Course Project 1 IS370 Information Security

Assignment Unit 5

Park University

Instructor:

Nov 15, 2022

(20 points)

• (6 points) View the list (Links to an external site.) of security publications at NIST.
Pick one publication of interest to you. Summarize the contents of the document in a
paragraph and explain two key findings/conclusions. Be sure to cite all your work.

Answer:

The article that I picked for this homework is recommendations for federal Vulnerability
Disclosure Guidelines”. This article talks about encouraging government users including
DHS and DOD to use a digital product that reports a known or suspected security
vulnerability in a digital product. The main reason for this encouragement is to ensure
that vulnerabilities are known to the developers because not all vulnerabilities can be
found thru multiple kinds of testing. Lastly, it ensures awareness of threats to provide
critical information to the government on mitigating the risk.

• (6 points) Pick 3 review questions from p. 495-496 and answer each in a paragraph or
two. Search the web and find two sites that provide additional information regarding
each question. Provide citations for each of your six web pages.

Answer:

1. What are cryptography and cryptanalysis?

Cryptography is the science of ciphering and deciphering messages. It focuses on
encryption or converting a plain text message to an unintelligible text and vice versa.
For example when someone or something hides and encrypts the contents of a
message to make them unrecognizable for their protection and can only be cracked by
someone who has the decryption key. Cryptanalysis on the other hand is the art of
cracking or deciphering these encryptions. It finds multiple ways to decrypt the
message and one good example is Enigma.

2. What was the earliest reason for the use of cryptography? The answer to these
questions is not as easy as it seems there are multiple reasons for cryptography, but
the main one is to conceal information. It is basically to provide information security
and secrecy. But a couple of the earliest records are from 1900 B.C the Egyptian
tablets that had cryptography on them, another one is from 50 B.C when Julius
Caesar used simple cipher substitutions to protect communication lines.

3. What are the components of PKI? The public key, Private key, CA, CS, Certificate
revocation list, and hardware security module.

• (6 points) Passwords that are hashed without the use of a salt are susceptible to a
Rainbow Table attack, where the hash is pre-computed and stored in an efficient
lookup table that allows for relatively fast retrieval of the original password. Some
password hashes that fall into this category are LM hash (Lanmanager) and NTHash
(sometimes called NTLM). Ophcrack is a program that uses Rainbow Tables to crack
password hashes. An online version is available at Objectif Securite (Links to an

external site.). Other sites maintain large databases of hash/password pairs. These
sites include Hash Killer (Links to an external site.) and Crack Station. (Links to
an external site.) Using these sites, find the password associated with the following
 Hashes. Record the password and the site you used. You should be able to crack them
all, though not at a single site.

Answer:

NTHash Password Site

B69B465A8248CE03C4BB65B48096ED4B Pasword666 https://crackstation.net/

479F1BA0EEA2EF86E3DCD2E158ECCBC 2 Mr. Rogers https://crackstation.net/

828F4AC7B0F3968677ED 5B8323E25004 usetheforceluke https://crackstation.net/

BA0EFF8936FF7C3AF5A40579C56659C9 09-11-2001 https://crackstation.net/

B472BF7A251B092191EA78CA1843A1A2 09-12-2001 https://crackstation.net/

95E8929D8C1464D1BE5DA188BCB169F 3 !@#$%!@#$% https://crackstation.net/

• (2 points) Go to Online Hash Crack (Links to an external site.) and use the Hash
Generator to create two NTLM hashes based on your own passwords. Try these
against the previous sites and record your hashes and your results. Explain why you
needed to use two different sites, one to create the hashes and one to crack them.

Answer:

In my opinion, we needed to use multiple sites because not one site can crack a certain
password. Just like how my Password 1 wasn’t cracked thru any website that was
provided.

Password 1

NTLM : 3399BF8EA041C01BC49AE492EDFEF687

Could not be crack on both https://crackstation.net/ &

https://www.objectifsecurite.ch/en/ophcrack

Password 2

NTLM: 1BA1B555C90A4C4303E9E4CC2108F0BA

Result Hotdog24 Cracked thru https://crackstation.net /

 References/Sources:

Schaffer, K. (2021, June 7). SP 800–216 (Draft), Recommendations for Federal Vulnerability

Disclosure Guidelines | CSRC. Csrc.Nist.Gov.

https://csrc.nist.gov/publications/detail/sp/800-216/draft

OpenSystems Media. (n.d.). Cryptology, cryptography, and cryptanalysis - Military Embedded

Systems. Militaryembedded.Com. Retrieved July 14, 2021, from

https://militaryembedded.com/comms/encryption/cryptology-cryptography-

andcryptanalysis

Cryptography and Cryptanalysis: A New Kind of Science | Online by Stephen Wolfram [Page

598]. (2002). Stephen Wolfram: A New Kind of Science | Online.

https://www.wolframscience.com/nks/p598--cryptography-and-cryptanalysis/

Whitman, Michael E.; Mattord, Herbert J.. Principles of Information Security (p. 451). Cengage

Learning. Kindle Edition.

A Brief History of Cryptography. (n.d.). Red Hat Customer Portal. Retrieved July 14, 2021, from

https://access.redhat.com/blogs/766093/posts/1976023

How Does PKI Work [Public Key Infrastructure Guide] | Venafi? (n.d.). Www.Venafi.Com.

Retrieved July 14, 2021, from https://www.venafi.com/education-center/pki/how-

doespki-work#:%7E:text=So%20how%20does%20PKI%20authentication,certificate

%20authority%2C%20and%20registration%20authority.

Ludin, J. (2019, March 11). Public Key Infrastructure: Explained. Security Boulevard.

https://securityboulevard.com/2019/03/public-key-infrastructure-explained/