Bob has a good understanding of cryptography, having worked with it for many years. Cryptography is used to secure data from specific threat, but it does not secure the application from coding errors. It can provide data privacy, integrity and enable strong
authentication but it cannot mitigate programming errors.
What is a good example of a programming error that Bob can use to illustrate to the management that encryption will not address all of their security concerns?
A.
Bob can explain that a random generator can be used to derive cryptographic keys but it uses a weak seed value and it is a form of programming error.
B.
Bob can explain that by using passwords to derive cryptographic keys it is a form of a programming error.
C.
Bob can explain that a buffer overflow is an example of programming error and it is a common mistake associated with poor programming technique.
D.
Bob can explain that by using a weak key management technique it is a form of programming error.
Explanation:
A buffer overflow occurs when you write a set of values (usually a string of characters) into a fixed length buffer and write at least one value outside that buffer’s boundaries (usually past its end). A buffer overflow can occur when reading input from the user into a buffer, but it can also occur during other kinds of processing in a program. Technically, a buffer overflow is a problem with the program’s internal implementation.
Over flow is a common poor programming, specially if A HACKER force the program to collapse. which can reveal function names, and variables, programming language version, etc.