04-10-2015, 07:13 PM
If I am not mistaken I think his question comes from here:
students.depaul.edu/~sning/SE526/SE%20526%20-%20Final%20Exam%202013%20FINAL.doc
I am interested in the proper procedure used to perform an action like this. I have been tinkering with it in the last few days and attempted to see if it has a one-time pad or if I could just XoR it directly by hand. Neither method came back with an answer that makes sense.
Is there an alternative method to XoR the Encrypted & plain text values programmatically that will generate the true key?
The question is:
You have managed to compromise a database of credit cards via a SQL injection attack. Below is a sample of records pulled from the database table credit_cards:
fname lname email_addr cc_num cc_expire
Johnny Johnson jj@incorp.com +VZyY1sBOazFh4COBrB2 11042012
Bradley Bacon bacon@gmail.com +VZ7ZVcKPavGh4iGArNy 04032014
Evil Attacker evil@evil.com +VZyZlAHP6HAgoaPBrBz 06212014
Evil Attacker2 evil2@evil.com +VZyZlAHP6HAgoaPBrBz 06212014
As the attacker you were able to insert the record for Evil Attacker and EvilAttacker2 and you know the Plaintext for both of the corresponding credit card numbers is 378734493671000.
o What type of encryption (block or stream) is being used to store these credit card numbers? (1 point)
Stream
o What is the issue with the encryption used to store these numbers? (1 point)
Can be xored.
o What type of encryption would you recommend to store these numbers as a more secure alternative to the method they chose (1 point)?
RSA 512 bit. Legal limit.
o What is the plaintext for the other credit card numbers? (1 extra credit point)
students.depaul.edu/~sning/SE526/SE%20526%20-%20Final%20Exam%202013%20FINAL.doc
I am interested in the proper procedure used to perform an action like this. I have been tinkering with it in the last few days and attempted to see if it has a one-time pad or if I could just XoR it directly by hand. Neither method came back with an answer that makes sense.
Is there an alternative method to XoR the Encrypted & plain text values programmatically that will generate the true key?
The question is:
You have managed to compromise a database of credit cards via a SQL injection attack. Below is a sample of records pulled from the database table credit_cards:
fname lname email_addr cc_num cc_expire
Johnny Johnson jj@incorp.com +VZyY1sBOazFh4COBrB2 11042012
Bradley Bacon bacon@gmail.com +VZ7ZVcKPavGh4iGArNy 04032014
Evil Attacker evil@evil.com +VZyZlAHP6HAgoaPBrBz 06212014
Evil Attacker2 evil2@evil.com +VZyZlAHP6HAgoaPBrBz 06212014
As the attacker you were able to insert the record for Evil Attacker and EvilAttacker2 and you know the Plaintext for both of the corresponding credit card numbers is 378734493671000.
o What type of encryption (block or stream) is being used to store these credit card numbers? (1 point)
Stream
o What is the issue with the encryption used to store these numbers? (1 point)
Can be xored.
o What type of encryption would you recommend to store these numbers as a more secure alternative to the method they chose (1 point)?
RSA 512 bit. Legal limit.
o What is the plaintext for the other credit card numbers? (1 extra credit point)