Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Briefly explain why the technique you explored in Part 2.2 poses a danger to sys

ID: 3885212 • Letter: B

Question

Briefly explain why the technique you explored in Part 2.2 poses a danger to systems that rely on digital signatures to verify the integrity of programs before they are installed or executed. Examples include Microsoft Authenticode and most Linux package managers. (You may assume that these systems sign MD5 hashes of the programs.)

Explanation / Answer

#include #include #include #define BUFSIZE 1024 #define MD5LEN 16 DWORD main() { DWORD dwStatus = 0; BOOL bResult = FALSE; HCRYPTPROV hProv = 0; HCRYPTHASH hHash = 0; HANDLE hFile = NULL; BYTE rgbFile[BUFSIZE]; DWORD cbRead = 0; BYTE rgbHash[MD5LEN]; DWORD cbHash = 0; CHAR rgbDigits[] = "0123456789abcdef"; LPCWSTR filename=L"filename.txt"; // Logic to check usage goes here. hFile = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, NULL); if (INVALID_HANDLE_VALUE == hFile) { dwStatus = GetLastError(); printf("Error opening file %s Error: %d ", filename, dwStatus); return dwStatus; } // Get handle to the crypto provider if (!CryptAcquireContext(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { dwStatus = GetLastError(); printf("CryptAcquireContext failed: %d ", dwStatus); CloseHandle(hFile); return dwStatus; } if (!CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash)) { dwStatus = GetLastError(); printf("CryptAcquireContext failed: %d ", dwStatus); CloseHandle(hFile); CryptReleaseContext(hProv, 0); return dwStatus; } while (bResult = ReadFile(hFile, rgbFile, BUFSIZE, &cbRead, NULL)) { if (0 == cbRead) { break; } if (!CryptHashData(hHash, rgbFile, cbRead, 0)) { dwStatus = GetLastError(); printf("CryptHashData failed: %d ", dwStatus); CryptReleaseContext(hProv, 0); CryptDestroyHash(hHash); CloseHandle(hFile); return dwStatus; } } if (!bResult) { dwStatus = GetLastError(); printf("ReadFile failed: %d ", dwStatus); CryptReleaseContext(hProv, 0); CryptDestroyHash(hHash); CloseHandle(hFile); return dwStatus; } cbHash = MD5LEN; if (CryptGetHashParam(hHash, HP_HASHVAL, rgbHash, &cbHash, 0)) { printf("MD5 hash of file %s is: ", filename); for (DWORD i = 0; i > 4], rgbDigits[rgbHash[i] & 0xf]); } printf(" "); } else { dwStatus = GetLastError(); printf("CryptGetHashParam failed: %d ", dwStatus); } CryptDestroyHash(hHash); CryptReleaseContext(hProv, 0); CloseHandle(hFile); return dwStatus; }

Related Questions

Briefly explain how the traffic intensity a, a certain node will affect the corr
Question #3791676
Briefly explain how would create a tomato variety that is resistant to frost dam
Question #80684
Briefly explain how would create a tomato variety that is resistant to frost dam
Question #86427
Briefly explain how your observations do or do not support your prediction in (9
Question #538138
Briefly explain in what ways have the Ganges, Indus, and Brahmaputra rivers been
Question #119624
Briefly explain in what ways have the Ganges, Indus, and Brahmaputra rivers been
Question #119625
Briefly explain in what ways have the Ganges, Indus, and Brahmaputra rivers been
Question #119626
Briefly explain one of diseases of the skin. Briefly explain one of the diseases
Question #216965
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Briefly explain why the stopcock/value on the buret must remain in the open posi
Next
Briefly explain why you can use the Calcium Separation and Quantinization proced

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.