Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threats, but it does not secure the application from coding errors. It can provide data privacy; integrity and enable strong authentication but it cannot mitigate programming errors. What is a good example of a programming error that Bob can use to explain to the management how encryption will not address all their security concerns?
A.
Bob can explain that using passwords to derive cryptographic keys is a form of a programming error
B.
Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique
C.
Bob can explain that a random number generator can be used to derive cryptographic keys but it uses a weak seed value and this is a form of a programming error
D.
Bob can explain that using a weak key management technique is a form of programming error
Explanation:
A buffer overflow occurs when you write a set of values (usually a string of characters) into a fixed length buffer and write at least one value outside that buffer’s boundaries (usually past its end). A buffer overflow can occur when reading input from the user into a buffer, but it can also occur during other kinds of processing in a program. Technically, a buffer overflow is a problem with the program’s internal implementation.
Do not agree as Buffer Overflow is nothing to do with cryptography. The correct answer is A.
Yes. I fixed.
Hi,
You fixed it but explanation is wrong. Could you explain why the correct answer is A ?
Thanks
@ Hannah : Could you explain for this question ?
I think the question is an example of a programming error that would NOT be addressed using encryption… in which case “B” was the correct option and A has nothing to do with a real programming error (ie., passwords/passcodes/Pins creating or protecting crypto keys is NOT programming).
From my point of view correct one is D, because incorrect key management g.e. store it in insecure place on system and not correctly controlled by application crate obvious and direct gap.
It is B definitely.
Using password to derive a cryptographic key is a mistake a user of the application may do, not the programmer. Programmers do not determine the password or the key used, they only implement the algorithm.
B 🙂
hannah got it right, buffer overflow has nothing to do with cryptography. B is a correct statement but it is not the correct answer for the question.
A,B, and D are all encryption flaws derived from system errors. Only C is a programming error in the application that does NOT concern encryption and shows that proper encryption will NOT solve all the security concerns.
The correct answer is C.
It’s B, the answer key I’m looking at has the questions in a different order.
I think the correct is B.
No matter what cryptography technology you use, if you do not handle Buffer Overflow in your programming, it will make your program available to this kind of vulnerability.
We like to honor many other web sites on the net, even though they arent linked to us, by linking to them. Under are some webpages really worth checking out.
We came across a cool site that you just may well appreciate. Take a search in the event you want.
Wonderful story, reckoned we could combine some unrelated data, nonetheless really worth taking a search, whoa did a single discover about Mid East has got much more problerms also
Here are a number of the web-sites we advise for our visitors
very handful of web sites that take place to become in depth beneath, from our point of view are undoubtedly well really worth checking out
Here are several of the web pages we suggest for our visitors
we like to honor many other net internet sites on the web, even when they arent linked to us, by linking to them. Below are some webpages really worth checking out
very few web-sites that take place to be comprehensive below, from our point of view are undoubtedly very well really worth checking out
we came across a cool web-site that you just could possibly love. Take a appear for those who want