote: > The commandline syntax for HW4 for verify is > > hw4 verify -so=sopath [file] > > What would the correct syntax be when reading from stdin? > would it be > hw4 verify > or > hw4 verify -so > > with or without the "=" after the "-so" ? The "=sopath" is *required* after "-so" (since there is no square brackets around it). The "file" argument is optional. If it's not specified, then you must read from stdin. Therefore, the correct syntax for your case is: hw4 verify -so=sopath The "-so=sopath" is *required*. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 12 23:15:56 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2D6FupO015004 for ; Mon, 12 Mar 2007 23:15:56 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2D6C6Pf006809 for ; Mon, 12 Mar 2007 23:12:06 -0700 Message-Id: <200703130612.l2D6C6Pf006809@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: creating structure Date: Mon, 12 Mar 2007 23:12:06 -0700 From: william@bourbon.usc.edu Someone wrote: > Is it ok if I use RSA_new_method(NULL); to create the structure ? Part of this assignment is for you to figure out things like this! You can use the class moddle to discuss things like this with other students. -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Monday, March 12, 2007 7:48 pm Subject: Re: creating structure To: cs530@merlot.usc.edu > Someone wrote: > > > How do we generate structure to hold the stuff returned by the > > RSA_generate_key(). > > Part of this assignment is to figure out how to do it. You > can do trial and error and/or do some searches on the web to > see how others do it. Of course, you need to verify that > what you are doing is correct. > -- > Bill Cheng // bill.cheng@usc.edu > Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 12 20:51:01 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2D3p1qf003370 for ; Mon, 12 Mar 2007 20:51:01 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2D3lBhX004970 for ; Mon, 12 Mar 2007 20:47:11 -0700 Message-Id: <200703130347.l2D3lBhX004970@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: creating structure Date: Mon, 12 Mar 2007 20:47:11 -0700 From: william@bourbon.usc.edu Someone wrote: > How do we generate structure to hold the stuff returned by the > RSA_generate_key(). Part of this assignment is to figure out how to do it. You can do trial and error and/or do some searches on the web to see how others do it. Of course, you need to verify that what you are doing is correct. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Mar 11 21:06:15 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2C46FZA014331 for ; Sun, 11 Mar 2007 21:06:15 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2C42T58018102 for ; Sun, 11 Mar 2007 21:02:29 -0700 Message-Id: <200703120402.l2C42T58018102@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: enrollment key Date: Sun, 11 Mar 2007 21:02:29 -0700 From: william@bourbon.usc.edu Someone wrote: > I have got a confirmation for registration, but when I go to > login it asks me for enrollment key. where do I get it from? It's the same as the password you use for protected part of the class web page. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Mar 11 20:55:51 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2C3tox9013383 for ; Sun, 11 Mar 2007 20:55:50 -0700 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2C3q4NN017979 for ; Sun, 11 Mar 2007 20:52:04 -0700 Message-Id: <200703120352.l2C3q4NN017979@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: secret.c Date: Sun, 11 Mar 2007 20:52:04 -0700 From: william@bourbon.usc.edu Someone wrote: > DO we need to write a code that generates secret.c ?? Yes. That's the "hw4 secret" command. > If yes then should it have the same format as the example secret > file has? It must! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Mar 9 08:28:28 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l29GSSwe025052 for ; Fri, 9 Mar 2007 08:28:28 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l29GOpen022614 for ; Fri, 9 Mar 2007 08:24:51 -0800 Message-Id: <200703091624.l29GOpen022614@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question about HW3 Date: Fri, 09 Mar 2007 08:24:51 -0800 From: william@bourbon.usc.edu Someone wrote: > i know it is kind of late, but i noticed a typo on the hw3 rsa > question. when you find 'd' you do 'ed mod n = 1' but it should > be phi(n) instead of n. just to let you know. see you in a > couple hours. Ooops! (But I did use the correct numeric value.) I've just fixed it. Thanks for catching it! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Mar 9 08:24:07 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l29GO7D5024675 for ; Fri, 9 Mar 2007 08:24:07 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l29GKTHb022319 for ; Fri, 9 Mar 2007 08:20:29 -0800 Message-Id: <200703091620.l29GKTHb022319@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question about HW3 Date: Fri, 09 Mar 2007 08:20:29 -0800 From: william@bourbon.usc.edu Someone wrote: > Quote: > Please discuss what could happen if one-wayness is lacking in the > design of a hash function (but weak collision-resistance and strong > collision-resistance are intact). > > I'm also trying to understand the different ideal properties of hash > functions. It is not clear to me how it would be possible as you > state to be lacking one-wayness but to still have weak-collision > resistance. > > If one-wayness is lacking, then given a hash h(m), I can generate m' > with h(m') = h(m), correct? Correct. m' here is *any* preimage. If you only have h(m), you would have no idea what m is. > As I understand it, weak collision resistance means: given a message > m, I cannot easily find another message m' with the same > hash(m')=hash(m). > > However, in this case, since I have message m already- it is trivial > to compute the hash, thus I have hash(m), and if one-wayness is > lacking (by the definition above) I can generate m' with h(m') = h(m)! But it could be the case that the only m' you can find is m! Then you did not find the 2nd preimage. > The only explanation I can think of for a situation in which you could > have weak-collision resistance and not onewayness would be the > peculiar case when one-wayness is broken, but precisely and only such > that the m' you could produce IS always m, and it is not broken in > general- that is, you cannot produce any m' != m. In this case, then- > although one-wayness is broken (kindof) you have still not made any > headway breaking weak-collision resistance. > > I'm wondering what are your thoughts on this, Usually, it is true that that most difficult thing to break in a cryptographic hash function is one-wayness. So, for realistic cryptographic hash functions you don't really need to worry about this particular problem. *But*, you can construct pathological cases to demonstrate that this particular problem can occur. So, one cannot simply assume that it cannot occur! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 8 19:26:38 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l293QcUS027869 for ; Thu, 8 Mar 2007 19:26:38 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l293N3ic014275 for ; Thu, 8 Mar 2007 19:23:03 -0800 Message-Id: <200703090323.l293N3ic014275@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Multiplication Table Date: Thu, 08 Mar 2007 19:23:03 -0800 From: william@bourbon.usc.edu Someone wrote: > Since we are not allowed to bring a calculator to the mid-term, can we > bring a print out of the multiplication table for reference, because > some of us are use to the calculator and are a little bit rusty with them... I'm sorry, but you cannot bring such a thing! You need to be able to do multiplications and modulous divisions by hand. If this is going to take you a long time, you should leave problems of this type to the end and make sure you get as many points as possible for all the other problems. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 8 19:07:53 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2937r5C026311 for ; Thu, 8 Mar 2007 19:07:53 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2934Hg1013979 for ; Thu, 8 Mar 2007 19:04:17 -0800 Message-Id: <200703090304.l2934Hg1013979@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question about HW3 Date: Thu, 08 Mar 2007 19:04:17 -0800 From: william@bourbon.usc.edu Someone wrote: > I have a question about Hash Function Question in HW3. > > I think there is an another problem when weak collision-resistance is > lacking. > If weak collision-resistance is lacking, an attacker can create m' > such that H(m)=H(m'). So, he can just replace m with m' and confuse > the receiver. (I mean, the same situation as when one-wayness is > lacking could happen.) Am I correct? Could you tell me if I am missing > something? But for the attck when one-wayness is lacking, the attacker does not know what m is (while in the above example, the attacker has m). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 8 11:56:22 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l28JuMnP025123 for ; Thu, 8 Mar 2007 11:56:22 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l28JqmMI009286 for ; Thu, 8 Mar 2007 11:52:48 -0800 Message-Id: <200703081952.l28JqmMI009286@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Exam Location Date: Thu, 08 Mar 2007 11:52:48 -0800 From: william@bourbon.usc.edu Someone wrote: > Is the Exam#1 is on the same location as that of class i.e OHE132? Yes. It's in class. After the exam, there will be a 10-minute break. Then it's back to lecture on Key Management. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 8 10:09:03 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l28I930c016511 for ; Thu, 8 Mar 2007 10:09:03 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l28I5SYd007911 for ; Thu, 8 Mar 2007 10:05:29 -0800 Message-Id: <200703081805.l28I5SYd007911@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: MD5 doubt Date: Thu, 08 Mar 2007 10:05:28 -0800 From: william@bourbon.usc.edu Someone wrote: > I am not able to understand the concept of "MD5 seriously broken" > > What exactly is preamble? Preamble here means "any common prefix". > And what does this line mean? > > X1=preamble+"push R1" and X2=preamble+"push R2" > MD5(X1) = MD5(X2) It means that an attacker can generate two random numbers R1 and R2 such that MD5(X1) = MD5(X2). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Mar 7 19:21:47 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l283Ll4M011301 for ; Wed, 7 Mar 2007 19:21:47 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l283IFjl031494 for ; Wed, 7 Mar 2007 19:18:15 -0800 Message-Id: <200703080318.l283IFjl031494@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question on Authenticator Date: Wed, 07 Mar 2007 19:18:15 -0800 From: william@bourbon.usc.edu Someone wrote: > I am wondering what would prevent an attacker from > replaying the timestamped ticket, encrypted data and the authenticator > {t`}Kc,s within the window allocated to compensate for clock skews, say > 10 -15 min ?. Will the server accept this ticket and data and is the > protocol vulnerable during this small window.? Yes. The assumption is that within 10-15 minutes, the attacker can only do simple stuff such as reply. It's unlikely that the attacker can *crack* anything in 10-15 minutes. But if you have a protocol that is vulnerable to simple reply attacks, then you are in trouble. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Mar 7 15:40:11 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l27NeBQl026422; Wed, 7 Mar 2007 15:40:11 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l27NaeB6029260; Wed, 7 Mar 2007 15:36:40 -0800 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l27NaeBo029259; Wed, 7 Mar 2007 15:36:40 -0800 Date: Wed, 7 Mar 2007 15:36:40 -0800 From: william@bourbon.usc.edu Message-Id: <200703072336.l27NaeBo029259@bourbon.usc.edu> To: cs530@merlot.usc.edu, cs551@merlot.usc.edu, cs558l@merlot.usc.edu Subject: moving office hour by half an hour tomorrow... Hi, Something came up tomorrow (3/8/07) morning and I have to move the office hour to 11:30am-12:15pm. Sorry about the short notice. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Mar 6 21:27:34 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l275RYUn004869 for ; Tue, 6 Mar 2007 21:27:34 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l275O5Fd016353 for ; Tue, 6 Mar 2007 21:24:05 -0800 Message-Id: <200703070524.l275O5Fd016353@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: HW 4 - Encrypt file or sha1 hash value ? Date: Tue, 06 Mar 2007 21:24:05 -0800 From: william@bourbon.usc.edu Someone wrote: > As in the assignment .. > ./hw4 sign > > In the detail of sign in assignment we have clarification that we have to > use RSA_private_encrypt > and in verification RSA_public_decrypt. > > I successfully used this function to encrypt and decrypt file but problem is > that when i encrypt file the size of file is much larger then 256 character. > > But in the example it show it produce 256 character hexstring . > > So i think we have to compute sha1 of file during sign process and > encrypt this value using RSA_private_encrypt . > What we have to do ? > We have to encrypt entire file or just sha1 hash value ? The spec is very clear about this. Please see "sign" in the Commandline Syntax & Program Output section of the spec: ... This is done by computing the SHA1 hash of file and send the hash to the Smartcard. By the way, Exam #1 is 25% of the totoal grade and HWs are 25% of the total grade (of which half of it is for HW4). Wouldn't it be a good strategy to study for Exam #1 now and worry about HW4 after the exam? -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 5 13:44:24 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l25LiOZc014266 for ; Mon, 5 Mar 2007 13:44:24 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l25Lf0Hs027070 for ; Mon, 5 Mar 2007 13:41:00 -0800 Message-Id: <200703052141.l25Lf0Hs027070@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question about Exam #1 Date: Mon, 05 Mar 2007 13:41:00 -0800 From: william@bourbon.usc.edu Hi, In the slides about "ZKP of a Discrete Logarithm", it starts with something mod p, then it says something about mod (p-1). Therefore, it's another case where you do not have to know the math (for the purpose of exam #1). -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Tue, 27 Feb 2007 22:20:23 -0800 From: william@bourbon.usc.edu To: cs530@merlot.usc.edu Subject: Re: Question about Midterm Someone wrote: > I have a question about what we should prepare for Midterm. > > Regarding TA's lecture, you said only the basic concepts will be asked > in Midterm and no proof will be asked. I don't recall saying either "only" or "basic". I did say that you are not responsible for the math that involves digital signatures since you do not have enough background. You are also not responsible for any proofs. But you need to understand the concepts and not just the basic ones. > More specifically, > Do we have to understand every step of protocols which use modulo > arithmetic? Yes. The only exception is where digital signature is involved. More specially, if you see something mod p and then see something mod (p-1), then you do not have to know the math! Anything that's pretty much RSA, looks like ElGamal, or looks like Diffie-Hellman, you should know the details (but not proofs). > Or, just the basic concept which doesn't involve math (such as, goal, > idea, advantage, problem and applications of each protocol) are > enough? No. You need to know some math based on what was covered in the public-key cryptography lectures. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Mar 5 10:45:03 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l25Ij3OZ032586 for ; Mon, 5 Mar 2007 10:45:03 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l25Ife8W024723 for ; Mon, 5 Mar 2007 10:41:40 -0800 Message-Id: <200703051841.l25Ife8W024723@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: HW 4 - RSA_generate_key Date: Mon, 05 Mar 2007 10:41:40 -0800 From: william@bourbon.usc.edu Someone wrote: > I also have one confusion regarding to private key. > > As we generate private key using RSA_generate_key, but it does not contain > private key . instead of that it use some encoding form. Yes, it uses something called BIGNUM. > what we have to use ? Please see the OpenSSL page on BIGNUM: http://www.openssl.org/docs/crypto/bn.html There are a few conversion routines there for converting BIGNUM to and from a few other formats (such as binary, decimal, and hex). > Like RSA structure contain many values > rsa_st > { > n > e > d > } > which is private key ? Well, part of this exercise is to read through some OpenSSL documentation to learn about all this. You need to explore a little more! Also, I'm hoping that by the time you've finished studying for exam #1, you would have known the answer! :-) -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Mar 4 11:10:20 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l24JAJfj017889 for ; Sun, 4 Mar 2007 11:10:20 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l24J70Mh008919 for ; Sun, 4 Mar 2007 11:07:00 -0800 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l24J70wV008918 for cs530@merlot; Sun, 4 Mar 2007 11:07:00 -0800 Date: Sun, 4 Mar 2007 11:07:00 -0800 From: william@bourbon.usc.edu Message-Id: <200703041907.l24J70wV008918@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: SC_sign() in HW4 Hi, I've made some clarification in the spec regarding SC_sign(). Please check the blue text in the updated spec. Thanks! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Mar 4 10:56:17 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l24IuHml016707 for ; Sun, 4 Mar 2007 10:56:17 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l24IqvgZ008780 for ; Sun, 4 Mar 2007 10:52:57 -0800 Message-Id: <200703041852.l24IqvgZ008780@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Regarding HW4 Date: Sun, 04 Mar 2007 10:52:57 -0800 From: william@bourbon.usc.edu Someone wrote: > I have confused with hw4 assignment. > > In one functionality called "secret that generate RSA private key", how do > we have to implement it. And what about 160 bits random number . How to > generate that ? Is there specific function we have to use or it should > generate by Rsa_generate_key() b'coz output return by this does not contain > any 160-bit data. You should use RSA_generate_key() to generate the values for the following variables in "secret.c": HW4_rsa_private_key[] HW4_rsa_public_modulus[] You can use RAND_bytes() to generate the values for the following variables in "secret.c": HW4_random_bits_1 HW4_random_bits_2 I've just update the spec regarding the use of RAND_bytes(). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Mar 2 22:52:32 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l236qWTp014184 for ; Fri, 2 Mar 2007 22:52:32 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l236nI74027920 for ; Fri, 2 Mar 2007 22:49:18 -0800 Message-Id: <200703030649.l236nI74027920@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Hw4 Date: Fri, 02 Mar 2007 22:49:18 -0800 From: william@bourbon.usc.edu Someone wrote: > I havent heard your last lectures.. So I m really sorry if this > question is redundant in that context. > I wanted to know if you can post some podcast or some expln related > to Hw4 so that we can work on it during the springbreak. The lecture is up on DEN. Isn't that better than podcast (which I don't have). If you want to get started on HW4, you should *read the spec* carefully and try out the code on the spec and send me questions! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Mar 2 22:45:32 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l236jWpR013548 for ; Fri, 2 Mar 2007 22:45:32 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l236gHHw027738 for ; Fri, 2 Mar 2007 22:42:17 -0800 Message-Id: <200703030642.l236gHHw027738@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: dubugger gdb Date: Fri, 02 Mar 2007 22:42:17 -0800 From: william@bourbon.usc.edu Someone wrote: > Can u please give some links no how to use gdb debugrer. > I heard it helps a lot and could find couple of links on the net. > Do u know some good and comprehensive ones. Please see slide 22 of lecture 1. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Mar 2 22:37:50 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l236boHE012824 for ; Fri, 2 Mar 2007 22:37:50 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l236YaFT027620 for ; Fri, 2 Mar 2007 22:34:36 -0800 Message-Id: <200703030634.l236YaFT027620@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Web server not working Date: Fri, 02 Mar 2007 22:34:36 -0800 From: william@bourbon.usc.edu Someone wrote: -----Original Message----- Date: Fri, 02 Mar 2007 22:26:57 -0800 Subject: Web server not working > At my end I am not able to open the webpage http://merlot.usc.edu/cs551-s07/ > completely. I don't know the reason. > Looks like a problem, as the submission guidelines and some README details > are there. Hmm... I've no trouble connecting from my home. Is anyone else having the same problem? -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 1 21:01:03 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l22513Lr017881 for ; Thu, 1 Mar 2007 21:01:03 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l224vrjv007595 for ; Thu, 1 Mar 2007 20:57:53 -0800 Message-Id: <200703020457.l224vrjv007595@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Test command Date: Thu, 01 Mar 2007 20:57:53 -0800 From: william@bourbon.usc.edu Someone wrote: > Actually by giving this one line command the output says it all I guess. > > nunki.usc.edu(55): diff $srcdir/f1f.b64 f1f.b64 > diff: /home/scf-22/csci530/public/hw2/f1f.b64: No such file or directory > > The files are missing or permissions have been revoked, > but then you know best. These files never existed! The scripts would only use something like: diff $srcdir/f1.b64 f1.b64 the "f$f" should replace "$f" by a number. I don't know how you end up with "f1f"! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 1 20:57:28 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l224vRxY017547 for ; Thu, 1 Mar 2007 20:57:28 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l224sHOc007495 for ; Thu, 1 Mar 2007 20:54:17 -0800 Message-Id: <200703020454.l224sHOc007495@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Permission denied errors Date: Thu, 01 Mar 2007 20:54:17 -0800 From: william@bourbon.usc.edu Someone wrote: > I was testing the scripts and suddenly started getting permission > denied errors on the test sample files in script. Guess they have > been accidentally deleted or something ? I asked another of my > friend and he also has the same problem now for hours now. > Last I know the files were accessible around 5:30pm. Can you > please do something regarding this as already a lot of time has > gone by ? Could you be more specific regarding which script has failed? -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 1 20:26:50 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l224Qoa4015122 for ; Thu, 1 Mar 2007 20:26:50 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l224NeR9007101 for ; Thu, 1 Mar 2007 20:23:40 -0800 Message-Id: <200703020423.l224NeR9007101@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: no confirmation for submission Date: Thu, 01 Mar 2007 20:23:40 -0800 From: william@bourbon.usc.edu Someone wrote: > I have submitted the hw2 on server. I got the message saying > successful submission. But I have not received an email what > should I do. Please see my message with timestamp "Tue 27 Feb 22:30". -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 1 19:00:55 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2230t3q008325 for ; Thu, 1 Mar 2007 19:00:55 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l222vj2r006069 for ; Thu, 1 Mar 2007 18:57:45 -0800 Message-Id: <200703020257.l222vj2r006069@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Grading guidelines Date: Thu, 01 Mar 2007 18:57:45 -0800 From: william@bourbon.usc.edu Someone wrote: > I got my HW2 working fine, just finishing some test now. > My question is: > Per guidelines "Minus Points", it says "Extra passphrase for > verification for DES decryption : -1 point" > This means that it should not ask the user to verify the passphase, but > it the user makes an error while typing the passphrase, the file will > not be decrypted correctly. A message from the command "diff" will say > that the files "differ". How will the grader know it is because the > passphrase was entered wrong and not because the program is not working > correctly? The grader is responsible for grading correctly! If he makes a mistake, you can resolve it when you request a regrade. No big deal! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 1 18:59:22 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l222xMsA008143 for ; Thu, 1 Mar 2007 18:59:22 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l222uCCN006032 for ; Thu, 1 Mar 2007 18:56:12 -0800 Message-Id: <200703020256.l222uCCN006032@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Extra passphrase for verification on DES decryption Date: Thu, 01 Mar 2007 18:56:12 -0800 From: william@bourbon.usc.edu Someone wrote: > On the grading criteria, it says the following: > Extra passphrase for verification on DES decryption > > Does that mean we only ask for the passphrase once when decrypting DES? Correct. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 1 16:30:52 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l220Uqss028824 for ; Thu, 1 Mar 2007 16:30:52 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l220RgmH004792 for ; Thu, 1 Mar 2007 16:27:42 -0800 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l220RgQo004791 for cs530@merlot; Thu, 1 Mar 2007 16:27:42 -0800 Date: Thu, 1 Mar 2007 16:27:42 -0800 From: william@bourbon.usc.edu Message-Id: <200703020027.l220RgQo004791@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: no lecture tomorrow! Hi, I've done a pretape lecture today to be aired tomorrow. The way the schedule worked out with DEN, the pretape has to be done in two parts. As it turned out, I was sick and couldn't make it to the first pretape. So, the Friday lecture will only be half a lecture. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 1 16:12:47 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l220ClCH027158 for ; Thu, 1 Mar 2007 16:12:47 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2209c0i004610 for ; Thu, 1 Mar 2007 16:09:38 -0800 Message-Id: <200703020009.l2209c0i004610@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: DES testing Date: Thu, 01 Mar 2007 16:09:38 -0800 From: william@bourbon.usc.edu Someone wrote: > I have another question. I'm testing my DES encryption and when I > do it individually per file, the encryption files I generate are > the same as the ones in the hw folder. However, if I run the > script from the guidelines, the prompt to input the passphrase > never comes up and therefore, I generate grossly different > encrypted binary files. Is there a way to stall the script so it > can properly prompt from user the passphrase? Actually, what you need to do is to comment out (or take out the lines that get in your way). For example, the grading guidelines has the following lines: /bin/rm -f f?.des f?.des.hex foreach f (0 1 2 3 4 5 6 7 8 9) echo "===> $srcdir/f$f" ./hw2 enc-des $srcdir/f$f > f$f.des ~csci530/bin/hexdump f$f.des > f$f.des.hex diff $srcdir/f$f.des.1 f$f.des end You should change it to something like: echo "Encrypting..." /bin/rm -f f?.des f?.des.hex foreach f (0 1 2 3 4 5 6 7 8 9) echo "===> $srcdir/f$f" ./hw2 enc-des $srcdir/f$f > f$f.des end echo "Comparing..." /bin/rm -f f?.des f?.des.hex foreach f (0 1 2 3 4 5 6 7 8 9) echo "===> $srcdir/f$f" ~csci530/bin/hexdump f$f.des > f$f.des.hex diff $srcdir/f$f.des.1 f$f.des end -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Mar 1 16:07:50 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l2207oQk026667 for ; Thu, 1 Mar 2007 16:07:50 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l2204fmW004536 for ; Thu, 1 Mar 2007 16:04:41 -0800 Message-Id: <200703020004.l2204fmW004536@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: hw grading guidelines Date: Thu, 01 Mar 2007 16:04:41 -0800 From: william@bourbon.usc.edu Someone wrote: > I was perusing through the grading guidelines for hw2 and am > concerned with a few of them in particular. I am mostly done with > the assignment, now just debugging/testing. > > We get detracted points if there are warning errors. Why is this? It's because the compiler is telling you that something in your code is not quite right. If you think you are doing something right but the compiler is telling you that you are doing something wrong, you need to fix your code to convince the compiler that what you are doing is okay. (I have rarely see a case where the compiler is wrong.) > My program implicitly refers to the functions that run the > commands because when I tried explicitly referring to them, I get > nasty multiply defined errors. Is there a workaround for that? Of course (although I wouldn't call it "workaround")! You need to include things properly. You should *never* refer to anything implicitly! You should be explicit about what you are doing. > Also, you ask the grader to test the when prompted for > the passphrase. I'm calling the signal handler for SIGINT, but > the weird thing is, my program automatically sets SIGINT for some > reason and won't let the program run properly. Any suggestions? > It's only 2 points, but I'm curious. If you don't handle SIGINT, your program will simply terminate when it receives and that's fine! The reason for this test is that when reading the passphrase, there should be a way to get out. If you don't use the right way to read passphrase, you may not be able to get out by pressing . > I've successfully tested for f? files and the f20?.b64 files save > for one .b64 file. I've also spent consider time trying to figure > out why f202.b64 is an invalid file. The characters in the > hexdump look valid. I've tried validating the size of the file, > but the main problem I find with it is that with the derived > formula I created to theoretically calculate the size of several > encrypted files in the hw2 folder that works with all but f2. > Yet, all of those same f? files pass the test from the > guidelines. Any ideas? In order to figure out that "f202.b64" is bad, you need to use BIO_set_callback() and figure out in a convoluted way! I've seen it done before, but it's not easy. I don't think many students will get this right. As you mentioned before, it already took quite a bit of time from you. It's only 1 point so it may not worth all the hack around! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Feb 28 22:32:28 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l216WRrb007123 for ; Wed, 28 Feb 2007 22:32:28 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l216TK2m025808 for ; Wed, 28 Feb 2007 22:29:20 -0800 Message-Id: <200703010629.l216TK2m025808@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Mid term question Date: Wed, 28 Feb 2007 22:29:20 -0800 From: william@bourbon.usc.edu Someone wrote: > What is the level of detail I need to know for the various topics for the > exam? Will it suffice to know as much as the class lecture slides provide or > are we expected to know things in greater detail? You need to *understand* the lectures and be able to apply them. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Feb 28 16:29:47 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l210TlQN010933; Wed, 28 Feb 2007 16:29:47 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l210QfAK021354; Wed, 28 Feb 2007 16:26:41 -0800 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l210QfnT021353; Wed, 28 Feb 2007 16:26:41 -0800 Date: Wed, 28 Feb 2007 16:26:41 -0800 From: william@bourbon.usc.edu Message-Id: <200703010026.l210QfnT021353@bourbon.usc.edu> To: cs530@merlot.usc.edu, cs551@merlot.usc.edu, cs558l@merlot.usc.edu Subject: Moving office hour tomorrow... Hi, I need to do a pre-tape of CS 530 lecture for this Friday and the only timeslot available at DEN tomorrow is from 10am to 11:20am. So, I'll have to move tomorrow's office hour to 11:30am to 12:15pm. Sorry about the short notice. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Feb 28 09:57:16 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1SHvGG9011955 for ; Wed, 28 Feb 2007 09:57:16 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1SHsBId016048 for ; Wed, 28 Feb 2007 09:54:11 -0800 Message-Id: <200702281754.l1SHsBId016048@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: CS530 Environment Setup Date: Wed, 28 Feb 2007 09:54:11 -0800 From: william@bourbon.usc.edu Someone wrote: > i'm working on hw2 using x-window and am connected to nunki. i > went through the setup of the openssl library and manpaths and > was able to get my programs running and could see the version of > openssl when running 'openssl version'. i shutdown early this > morning to get some sleep and when i started back up my client > did not recognize openssl. i went through the steps again to set > the paths and it works now. this has happened twice now where my > paths seem to erase when i shutdown. do you have an idea why > this is happening and how to correct it? thanks for your help. > this is not inhibiting my project progress, it is just annoying > to have to retype the paths everytime i log in. I'm not familiar with x-window on Windows XP. If this turns out to be an x-window problem, you probably need to talk to ISD to get things fixed. Regarding what you said, did you set things up in your ~/.cshrc or ~/.bash_profile files (depending on whether you are using csh/tcsh or bash)? This is mentioned at the bottom of: http://merlot.usc.edu/cs530-s07/openssl.html If you do that, they should get things setup correctly every time you login. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Feb 28 07:38:58 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1SFcwBv000987 for ; Wed, 28 Feb 2007 07:38:58 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1SFZrbD014347 for ; Wed, 28 Feb 2007 07:35:53 -0800 Message-Id: <200702281535.l1SFZrbD014347@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Request to extend the deadline Date: Wed, 28 Feb 2007 07:35:53 -0800 From: william@bourbon.usc.edu Someone wrote: > I also have a request to extend the deadline by one day. Last two > weeks have been very busy because of midterms and job fair and > so, it was very difficult to start with the project. And tomorrow > I have another midterm. And this project takes time as we are on > the learning stage of openssl. I request you to extend the > deadline by at least one day. I think this would be unfair to those who has made sacrifices earlier and got the HW done already. Sorry, but I will not extend the deadline for the reason you mentioned. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Feb 27 22:56:28 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1S6uSku024215 for ; Tue, 27 Feb 2007 22:56:28 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1S6rPpZ005959 for ; Tue, 27 Feb 2007 22:53:25 -0800 Message-Id: <200702280653.l1S6rPpZ005959@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Request to shift the submission deadline Date: Tue, 27 Feb 2007 22:53:25 -0800 From: william@bourbon.usc.edu Someone wrote: > With everything messed up for most of the students, Just want to > request if you can shift the deadline for everyone to saturday, > as most of us are having midterms on thursday and friday, can you > please consider this and make a change for the complete class. 4 weeks were allocated to do HW2! You were suppose to work on it early. Some students already submitted HW2. Asking to extend deadline is extremely unfair to them as they may have made sacrifies to work on the assignment early. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Feb 27 22:38:19 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-1.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_50, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1S6cJu1022664 for ; Tue, 27 Feb 2007 22:38:19 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1S6ZGOb005694 for ; Tue, 27 Feb 2007 22:35:16 -0800 Message-Id: <200702280635.l1S6ZGOb005694@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: About X - window Date: Tue, 27 Feb 2007 22:35:16 -0800 From: william@bourbon.usc.edu Someone wrote: > While doing the homework #1, i downloaded X-window and ran it. > It worked fine with the server Aludra, but when I tried to open > a session at Nunki, the new window doesn't appear. > The error message is as follows: > > starnetssh> 701 Product Version: X-Win32 - 8.1.1116 > starnetssh> 803 Looking up host nunki.usc.edu > starnetssh> 804 Host resolved nunki.usc.edu > starnetssh> 805 Connecting to nunki.usc.edu using StarNetSSH. > starnetssh> 701 Remote Address: 68.181.201.3 > starnetssh> 701 Local Address: 192.168.1.100 > starnetssh> 701 Display Address: 192.168.1.100 > starnetssh> 806 Connected to host nunki.usc.edu > starnetssh> 807 Starting SSH protocol negotiation. > starnetssh> 808 Starting SSH2 key exchange. > starnetssh> 826 nunki.usc.edu 22 AAAAB3NzaC1yc2EAAAABIwAAAIEAsfmHdSqW1GdbiaTUongN7KaKG2bOfoBsn/LEWqbcgiQuoIWK4fKzLxy9YH/sd64aD/pG15YnIy/TDnhFckibtTAC42Wu3ibrrnwRw1AhkbNudui/XnWG1ZlxmuyFeuBfcXR8n96vELjf24QiwGbazL+ZmkljUsIHkRvIM1HpsH8= 4b:a9:63:25:82:d8:20:d6:c6:e8:5b:b1:e6:0d:db:e9 > starnetssh> 809 SSH2 key exchange complete. > starnetssh> 810 Starting SSH2 user authentication. > starnetssh> 816 SSH2 user authentication complete. > starnetssh> 817 SSH protocol negotiation complete. > starnetssh> 818 Setup X11 tunnel starting. > starnetssh> 819 Setup X11 tunnel complete. > starnetssh> 821 Sending command: /usr/openwin/bin/xterm -ah -bg Black -fg Green -ls -sb -sl 500 -geom 80x24+0+0 -T "ssh (nunki)" > starnetssh> 822 Command sent: /usr/openwin/bin/xterm -ah -bg Black -fg Green -ls -sb -sl 500 -geom 80x24+0+0 -T "ssh (nunki)" > starnetssh> 820 3647 68.181.201.3 > stderr: Xlib: connection to "localhost:15.0 > stderr: " refused by server > stderr: Xlib: Can not connect to a host on a restricted network > stderr: > stderr: /usr/openwin/bin/xterm Xt error: Can't open display: localhost:15.0 > stderr: > starnetssh> 701 channel 0: Channel::shutdownWrite: close() failed for wfd: Unknown error > > I don't know what the problem is... Can you help me? There is no requirement to run X-window. If it doesn't work for you, you should use something else! All you need is a simple ssh client. I use "putty" on Windows XP. It's not X Windows, but it's a pretty good ssh client. There are also other free ssh clients out there. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Feb 27 22:33:32 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_20, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1S6XWqS022192 for ; Tue, 27 Feb 2007 22:33:32 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1S6USBM005639 for ; Tue, 27 Feb 2007 22:30:28 -0800 Message-Id: <200702280630.l1S6USBM005639@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: No email confirmation received Date: Tue, 27 Feb 2007 22:30:28 -0800 From: william@bourbon.usc.edu Someone wrote: > I submitted homework 2 successfully using bistro. However, no email was sent > out. Should I be expecting one? You only get an e-mail when I collect your submission (which would be after the deadline) and I will only collect one of your submissions (by default, it would be the last on-time submission). The e-mail will tell you which one I collected. > Also, how do I conform that my submission > has been received correctly? When you run bsubmit, the server gives you a digitally signed ticket. You should read the ticket to make sure what made it to the server is what you tried to submit (verifying file size and hash). If the message you see is as follows: Verification successful The timestamped upload ticket (which has been successfully verified) for this submission has been placed in 123.bti in the following directory: ~/.bistro/tickets/merlot.usc.edu_9996_1234567890_2 A copy of your submission has been placed in 123.dat in the following directory: ~/.bistro/tickets/merlot.usc.edu_9996_1234567890_2 ... According to the above, the ticket file is: ~/.bistro/tickets/merlot.usc.edu_9996_1234567890_2/123.bti and a copy of your submission is placed at: ~/.bistro/tickets/merlot.usc.edu_9996_1234567890_2/123.dat Of course, you should use what's in the bsubmit output and not the fake directory name above. Then you should run through the verification procedure: http://merlot.usc.edu/cs530-s07/submit.html#verify to make sure that 123.dat works. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Feb 27 22:23:27 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1S6NQ58021384 for ; Tue, 27 Feb 2007 22:23:26 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1S6KN39005477 for ; Tue, 27 Feb 2007 22:20:23 -0800 Message-Id: <200702280620.l1S6KN39005477@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question about Midterm Date: Tue, 27 Feb 2007 22:20:23 -0800 From: william@bourbon.usc.edu Someone wrote: > I have a question about what we should prepare for Midterm. > > Regarding TA's lecture, you said only the basic concepts will be asked > in Midterm and no proof will be asked. I don't recall saying either "only" or "basic". I did say that you are not responsible for the math that involves digital signatures since you do not have enough background. You are also not responsible for any proofs. But you need to understand the concepts and not just the basic ones. > More specifically, > Do we have to understand every step of protocols which use modulo > arithmetic? Yes. The only exception is where digital signature is involved. More specially, if you see something mod p and then see something mod (p-1), then you do not have to know the math! Anything that's pretty much RSA, looks like ElGamal, or looks like Diffie-Hellman, you should know the details (but not proofs). > Or, just the basic concept which doesn't involve math (such as, goal, > idea, advantage, problem and applications of each protocol) are > enough? No. You need to know some math based on what was covered in the public-key cryptography lectures. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Feb 27 22:02:22 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1S62Mg8019805 for ; Tue, 27 Feb 2007 22:02:22 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1S5xJtX005272 for ; Tue, 27 Feb 2007 21:59:19 -0800 Message-Id: <200702280559.l1S5xJtX005272@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Keys Date: Tue, 27 Feb 2007 21:59:19 -0800 From: william@bourbon.usc.edu Someone wrote: > Before and After I call DES_ncbc_encrypt I have the folowing: > > Key : ffffffe9ffffffc42affffffba67570bffffff9d > > but my IV changes, could this be the problem or does it change? I cannot answer your question because I don't know what you meant by "key". DES_ncbc_encrypt() has the following function prototype: void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc); Is "key" the 4th argument? I don't think there is a need to print out the "key schedule" (which, as I explained in class, is the 16 sub-keys). If you put IV in the 5th argument to DES_ncbc_encrypt(), after you call DES_ncbc_encrypt(), it should change, since it's carrying state information. > The f's in the Key do not seem correct or are they? The f's looks like "sign extensions", i.e., if you have a negative value, it's "sign extended" in the machine representation. If you use "%x" in printf(), it assumes that the argument is an "signed integer". If you want to print a single byte in hex, you should use "%02x" (please read the man pages of printf() to see what this means exactly) and the corresponding value should be an "unsigned char". -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Feb 27 21:48:03 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1S5m346018540 for ; Tue, 27 Feb 2007 21:48:03 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1S5j0aS005114 for ; Tue, 27 Feb 2007 21:45:00 -0800 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l1S5j0qa005113 for cs530@merlot; Tue, 27 Feb 2007 21:45:00 -0800 Date: Tue, 27 Feb 2007 21:45:00 -0800 From: william@bourbon.usc.edu Message-Id: <200702280545.l1S5j0qa005113@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: HW2 due late Thursday night... Hi, Just a friendly reminder that HW2 is due on 3/1 (Thursday) late night. Please remember that you can submit multiple times. Please submit early! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Feb 27 11:13:20 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1RJDKxO000391 for ; Tue, 27 Feb 2007 11:13:20 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1RJAIao030843 for ; Tue, 27 Feb 2007 11:10:18 -0800 Message-Id: <200702271910.l1RJAIao030843@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Last Script test Date: Tue, 27 Feb 2007 11:10:18 -0800 From: william@bourbon.usc.edu Someone wrote: > When I run the last script nothing happens and I have to use CTRL C to end > the script and get the prompt. > Is this error? > > nunki.usc.edu(70): ./hw2 dec-base64 >! fout > ^C > nunki.usc.edu(71): ./hw2 md5 >! fout > ^C > nunki.usc.edu(72): ./hw2 sha1 >! fout > ^C > nunki.usc.edu(73): > nunki.usc.edu(73): > > Please let us know the expected behavior. The grading guidelines is pretty clear about this: # for these commands, just pound on the keyboard and hit # at random times and see if the program behaves # properly by not crashing, you don't have to look at the # output data # # if the program seg faults, please apply the seg fault rule # above Although you should terminate the input with a and not . -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Feb 27 07:42:27 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1RFgRw9016428 for ; Tue, 27 Feb 2007 07:42:27 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1RFdP0Q028275 for ; Tue, 27 Feb 2007 07:39:25 -0800 Message-Id: <200702271539.l1RFdP0Q028275@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Sample text files Date: Tue, 27 Feb 2007 07:39:25 -0800 From: william@bourbon.usc.edu Someone wrote: > In the specs, there is a link to a sample hexdump file of size 40. For HW2, there is not "hexdump". You must be talking about DES encryption. > Per the specs it loks like the sample should be for the "helloworld.txt" > file but the one that downloads is for the "yesterday.txt" file > (yesterday.txt.enc). If this is correct, can you add a link so we can > download the "helloworld" sample hexdump specified in the HW2 specs? When you mouse over the link with your web browser, you should look at the status bar and see what you will be downloading so you won't be surprised. "yesterday.txt.enc" is 496 bytes long and "helloworld.txt.enc" is 40 bytes long. They are both binary files. You can run your own hexdump program from HW1 to see their hexdump. Or you can run: ~csci530/bin/hexdump -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Feb 27 07:37:15 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1RFbFDj015950 for ; Tue, 27 Feb 2007 07:37:15 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1RFYDIM028227 for ; Tue, 27 Feb 2007 07:34:13 -0800 Message-Id: <200702271534.l1RFYDIM028227@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: hexdump example Date: Tue, 27 Feb 2007 07:34:13 -0800 From: william@bourbon.usc.edu Someone wrote: > I have downloaded the sample text files, specifically the > "yesterday.txt". In the specs, it says that the file is 496 bytes long, > but when I check the length, I get 471. The other 2 files match the size > specified in the specs. > Can you confirm the size of the file again? So I can know if the error > is in my end... "yesterday.txt" is 471 bytes long and "yesterday.txt.enc" is 496 bytes long. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Feb 27 07:28:58 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1RFSwi7015309 for ; Tue, 27 Feb 2007 07:28:58 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1RFPv7R028001 for ; Tue, 27 Feb 2007 07:25:57 -0800 Message-Id: <200702271525.l1RFPv7R028001@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Script Results Date: Tue, 27 Feb 2007 07:25:57 -0800 From: william@bourbon.usc.edu Someone wrote: > When I run the scripts for encoding, decoding and sha1; at different trials > i am getting slightly different output as follows (this example is for > enc-base64 script): > > bash-2.05b$ csh script > ===> /home/scf-22/csci530/public/hw2/f0 > ===> /home/scf-22/csci530/public/hw2/f1 > ===> /home/scf-22/csci530/public/hw2/f2 > ===> /home/scf-22/csci530/public/hw2/f3 > ===> /home/scf-22/csci530/public/hw2/f4 > ===> /home/scf-22/csci530/public/hw2/f5 > ===> /home/scf-22/csci530/public/hw2/f6 > ===> /home/scf-22/csci530/public/hw2/f7 > ===> /home/scf-22/csci530/public/hw2/f8 > ===> /home/scf-22/csci530/public/hw2/f9 > 5,692c5 > < AAAAAAAAAMAAAAAAAAAABwAAAABv///7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG and goes > on > > and some other times, running the same "csh script" command outputs: > > bash-2.05b$ csh script > No match > ===> /home/scf-22/csci530/public/hw2/f0 > ===> /home/scf-22/csci530/public/hw2/f1 > ===> /home/scf-22/csci530/public/hw2/f2 > ===> /home/scf-22/csci530/public/hw2/f3 > ===> /home/scf-22/csci530/public/hw2/f4 > ===> /home/scf-22/csci530/public/hw2/f5 > ===> /home/scf-22/csci530/public/hw2/f6 > ===> /home/scf-22/csci530/public/hw2/f7 > ===> /home/scf-22/csci530/public/hw2/f8 > ===> /home/scf-22/csci530/public/hw2/f9 > 5,692c5 > < AAAAAAAAAMAAAAAAAAAABwAAAABv///7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG and goes > on > > I can clearly see I am getting f9 wrong. But my question is, in this second > case, where it says "No match" , does that mean all of my results are wrong? > If so, why is the first case different?? I am a little confused about it. You should try runningn the script one line (or one block at a time). Then you will notice that the "No match" comes from the "rm" command. So, it's no problem. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Feb 27 07:26:14 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_20, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1RFQEN7015140 for ; Tue, 27 Feb 2007 07:26:14 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1RFNDrh027921 for ; Tue, 27 Feb 2007 07:23:13 -0800 Message-Id: <200702271523.l1RFNDrh027921@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: DES Encryption Date: Tue, 27 Feb 2007 07:23:13 -0800 From: william@bourbon.usc.edu Someone wrote: > All my functions are working properly except the DES encryption. > I double checked the key with odd parity and also the IV but when > i try to encrypt the 'hello world' file, I get different values > for the encrypted text (header is the same) than those in the > specs. I am padding the remainder of the last eight byte block > with '\0' and then passing it to the DES_ncbc_encrypt function. > > Any ideas as to what i might be doing wrong? Since the file is 12 bytes long, you will need to call DES_ncbc_encrypt() twice. Does your output match in the first 8 bytes or all 16 bytes are wrong? You should print out the inputs (in hexstring format) right before and right after you call DES_ncbc_encrypt() and let me know what you get and I can compare them with what I have. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Feb 26 19:47:43 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1R3lg5Z024273 for ; Mon, 26 Feb 2007 19:47:43 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1R3ih78021661 for ; Mon, 26 Feb 2007 19:44:43 -0800 Message-Id: <200702270344.l1R3ih78021661@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Bad Behavior script for cs530, hw2 Date: Mon, 26 Feb 2007 19:44:43 -0800 From: william@bourbon.usc.edu Someone wrote: > i have a question on the last script of the grading-guideline for the > Bad Behavior. > > ./hw2 dec-des $srcdir/f0.des >! fout > > # [ type in a long random passphrase, at least 80 chars ] > > my program gives me an error message that the input file doesn't exist. > and when i see the "/auto/home-scf-22/csci530/public/hw2/" > > i could not find the f0.des which implies that the error message is true. As long as you report something correctly, that would be fine. > Do we need to check that with a different file that exist in the > directory ? The command right above it is using an existing file: ./hw2 dec-des $srcdir/f0s >! fout -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Feb 26 14:34:46 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1QMYkJY032168 for ; Mon, 26 Feb 2007 14:34:46 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1QMVlIC018316 for ; Mon, 26 Feb 2007 14:31:47 -0800 Message-Id: <200702262231.l1QMVlIC018316@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question on hw2 Date: Mon, 26 Feb 2007 14:31:47 -0800 From: william@bourbon.usc.edu Someone wrote: > Based on your response below, I think the correct behavior is to accept > any data that has been typed ahead and is in the buffer as part of the > DES password. Please correct me if I am wrong here. Yes. Since we do not have a graphical user interface, please do not clear the input buffer when you ask the user to enter a passphrase. -- Bill Cheng // bill.cheng@usc.edu william@bourbon.usc.edu wrote: > SOmeone wrote: > > > Can I assume that the standard input buffer is > > empty before calling the des_read_pw() routine?. > > You cannot assume that! > > > I have noticed that while running the test scripts for DES > > encryption > > and decryption, if the last line of the script , > > > > "/bin/rm -f " , is also pasted after the "end" > > statement of the for loop, this line remains in the input buffer > > and is read in as part of the encryption/decryption password ?. > > If this line is excluded when tests are run, there is no issue. > > You should not blindly run the grading script. If you "type > ahead" on your keyboard and it just so happen that your > program is reading from the keyboard, then whatever you've > typed will go into the buffer you gave to DES_read_pw(). > When you do a lot of copy and paste, it's like doing "typing > ahread". So, be careful! > -- > Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Feb 26 10:46:36 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1QIkaKJ014180 for ; Mon, 26 Feb 2007 10:46:36 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1QIhbNC003529 for ; Mon, 26 Feb 2007 10:43:37 -0800 Message-Id: <200702261843.l1QIhbNC003529@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question on hw2 Date: Mon, 26 Feb 2007 10:43:37 -0800 From: william@bourbon.usc.edu SOmeone wrote: > Can I assume that the standard input buffer is > empty before calling the des_read_pw() routine?. You cannot assume that! > I have noticed that while running the test scripts for DES > encryption > and decryption, if the last line of the script , > > "/bin/rm -f " , is also pasted after the "end" > statement of the for loop, this line remains in the input buffer > and is read in as part of the encryption/decryption password ?. > If this line is excluded when tests are run, there is no issue. You should not blindly run the grading script. If you "type ahead" on your keyboard and it just so happen that your program is reading from the keyboard, then whatever you've typed will go into the buffer you gave to DES_read_pw(). When you do a lot of copy and paste, it's like doing "typing ahread". So, be careful! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Feb 25 22:28:08 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1Q6S8na020564 for ; Sun, 25 Feb 2007 22:28:08 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1Q6PCNo028515 for ; Sun, 25 Feb 2007 22:25:12 -0800 Message-Id: <200702260625.l1Q6PCNo028515@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Reg: Sample papers for midterm Date: Sun, 25 Feb 2007 22:25:12 -0800 From: william@bourbon.usc.edu Someone wrote: > Will you be posting sample question papers for the midterm? > If so when can we expect that. It would be great if they are posted > early, for it aids our preparation. Sorry, but I do not give out sample exams. Please check out HW3 and its solutions to get an idea of what "questions with long answers" may look like for the exams. I will talk about the exam in the next lecture. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Feb 25 13:51:37 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1PLpb78012193 for ; Sun, 25 Feb 2007 13:51:37 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1PLmgQT024236 for ; Sun, 25 Feb 2007 13:48:42 -0800 Message-Id: <200702252148.l1PLmgQT024236@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Testing script of HW 2 Date: Sun, 25 Feb 2007 13:48:42 -0800 From: william@bourbon.usc.edu Someone wrote: > In the testing scripts: > > in last few line of test script > there is > ./hw2 md5 >! fout > > what does >! these mean ? It's the same as ">". Just that in some environments, if you simply use ">", you will get a prompt asking if you really want to overwrite current file. If you use ">!", then it will just overwrite current file. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Feb 22 11:59:26 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-1.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_50, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1MJxQxm001650 for ; Thu, 22 Feb 2007 11:59:26 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1MJqSVk000876 for ; Thu, 22 Feb 2007 11:52:28 -0800 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l1MJqSF0000875 for cs530@merlot; Thu, 22 Feb 2007 11:52:28 -0800 Date: Thu, 22 Feb 2007 11:52:28 -0800 From: william@bourbon.usc.edu Message-Id: <200702221952.l1MJqSF0000875@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: lecture 6 slides are up Hi, I've just put up lecture 6 slides (2/16). Sorry about the delay. -- Bill Cheng // bill.cheng@usc.edu P.S. There was a question regarding why ZKP using RSA is ZKP. Below is the answer from the TA: > Questions & Answers: > * Why ZKP using RSA (csci530-lect2a.ppt, pp8) is ZKP? > I think in order to answer this question, one need to understand > what makes a protocol, a zero knowledge protocol. The details > are in "The Handbook of Applied Cryptography ch 10.4). > > Briefly, the example protocol in the slide satisfies the > followings: > > Step 1. The example protocol is an instance of *interactive proof > systems* since the prover and the verifier exchange multiple > messages. > > Step 2. An interactive proof is said to be a *proof of knowledge* > if it has both the properties of *completeness* and *soundness*. > Briefly, completeness refers to the fact that the protocol > succeeds with overwhelming probability. The soundness implies > that there exists an expected polynomial time algorithm. > > Step 3. A protocol which is a proof of knowledge has the *zero > knowledge property* if the protocol is *simulatable* - it is > simulatable if there exists an expected polynomial time algo > (simulator) which can produce transcripts indistinguishable from > those resulting from interaction with the real prover > > Several characteristics of ZKP are: > > 1. No degradation with usage > 2. Encryption avoided (I think here, the authors meant by symmetric > algorithms) > 3. Efficiency > 4. Unproven assumptions (e.g. the intractability of factoring or quadratic > residuosity) > > I hope this clarifies some of the confusions. Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Feb 21 19:26:08 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_40, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1M3Q4jS011871; Wed, 21 Feb 2007 19:26:04 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1M3J86D014886; Wed, 21 Feb 2007 19:19:08 -0800 Message-Id: <200702220319.l1M3J86D014886@bourbon.usc.edu> To: cs551@merlot.usc.edu, cs530@merlot.usc.edu, cs558l@merlot.usc.edu Subject: FWD: CS Colloquium Lecturer on Monday Date: Wed, 21 Feb 2007 19:19:08 -0800 From: william@bourbon.usc.edu Dear students, The champion of the free software movement will be giving a CS Colloquium lecturer next Monday. Please see the announcement below. -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Wed, 21 Feb 2007 09:26:52 -0800 From: Nancy Levien To: CSFACULTY-L@usc.edu Subject: CS Colloquium Lecturer on Monday Title: The Free Software Movement and the GNU/Linux Operating System Dr. Richard Stallman Date: 26th Feb 2007 3:30 pm - 5:00 pm SAL 101 Abstract: Richard Stallman will speak about the goals and philosophy of the Free Software Movement, and the status and history the GNU operating system, which in combination with the kernel Linux is now used by tens of millions of users world-wide. Bio: Richard Stallman launched the development of the GNU operating system (see www.gnu.org) in 1984. GNU is free software: everyone has the freedom to copy it and redistribute it, as well as to make changes either large or small. The GNU/Linux system, basically the GNU operating system with Linux added, is used on tens of millions of computers today. Stallman has received the ACM Grace Hopper Award, a MacArthur Foundation fellowship, the Electronic Frontier Foundation's Pioneer award, and the the Takeda Award for Social/Economic Betterment, as well as several honorary doctorates. Nancy Levien Executive Assistant to the Chair Department of Computer Science USC Viterbi School of Engineering Tel: (213) 740-4498 Fax: (213) 740-7285 Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Feb 21 19:12:14 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1M3CExX010763 for ; Wed, 21 Feb 2007 19:12:14 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1M35Itv014610 for ; Wed, 21 Feb 2007 19:05:18 -0800 Message-Id: <200702220305.l1M35Itv014610@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Compiling and Running issues Date: Wed, 21 Feb 2007 19:05:18 -0800 From: william@bourbon.usc.edu Someone wrote: > I know this has been brought up several times, but I think I am > having a problem at runtime. Here's what happens: > > bash-2.05b$ g++ -Wall -c -o hw2 > -I/home/scf-22/csci551b/openssl/include \ > -L/home/scf-22/csci551b/openssl/lib -lcrypto -lsocket hw2.cc > g++: -lcrypto: linker input file unused because linking not done > g++: -lsocket: linker input file unused because linking not done > bash-2.05b$ hw2 > bash: ./hw2: Permission denied > bash-2.05b$ > > Any suggestions why the permission is being denied? And what is > the permission for? When you give gcc/g++ the "-c" commandline option, you are asking it to compile a source file into a module (.o file). You do need to do this to satisfy the separate compilation requirement. So, if you are using "-c", you are *not* doing linking. Therefore, you do not need all the -L and -l stuff (since they are only meaningful when you link), and you do not need "-o hw2". After you have created a bunch of .o files, you can link them all together. This time, you don't need "-c" but you need "-o hw2" and all the -L and -l stuff. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Feb 21 09:00:34 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1LH0Ymg027561 for ; Wed, 21 Feb 2007 09:00:34 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1LGre0h008377 for ; Wed, 21 Feb 2007 08:53:40 -0800 Message-Id: <200702211653.l1LGre0h008377@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: sha1 verifcation Date: Wed, 21 Feb 2007 08:53:40 -0800 From: william@bourbon.usc.edu Someone wrote: > i'm retesting my sha1 encryption, SHA1 is a hash, not encryption. > but from both the sha1() and > sha1_final() functions, i'm only receiving a write out of length > 12 bytes. the spec specifies 20. therefore, i'm missing 16 > characters of the sha1 hash. to verify if this even works, i > tested on a sample file. based on this sample, the 24 characters > i get from the 12 bytes i generate by the functions are > consistent with the first 24 characters of what openssl itself > generates. but somehow, there are 8 bytes from the functions > missing any guess? My guess is that you are using a function (such as printf()) that expects a "null-terminated string" to process binary data. Since a hash value may have zeroes in it, your function stops prematurely. Please remember to treat things as binary data and use the right functions to process/print them. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Feb 20 09:26:23 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1KHQNO5008947 for ; Tue, 20 Feb 2007 09:26:23 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1KHJX2L023589 for ; Tue, 20 Feb 2007 09:19:33 -0800 Message-Id: <200702201719.l1KHJX2L023589@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Discussion Board Date: Tue, 20 Feb 2007 09:19:33 -0800 From: william@bourbon.usc.edu Hi, I forgot to mention, the key to use is the same as the password you use for the protected parts of the class web page. -- Bill Cheng // bill.cheng@usc.edu -----Original Message----- Date: Sun, 18 Feb 2007 20:20:51 -0800 From: william@bourbon.usc.edu To: cs530@merlot.usc.edu Subject: Re: Discussion Board Someone wrote: > Does 530 have a discussion board were we can discuss homework related > issues between students? I've just created a moodle for CS 530 at: http://merlot.usc.edu:9996/moodle This moodle is mainly for students-to-students discussions. The TA, the grader, and I will *not* be reading the postings here. Please feel free to add new discussion topics under the "social forum". Please do not send attachments. Please note that once you've posted something here, it cannot be deleted. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Mon Feb 19 21:10:43 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1K5Ah2J014001 for ; Mon, 19 Feb 2007 21:10:43 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1K53rhO016593 for ; Mon, 19 Feb 2007 21:03:53 -0800 Message-Id: <200702200503.l1K53rhO016593@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: linking problem Date: Mon, 19 Feb 2007 21:03:53 -0800 From: william@bourbon.usc.edu Someone wrote: > I'm trying to just test the accessibility of the openssl files on > the unix system (I'm ok with it on my own machine, where I have > cygwin installed). And I know you already sent a message > regarding compilation, which I was able to complete. However, I'm > having significant difficulty linking that object file to an > executable. I have output a series of commands to show that I > (think I) set up the environment properly, a verification of it > via echos, successful compilation of object file, but > unsuccessful linking to executable. I think the problem is that you put the library stuff near the beginning of your compile line. If you move them past all the .o files, it probably will work. I've update the OpenSSL page: http://merlot.usc.edu/cs530-s07/openssl.html right above the "-lcrypto" stuff to say: ([BC: Added 2/19/2007] after all the .o files) If this doesn't solve the problem, please send me e-mail. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Feb 18 20:27:37 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_20, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1J4Rbab025305 for ; Sun, 18 Feb 2007 20:27:37 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1J4KpXA031628 for ; Sun, 18 Feb 2007 20:20:51 -0800 Message-Id: <200702190420.l1J4KpXA031628@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Discussion Board Date: Sun, 18 Feb 2007 20:20:51 -0800 From: william@bourbon.usc.edu Someone wrote: > Does 530 have a discussion board were we can discuss homework related > issues between students? I've just created a moodle for CS 530 at: http://merlot.usc.edu:9996/moodle This moodle is mainly for students-to-students discussions. The TA, the grader, and I will *not* be reading the postings here. Please feel free to add new discussion topics under the "social forum". Please do not send attachments. Please note that once you've posted something here, it cannot be deleted. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Feb 15 23:30:42 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1G7Ugth029403 for ; Thu, 15 Feb 2007 23:30:42 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1G7O7Mv032315 for ; Thu, 15 Feb 2007 23:24:07 -0800 Message-Id: <200702160724.l1G7O7Mv032315@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: HW2 Date: Thu, 15 Feb 2007 23:24:07 -0800 From: william@bourbon.usc.edu Someone wrote: > thanks for that. what should come after DES if the file is empty? According to the spec, byte 3 of the input file must contain a number between 1 and 8, inclusive. For an empty file, it seems that there is no proper number to put there. So, I would consider this an error condition. One way to handle this error condition is to refuse to encrypt an empty file. So, you can print an error message to stderr and output nothing. -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Thursday, February 15, 2007 9:43 pm Subject: Re: HW2 To: cs530@merlot.usc.edu > Someone wrote: > > > How can I check if the passphrase is not empty. Is there an > > funcction for that? > > I'm not sure what you mean. If you call des_read_pw(), it > will put the passphrase in the buffer (first 2 arguments). > You can just check the buffer and see if they are empty. > Right? > -- > Bill Cheng // bill.cheng@usc.edu > Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Feb 15 21:45:48 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1G5jmrP020787 for ; Thu, 15 Feb 2007 21:45:48 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1G5dDOp029680 for ; Thu, 15 Feb 2007 21:39:13 -0800 Message-Id: <200702160539.l1G5dDOp029680@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: HW2 Date: Thu, 15 Feb 2007 21:39:13 -0800 From: william@bourbon.usc.edu Someone wrote: > How can I check if the passphrase is not empty. Is there an > funcction for that? I'm not sure what you mean. If you call des_read_pw(), it will put the passphrase in the buffer (first 2 arguments). You can just check the buffer and see if they are empty. Right? -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Feb 15 10:23:50 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1FINok3032257; Thu, 15 Feb 2007 10:23:50 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1FIHEAU021927; Thu, 15 Feb 2007 10:17:14 -0800 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l1FIHDu4021926; Thu, 15 Feb 2007 10:17:13 -0800 Date: Thu, 15 Feb 2007 10:17:13 -0800 From: william@bourbon.usc.edu Message-Id: <200702151817.l1FIHDu4021926@bourbon.usc.edu> To: cs530@merlot.usc.edu, cs551@merlot.usc.edu, cs558l@merlot.usc.edu Subject: late to office hours Cc: william@bourbon.usc.edu Hi All, Due to a person emergency I will be about half an hour late to my office hours today (Thu, 2/15/07). Thus, today's office hours will go from 11:30am to 12:15pm. My apologies, Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Feb 14 11:40:07 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1EJe7MS022043 for ; Wed, 14 Feb 2007 11:40:07 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1EJXbc9006206 for ; Wed, 14 Feb 2007 11:33:37 -0800 Message-Id: <200702141933.l1EJXbc9006206@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Size of passphrase Date: Wed, 14 Feb 2007 11:33:37 -0800 From: william@bourbon.usc.edu Someone wrote: > The encrypted output has the following format: > > DES[BytesInLastBlock][SHA-1Hash][encrypted data] > > I cannot send out the encrypted data until I have seen the entire input. > Since the buffer size is 4096, I was looking at limiting the size of the > input file to this value. Since the file commandline argument is required, you can go multiple pass through the input file! If the file commandline argument is optional (and the input can come from stdin), then the only thing you can do is to write the input into a temporary file and then go multiple pass through the temporary file. But we don't need to deal with this case. -- Bill Cheng // bill.cheng@usc.edu On 2/14/07, william@bourbon.usc.edu wrote: > > Someone wrote: > > > Can we assume an upper limit on the size of the inpit file to be > > encrypted? > > No. I don't see any good reason to *ever* have such a limit > when you code! > -- > Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Feb 14 10:20:01 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1EIK17U015368 for ; Wed, 14 Feb 2007 10:20:01 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1EIDVKV003971 for ; Wed, 14 Feb 2007 10:13:31 -0800 Message-Id: <200702141813.l1EIDVKV003971@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Size of passphrase Date: Wed, 14 Feb 2007 10:13:31 -0800 From: william@bourbon.usc.edu Someone wrote: > Can we assume an upper limit on the size of the inpit file to be > encrypted? No. I don't see any good reason to *ever* have such a limit when you code! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Feb 14 10:17:55 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_05, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1EIHtob015128 for ; Wed, 14 Feb 2007 10:17:55 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1EIBQYY003858 for ; Wed, 14 Feb 2007 10:11:26 -0800 Message-Id: <200702141811.l1EIBQYY003858@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Size of passphrase Date: Wed, 14 Feb 2007 10:11:26 -0800 From: william@bourbon.usc.edu Someone wrote: > I was wondering if we can have a limit on the size of the passphrase. > des_read_pw > requires a buffer to be passed in.I was hoping to keep this code simple. > Please let me know if I can make simplifying assumptions here. Please use 4,096 since that's the maximum buffer size you are allowed to use for this assignment. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Feb 13 16:56:08 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1E0u8c6030183 for ; Tue, 13 Feb 2007 16:56:08 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1E0nfdT023046 for ; Tue, 13 Feb 2007 16:49:41 -0800 Message-Id: <200702140049.l1E0nfdT023046@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: CS 530 HW1 grade... Date: Tue, 13 Feb 2007 16:49:41 -0800 From: william@bourbon.usc.edu Someone just reported an typo in the grades I sent for HW1. It should say: Total score (out of 50): ... instead of: Total score (out of 100): ... Sorry about the error! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Feb 11 20:38:49 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1C4cnHh013197 for ; Sun, 11 Feb 2007 20:38:49 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1C4WTMk019029 for ; Sun, 11 Feb 2007 20:32:29 -0800 Message-Id: <200702120432.l1C4WTMk019029@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Doubt regarding DES Date: Sun, 11 Feb 2007 20:32:29 -0800 From: william@bourbon.usc.edu Someone wrote: > I have a doubt in DES encryption. > > I am done with the SHA Hashing and it works fine. I used "%02x" format > specifier to print the value. > > I am not sure what to use for printing this value in the first few bytes > of DES encrypted file. Like I tried giving the modifier %c, its not > working. > > It would be great if you can give me a hint regarding this. Are you asking about bytes 4-23 of the encrypted file? There are 20 bytes here and the SHA1 hash of a file is also 20 bytes long. If you use %02x and printf, you will end up with 40 bytes of ASCII hex characters. You can just do fwrite() or write() to write the 20 bytes SHA1 value into the file. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sat Feb 10 16:55:12 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1B0tCgQ017479 for ; Sat, 10 Feb 2007 16:55:12 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1B0mubc007704 for ; Sat, 10 Feb 2007 16:48:56 -0800 Message-Id: <200702110048.l1B0mubc007704@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: problem with decoding Date: Sat, 10 Feb 2007 16:48:56 -0800 From: william@bourbon.usc.edu Someone wrote: > For this part of the assignment "hw2 dec-base64 [file]" how is > the encoded data going to be provided. Will there be == at the > end of the data if the encoded charaters are less than 4. This is the same as HW1. If the number of valid data characters is not a multiple of 4 and there is wrong number of equal signs at the end of the file, you should print out error messages. Please see the grading guidelines for sample input files. -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Saturday, February 10, 2007 4:11 pm Subject: Re: problem with decoding To: cs530@merlot.usc.edu > Someone wrote: > > > The deoding program gives output if the input file has character > > in multiples of 4. But if append ÿsign at the end of the file > > when there are not in multiple of four then it does nt give > > the output. > > I'm sorry but I don't know if you are making a statement or > asking a question. And, what is "the decoding program"? Is > this your program? Please elaborate. Thanks! > -- > Bill Cheng // bill.cheng@usc.edu > Return-Path: william@bourbon.usc.edu Delivery-Date: Sat Feb 10 16:13:38 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-3.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1B0DcwN014203 for ; Sat, 10 Feb 2007 16:13:38 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1B07MCU007077 for ; Sat, 10 Feb 2007 16:07:22 -0800 Message-Id: <200702110007.l1B07MCU007077@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: problem with decoding Date: Sat, 10 Feb 2007 16:07:22 -0800 From: william@bourbon.usc.edu Someone wrote: > The deoding program gives output if the input file has character > in multiples of 4. But if append ÿsign at the end of the file > when there are not in multiple of four then it does nt give > the output. I'm sorry but I don't know if you are making a statement or asking a question. And, what is "the decoding program"? Is this your program? Please elaborate. Thanks! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Feb 8 10:57:16 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l18IvGBi014873 for ; Thu, 8 Feb 2007 10:57:16 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l18Ip8IR004116 for ; Thu, 8 Feb 2007 10:51:08 -0800 Message-Id: <200702081851.l18Ip8IR004116@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: problem in compilation Date: Thu, 08 Feb 2007 10:51:08 -0800 From: william@bourbon.usc.edu Someone wrote: > I was just trying to create and test a.out to see if open ssl > is running correctly. Then you need to link to the required libraries. Please read the following carefully: http://merlot.usc.edu/cs530-s07/openssl.html > But I got those errors when I was compiling the program. I > never wanted to create encode.o. I cant understand why the > compiler not allowing the compilation. -- Bill Cheng // bill.cheng@usc.edu ----- Original Message ----- From: william@bourbon.usc.edu Date: Wednesday, February 7, 2007 8:32 pm Subject: Re: problem in compilation To: cs530@merlot.usc.edu > Someone wrote: > > > When I try to compile the code I get following error . > > > > nunki.usc.edu(95): cc encode.c -I/home/scf- > 22/csci551b/openssl/include > Undefined > first referenced > > symbol in file > > BIO_f_base64 encode.o > > BIO_write encode.o > > BIO_new_fp encode.o > > BIO_new encode.o > > BIO_free_all encode.o > > BIO_ctrl encode.o > > BIO_push encode.o > > ld: fatal: Symbol referencing errors. No output written to a.out > > > > Is there any error in my program or its an open ssl issue. > > It's in the way you run the compiler. If you want to compile > "encode.c" into "encode.o", you should use the "-c" compiler > option. If you leave out "-c", you would be asking the > compiler to link and create the "a.out" executable in this > case. > > > Attached is the code if you want to have look at it. > > I really prefer not to look at any code (unless it's 5 lines > long). > -- > Bill Cheng // bill.cheng@usc.edu > Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Feb 7 20:34:11 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l184YBdI011131 for ; Wed, 7 Feb 2007 20:34:11 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l184S5Ph027806 for ; Wed, 7 Feb 2007 20:28:05 -0800 Message-Id: <200702080428.l184S5Ph027806@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: problem in compilation Date: Wed, 07 Feb 2007 20:28:05 -0800 From: william@bourbon.usc.edu Someone wrote: > When I try to compile the code I get following error . > > nunki.usc.edu(95): cc encode.c -I/home/scf-22/csci551b/openssl/include > Undefined first referenced > symbol in file > BIO_f_base64 encode.o > BIO_write encode.o > BIO_new_fp encode.o > BIO_new encode.o > BIO_free_all encode.o > BIO_ctrl encode.o > BIO_push encode.o > ld: fatal: Symbol referencing errors. No output written to a.out > > Is there any error in my program or its an open ssl issue. It's in the way you run the compiler. If you want to compile "encode.c" into "encode.o", you should use the "-c" compiler option. If you leave out "-c", you would be asking the compiler to link and create the "a.out" executable in this case. > Attached is the code if you want to have look at it. I really prefer not to look at any code (unless it's 5 lines long). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Feb 4 17:37:54 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-1.7 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_40, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l151bsAL002002 for ; Sun, 4 Feb 2007 17:37:54 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l151Vxp4003368 for ; Sun, 4 Feb 2007 17:31:59 -0800 Message-Id: <200702050131.l151Vxp4003368@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Which make? Date: Sun, 04 Feb 2007 17:31:59 -0800 From: william@bourbon.usc.edu Someone wrote: > In starting homework #2, I added the following conditional to my > Makefile in order to compile with different options based on > $HOSTNAME. > > ifeq ($(HOSTNAME),psion) > CFLAGS=-Wall -O3 > LDFLAGS=-lcrypto -lsocket > else > CFLAGS=-Wall -O3 -I/home/scf-22/csci551b/openssl/include > LDFLAGS=-L/home/scf-22/csci551b/openssl/lib -lcrypto -lsocket > endif > > After testing this on nunki and my local host, I realized that there > are no less than 12 versions of 'make' on nunki. So my question, is > which make is our grader using? Given the way my $PATH is setup, I've > been using GNU make (which allows for these conditionals) but > /usr/ccs/bin/make does not. > > rmrobert@nunki hw2 $ locate make |grep '/make$' > /usr/ccs/bin/make > /usr/usc/centerline/2002-10/API/msg_defs/appl_svc/make > /usr/usc/gnu/bin/make > /usr/usc/gnu/make > /usr/usc/gnu/make/3.80/bin/make > /usr/usc/matlab/2006a/rtw/bin/sol2/make > /usr/usc/matlab/2006a/toolbox/stateflow/stateflow/private/bin/sol2/make > /usr/usc/matlab/7.0/rtw/bin/sol2/make > /usr/usc/matlab/7.0/toolbox/stateflow/stateflow/private/bin/sol2/make > /usr/usc/R/1.9.1/lib/R/share/make > /usr/usc/R/2.1.1/lib/R/share/make > /usr/usc/synopsys/2000.11/coreConsultant/2002.05-CB4.0.2/sparcOS5/dware/bin/make > > Thanks- if need be I can write for the lowest common denominator, but > its nice to have 1 Makefile for both environments, and I can do that > as long as I am sure GNU make is used by the grader on nunki. The spec does say "minor variation on the make command is allowed". So, if you want to use gmake, please say so near the top of your README file. The grader is suppose to read your README file first before starting to grade. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Feb 2 17:24:31 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l131OVsx028710 for ; Fri, 2 Feb 2007 17:24:31 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l131IhDf032758 for ; Fri, 2 Feb 2007 17:18:43 -0800 Message-Id: <200702030118.l131IhDf032758@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: grading guidelines of hw2 Date: Fri, 02 Feb 2007 17:18:43 -0800 From: william@bourbon.usc.edu Someone wrote: > The grading guideline link in HW2 is not working. > > Kindly do the needful It's fixed now. Thanks for reminding me! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Feb 1 23:20:51 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l127KpPl004171 for ; Thu, 1 Feb 2007 23:20:51 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l127F6pO016232 for ; Thu, 1 Feb 2007 23:15:06 -0800 Message-Id: <200702020715.l127F6pO016232@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: encoding format Date: Thu, 01 Feb 2007 23:15:06 -0800 From: william@bourbon.usc.edu Someone wrote: [ This is my last e-mail tonight... going to bed... Please submit ontime because penality for late submission is severe. ] > as per the specs, the encoded file should have 64 character > on one line and then a newline, but in the grading guidelines: > > /bin/rm -f f?.dat > foreach f (100 101) > echo "===> $srcdir/f$f" > cat $srcdir/f$f.b64 | ./hw1 dec-base64 > f$f.dat > diff $srcdir/f$f f$f.dat > end > > here, the files have one character on one line and then there > is a newline, which violates the specs rules...so, i m not > getting that output... The encoded file produced by your program should have 64 characters per line. When you are decoding a file, you should treat the file as if it's all in one line. I've mentioned this in class. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Feb 1 23:12:30 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l127CUtt003511 for ; Thu, 1 Feb 2007 23:12:30 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1276k6n016058 for ; Thu, 1 Feb 2007 23:06:46 -0800 Message-Id: <200702020706.l1276k6n016058@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Doubt regarding EOF Date: Thu, 01 Feb 2007 23:06:46 -0800 From: william@bourbon.usc.edu Someone wrote: > I am facing a problem in the end of file detection !! If feof() > works for text file, it does not work for binary files. One extra > byte comes in while reading binary files. And just because one > extra byte slips in, encoding program gives 4 bytes of extra > output. > > Rest of the things are working fine. So, what can be the problem? You actually don't need feof() to get things to work. There are other ways to detect end-of-input. If you use fread(), you can read the man pages and see how end-of-input can be detected by looking at the return code. I don't use feof(), so I don't know exactly what can be wrong here. But I think it's a bit redundent if you are using fread() since the return code of fread() tells you if end-of-input is reached or not. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Feb 1 23:07:44 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l1277iNI003030 for ; Thu, 1 Feb 2007 23:07:44 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l1271x2l015970 for ; Thu, 1 Feb 2007 23:01:59 -0800 Message-Id: <200702020701.l1271x2l015970@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Confused about scripts Date: Thu, 01 Feb 2007 23:01:59 -0800 From: william@bourbon.usc.edu Someone wrote: > I have been trying to understand what all these scripts are > supposed to do. It's the first time I am dealing with scripts. You probably shouldn't wait till the submission day to try it for the first time! > So here's what I did. I just cant be sure if I am doing the right > thing with them. > > nunki.usc.edu(4): emacs scriptdec // I copy pasted the following > // into this file and ran as follows: > > set srcdir=~csci530/public/hw1 > > # > # for the following commands, each correct answer gets 1 point > # > /bin/rm -f f?.dat > foreach f (5 6 7 9) > echo "===> $srcdir/f$f" > ./hw1 dec-base64 $srcdir/f$f.b64 > f$f.dat > diff $srcdir/f$f f$f.dat > end > > # > # for the following commands, each correct answer gets 1 point > # > /bin/rm -f f?.dat > foreach f (0 1 2 3 9) > echo "===> $srcdir/f$f" > cat $srcdir/f$f.b64 | ./hw1 dec-base64 > f$f.dat > diff $srcdir/f$f f$f.dat > end > > # > # for the following commands, each correct answer gets 1 point > # > /bin/rm -f f?.dat > foreach f (100 101) > echo "===> $srcdir/f$f" > cat $srcdir/f$f.b64 | ./hw1 dec-base64 > f$f.dat > diff $srcdir/f$f f$f.dat > end > > nunki.usc.edu(5): chmod -x scriptdec > nunki.usc.edu(6): > > and as a result it didnot output anything. I just do not > understand which scripts are supposed to produce some output. Did you execute the script by doing: ./scriptdec If you did, it should output all the lines that begin with "echo" (please do "man echo" if you are not familiar with "echo"). Please try to do the assignments early. If there are stuff you don't know, please send me e-mail or come to my office hours! It's a little late right before the deadline. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Feb 1 15:50:50 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_20, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l11NooRq000851 for ; Thu, 1 Feb 2007 15:50:50 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l11Nj6FY011340 for ; Thu, 1 Feb 2007 15:45:06 -0800 Message-Id: <200702012345.l11Nj6FY011340@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: problem using ftell() Date: Thu, 01 Feb 2007 15:45:06 -0800 From: william@bourbon.usc.edu Someone wrote: > In my Base-64 decoder program I am using ftell() and fseek(), to > set the position for file reading pointer. Now when I am taking > input from stdin i.e - cat input | decoder - then my ftell() > gets fail. But for all other cases its working fine. Also I am > opening my file in binary mode and using fread(). > kindly advise me what can be the cause. I don't see why you need ftell() and fseek() for base64 decoding! You can read one character at a time, then you can keep track of where you are. So you don't need ftell(). You must write your code to read the input bytes only once because once should be enough. So, you don't need fseek(). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Jan 31 23:42:30 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l117gUXm021372 for ; Wed, 31 Jan 2007 23:42:30 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l117anr1032462 for ; Wed, 31 Jan 2007 23:36:49 -0800 Message-Id: <200702010736.l117anr1032462@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: diff command Date: Wed, 31 Jan 2007 23:36:49 -0800 From: william@bourbon.usc.edu Someone wrote: > In the grading guidelines part 5 mentions the following: > > "5) The grading is meant to be harsh! So, if running the "diff" command > suppose to produce no output, but the student's code produces some > output, take points off accordingly. Similarly, if running the "diff" > command suppose to produce some output, but the student's code > produces no output, take points off accordingly." > > How can we know when the "diff" command will produce an output or not? > This will be helpful to make sure our program is working as it should. You should read the scripts and not just run them blindly. Let's take the first case in (A) for example: foreach f (0 1 2 3 4 5 6 7 8 9) echo "===> $srcdir/f$f" ./hw1 hexdump $srcdir/f$f > f$f.hex diff $srcdir/f$f.hex f$f.hex end By reading the HW1 spec, you should know that running: ./hw1 hexdump $srcdir/f$f > f$f.hex should produce the hexdump of $srcdir/f$f in stdout. In this case, the "diff" command is comparing a solution with your program output. So, if your program is running correctly, "diff" should produce no output. If you are not familiar with UNIX, please see the resources at: http://merlot.usc.edu/cs530-s07/description.html#resources You can also come to my office hours if you have questions. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Jan 31 10:58:50 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l0VIwo5Z025845 for ; Wed, 31 Jan 2007 10:58:50 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l0VIrBn0022717 for ; Wed, 31 Jan 2007 10:53:11 -0800 Message-Id: <200701311853.l0VIrBn0022717@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Bad input data for dec-base64 Date: Wed, 31 Jan 2007 10:53:11 -0800 From: william@bourbon.usc.edu Someone wrote: > I'm still a little confused about what kind of error this line is > suppose to produce. > > ./hw1 dec-base64 $srcdir/f202.b64 > /dev/null > > Is the file f202.b64 not a properly encoded base 64 file or is the error > that the output is not being written. "f202.b64" is not a valid base64 encoded file. You should still output all the characters you have processed to stdout. You should stop as soon as you have detected an error. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Jan 31 10:57:04 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l0VIv4SB025679 for ; Wed, 31 Jan 2007 10:57:04 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l0VIpO1V022673 for ; Wed, 31 Jan 2007 10:51:24 -0800 Message-Id: <200701311851.l0VIpO1V022673@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Base64 encode table Date: Wed, 31 Jan 2007 10:51:24 -0800 From: william@bourbon.usc.edu Someone wrote: > In the link to the base64 encoding document @ > http://email.about.com/cs/standards/a/base64_encoding.htm. It > says "The 64 characters (hence the name Base64) are 10 digits, 26 > lowercase characters, 26 uppercase characters as well as '+' and > '/'". The thing is that the "+" symbol is not in the "encoding > table", you can open the table by clicking on the link in this > same web page, you will get the list of characters, but there is > a "space" instead of a "+" (char value 62). My question is what > is the correct symbol? is it a "+" or a "space"? > > Link to the encoding table > http://email.about.com/od/emailbehindthescenes/l/blbase64enctabl.htm It's a "+". The web page had an error. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Jan 28 15:59:01 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l0SNx12D030921 for ; Sun, 28 Jan 2007 15:59:01 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l0SNrVlV010436 for ; Sun, 28 Jan 2007 15:53:31 -0800 Message-Id: <200701282353.l0SNrVlV010436@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Doubt in Test Script Date: Sun, 28 Jan 2007 15:53:31 -0800 From: william@bourbon.usc.edu Someone wrote: > This what I get when i run the same command on the prompt > > nunki.usc.edu(24): ./hw1 dec-base64 $srcdir/f202.b64 > /dev/null > Input Data is not base64 encoded > nunki.usc.edu(25): > > Is this what the error message that is expected ? Please reply if its wrong > or please give us some kind of input. Sounds good to me! -- Bill Cheng // bill.cheng@usc.edu On 1/25/07, william@bourbon.usc.edu wrote: > > Someone wrote: > > > I would like to know if the test case: > > > > ./hw1 dec-base64 $srcdir/f202.b64 > /dev/null > > (should generate error messages to stderr) > > > > is right. > > I mean does it really generate error. I tried running the file with the > > openssl decode which doesnt output any error but instead performs a > > proper decoding. > > Your code should do better than openssl. Openssl does not > produce error message for f202.b64. Yours should! Please > notice that nowhere in the spec says that your code should > work like openssl! > -- > Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Sun Jan 28 14:22:08 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-1.7 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_20, NO_REAL_NAME,UPPERCASE_25_50 autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l0SMM8BI020472 for ; Sun, 28 Jan 2007 14:22:08 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l0SMGcDn009294 for ; Sun, 28 Jan 2007 14:16:38 -0800 Message-Id: <200701282216.l0SMGcDn009294@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: course books Date: Sun, 28 Jan 2007 14:16:38 -0800 From: william@bourbon.usc.edu Someone wrote: > When looking at the book list for CSCI-530 on OASIS the following shows up: > > [R] 30014 CSCI-530 CHENG(I) KAUFMAN NETWORK SECURITY PRENTICE $59.99 > > [R] 30014 CSCI-530 CHENG(I) BISHOP COMPUTER SECURITY AW $79.99 > > [O] 30014 CSCI-530 CHENG SCHNEIER APPLIED CRYPTOGRAPHY (2ND) JOHN WILEY > $60.00 > > However, I only see the second required book (BISHOP) and the optional book > (SCHNEIER) mentioned within the Course Description. > > Is it safe to say that the first required book (KAUFMAN) is not actually > *required* and we have the option of returning it to the bookstore? Correct. The first book was required a couple of years ago. It was replaced by the 2nd book. I'm not sure why it was not fixed in OASIS. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Jan 25 23:14:16 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l0Q7EGKt015565 for ; Thu, 25 Jan 2007 23:14:16 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l0Q78u6F007076 for ; Thu, 25 Jan 2007 23:08:56 -0800 Message-Id: <200701260708.l0Q78u6F007076@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Doubt in Test Script Date: Thu, 25 Jan 2007 23:08:56 -0800 From: william@bourbon.usc.edu Someone wrote: > I would like to know if the test case: > > ./hw1 dec-base64 $srcdir/f202.b64 > /dev/null > (should generate error messages to stderr) > > is right. > I mean does it really generate error. I tried running the file with the > openssl decode which doesnt output any error but instead performs a > proper decoding. Your code should do better than openssl. Openssl does not produce error message for f202.b64. Yours should! Please notice that nowhere in the spec says that your code should work like openssl! -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Wed Jan 24 00:11:31 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.5 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l0O8BVWS012574 for ; Wed, 24 Jan 2007 00:11:31 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l0O86Itk009351 for ; Wed, 24 Jan 2007 00:06:18 -0800 Message-Id: <200701240806.l0O86Itk009351@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: HW-1 - Reading end of input Date: Wed, 24 Jan 2007 00:06:18 -0800 From: william@bourbon.usc.edu Someone wrote: > That was my understanding too and that is how I'm implementing things when > the input is a file. My question was when no file is specified and I need to > take in input from the standard input. If you are asking how to close the standard input if you are typing things in, then the answer is you type a . is not a character that will appear when you read from stdin. It tells your UNIX shell that it's the end of input from the terminal. As you can see from the grading guidelines, the normal way data comes into stdin is via a pipe. We "cat" and file and then pipe it to your program. This way, we can pipe any binary file. You should treat input as if it is a binary file. -- Bill Cheng // bill.cheng@usc.edu On 1/23/07, william@bourbon.usc.edu wrote: > > Someone wrote: > > > I had a question with regard to reading in the input from stdin. What is > > the delimiter we need to use identify the end of input? > > End-of-input is not indicated by a character! (I think on > Windows, there is an EOF *character*, which is 0x0d. I think > it's only for an ASCII file, but Windows does not always stick > to this. May be this is why it's confusing.) > > Clearly, it's not a good idea to have an "end-of-input" > character. If the input is a binary file, what if the file > contains that character?! Then you need to "escape" this > character in the file. Then the file content becomes > dependent on *how you read it*. It's terribly wrong if this > is the case. > > On Unix machines, end-of-input is a *condition* that you can > check for. For example, you can use feof() to check if the > end-of-input condition is reached. Or, if you are doing read() > or fread(), you should check the man pages to see what they > will return if the end-of-input condition is reached. > > Please remember, for hexdump and base64 encoding, you should > pretend that the input file is a binary file (so any character > is possible). > -- > Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Jan 23 22:31:03 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_50, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l0O6V2C1004563 for ; Tue, 23 Jan 2007 22:31:02 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l0O6PotG008590 for ; Tue, 23 Jan 2007 22:25:50 -0800 Message-Id: <200701240625.l0O6PotG008590@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: about the bsubmit Date: Tue, 23 Jan 2007 22:25:50 -0800 From: william@bourbon.usc.edu Someone wrote: > i am not familiar with the new bsubmit system and i tried to > submit my HW1 by the following steps but i got a message to > check the event_id > > i did the following the steps > *********************************************** > nunki.usc.edu(161): ~csci551b/bin/bsubmit config -set email=ABCD@usc.edu > [bsubmit]: your e-mail address has been configured to be 'ABCD@usc.edu'. > nunki.usc.edu(162): ~csci551b/bin/bsubmit upload -event merlot.usc.edu_9996_1155935174_19 -file hw1.tar.gz > HTTP: cannot connect to merlot.usc.edu:9996. > Fail to obtain a certificate file from the following URL: > > http://merlot.usc.edu:9996/bistro/getcert.html?evid=merlot.usc.edu_9996_1155935174_19 > > Please check that the event_id you provide is correct. > nunki.usc.edu(163): > ************************************************** > i checked the event_id many times with the one provided on > the web site and it looks the same to me ! Oops! I didn't start the submission server after I rebooted the machine this afternoon. It should work now. Please use a *real* e-mail address. When I go to the server to gather all your submissions (the day after the submission deadline), a notification e-mail will be send to the e-mail address you configured when you run bsubmit. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Jan 23 19:26:22 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-1.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_20, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l0O3QM4h022358 for ; Tue, 23 Jan 2007 19:26:22 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l0O3LAVQ006916 for ; Tue, 23 Jan 2007 19:21:10 -0800 Message-Id: <200701240321.l0O3LAVQ006916@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: HW-1 - Reading end of input Date: Tue, 23 Jan 2007 19:21:10 -0800 From: william@bourbon.usc.edu Someone wrote: > I had a question with regard to reading in the input from stdin. What is > the delimiter we need to use identify the end of input? End-of-input is not indicated by a character! (I think on Windows, there is an EOF *character*, which is 0x0d. I think it's only for an ASCII file, but Windows does not always stick to this. May be this is why it's confusing.) Clearly, it's not a good idea to have an "end-of-input" character. If the input is a binary file, what if the file contains that character?! Then you need to "escape" this character in the file. Then the file content becomes dependent on *how you read it*. It's terribly wrong if this is the case. On Unix machines, end-of-input is a *condition* that you can check for. For example, you can use feof() to check if the end-of-input condition is reached. Or, if you are doing read() or fread(), you should check the man pages to see what they will return if the end-of-input condition is reached. Please remember, for hexdump and base64 encoding, you should pretend that the input file is a binary file (so any character is possible). -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Jan 23 12:05:51 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-2.3 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l0NK5pvO008431; Tue, 23 Jan 2007 12:05:51 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l0NK0fKS002471; Tue, 23 Jan 2007 12:00:41 -0800 Received: (from william@localhost) by bourbon.usc.edu (8.13.5/8.13.5/Submit) id l0NK0frp002470; Tue, 23 Jan 2007 12:00:41 -0800 Date: Tue, 23 Jan 2007 12:00:41 -0800 From: william@bourbon.usc.edu Message-Id: <200701232000.l0NK0frp002470@bourbon.usc.edu> To: cs530@merlot.usc.edu, cs551@merlot.usc.edu, cs558l@merlot.usc.edu Subject: class web server outage today (1/23/07) at 2:30pm Hi, Merlot.usc.edu will be down for about half an hour this after noon from 2:30pm to 3pm. If you must have class web information during that time, please make a copy soon. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Fri Jan 19 23:19:33 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_05, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l0K7JX0t003145 for ; Fri, 19 Jan 2007 23:19:33 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l0K7EZL8008333 for ; Fri, 19 Jan 2007 23:14:35 -0800 Message-Id: <200701200714.l0K7EZL8008333@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: String I/O functiona Date: Fri, 19 Jan 2007 23:14:35 -0800 From: william@bourbon.usc.edu Someone wrote: > In the specs it says that we should not use fgets(), scanf() and > printf() to input/output binary data. > should we use fprintf or fputs? I am a little rusty in C and I am trying > to figure this out. or what should I use? If you want to output *binary* data, you should use write() or fwrite() or something equivalent. > Also, I cannot find on the spects if the output of the hexdump and > encode/decode base 64 will be sent to a file and/or to the console? I just added the following to the spec: [BC: Added 1/19/2007] Unless otherwise specified, output of your program must go to stdout and error messages must go to stderr. This is the standard UNIX convention. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Thu Jan 18 12:17:10 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_20, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l0IKH9xv032342 for ; Thu, 18 Jan 2007 12:17:09 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l0IKCHHX017415 for ; Thu, 18 Jan 2007 12:12:17 -0800 Message-Id: <200701182012.l0IKCHHX017415@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: about the hexdump hexdump and other testing scripts for hw1 cs 530 Date: Thu, 18 Jan 2007 12:12:17 -0800 From: william@bourbon.usc.edu Someone wrote: > When trying to execute this script, my program still looks > for the file name that i'm guessing should have been > concatenated to it from the cat command. however, I still do > not understand how exactly the cat command and the "|" > character should do and what was the expected outcome of this > script: > > set srcdir=~csci530/public/hw1 > # > # for the following commands, each correct answer gets 1 point > # > /bin/rm -f f?.hex > foreach f (0 1 2 3 4) > echo "===> $srcdir/f$f" > cat $srcdir/f$f | ./hw1 hexdump > f$f.hex > diff $srcdir/f$f.hex f$f.hex > end When you run "cat x", the content of "x" will go to the stdout. When you run 'hw1', you should be able to read from stdin. You can connect stdout of one program to the stdin of another program using the UNIX pipe, "|". To understand all this, you should read about stdin, stdout, stderr, and pipes on UNIX. > When i changed the script to the following however, it worked perfectly: > > set srcdir=~csci530/public/hw1 > # > # for the following commands, each correct answer gets 1 point > # > /bin/rm -f f?.hex > foreach f (0 1 2 3 4) > echo "===> $srcdir/f$f" > cat $srcdir/f$f | ./hw1 hexdump $srcdir/f$f > f$f.hex > diff $srcdir/f$f.hex f$f.hex > end We will only grade using our grading scripts. So, in this case, your program must read from stdin and cannot use the filename. -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Jan 16 21:44:34 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_50, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l0H5iYSN012370 for ; Tue, 16 Jan 2007 21:44:34 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l0H5dlUW025232 for ; Tue, 16 Jan 2007 21:39:47 -0800 Message-Id: <200701170539.l0H5dlUW025232@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Question Regarding hexdump of hw1 cs530 Date: Tue, 16 Jan 2007 21:39:47 -0800 From: william@bourbon.usc.edu Someone wrote: > when using the diff command, i noticed the last line of the > output generated from my program was different than the hex > sample files in the spec(yesterday.hex.txt and usctommy.hex.txt). > When i looked at both files, i noticed there was an extra 9 space > characters at the end of the yesterday.hex file which in my > opinion did not belong there since the rest of the output was > exactly identical. even the diff command dec > lared the files identical had it not been for the extra spaces in > the sample output. I appreciate if you can advice on this matter, The reason is that the spec says: In addition, non-existant bytes (at the end of the file) should by displayed as -- and use *space characters* in the right column. You must follow the spec! If you think the spec is wrong, please let me know. > also, the openssl command does not seem to work and the grep > couldn't find anything either. Could you be more specific? And have you followed the instruction on: http://merlot.usc.edu/cs530-s07/openssl.html -- Bill Cheng // bill.cheng@usc.edu Return-Path: william@bourbon.usc.edu Delivery-Date: Tue Jan 16 20:13:43 2007 X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on merlot.usc.edu X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_50, NO_REAL_NAME autolearn=ham version=3.1.3 Received: from bourbon.usc.edu (bourbon.usc.edu [128.125.9.75]) by merlot.usc.edu (8.13.5/8.13.5) with ESMTP id l0H4DhR0005179 for ; Tue, 16 Jan 2007 20:13:43 -0800 Received: from bourbon.usc.edu (localhost.localdomain [127.0.0.1]) by bourbon.usc.edu (8.13.5/8.13.5) with ESMTP id l0H48vtc023998 for ; Tue, 16 Jan 2007 20:08:57 -0800 Message-Id: <200701170408.l0H48vtc023998@bourbon.usc.edu> To: cs530@merlot.usc.edu Subject: Re: Location of Testing Scripts Date: Tue, 16 Jan 2007 20:08:57 -0800 From: william@bourbon.usc.edu Someone wrote: > I would like to know where the testing scripts for CSCI 530 first > assignment are located. > Its been given to set the directory to ~csci530/public/hw1 but where do > I find this directory? Does the following command work? ls ~csci530/public/hw1 > It would be helpful if there is some information on how to execute > scripts in the class web page. It is stated in the grading guidelines that the scripts are written in csh/tcsh scripts. If you want to run them, you can just copy and paste from the grading guidelines file and paste into your login shell, assuming that your login shell is csh/tcsh. If your login shell is /bin/bash, you can simply do "tcsh" to get into tcsh and then copy and paste the commands. If you want to read about UNIX, please see: http://merlot.usc.edu/cs530-s07/description.html#resources -- Bill Cheng // bill.cheng@usc.edu