COMP715/815GB:2013 Team Memorable


 * Home
 * A Team (Robert)
 * Gold Team (Daniel)
 * Team One (James)
 * [Team Memorable (Gabriel)]

Info

 * Planned Meeting Times:
 * Wednesday 4:30pm - 5:30pm


 * Group leader:
 * Gabriel
 * Students:
 * Charlie
 * Colby moved to Gold Team
 * John
 * David
 * Matt
 * Ramon

Week of Sept 11th
Time: 4:30-5:30pm

Present:
 * Gabriel
 * Colby
 * David
 * Matt
 * Ramon
 * John

Topics
 * Chapter 1.3 & 1.4 Review
 * Shared vs. public/private keys
 * Digital signatures
 * Cryptographic Hashes
 * Brute force

Week of Sept 18th
Time: 4:30-5:30pm

Present:
 * Gabriel
 * Charlie
 * Colby
 * John
 * David
 * Matt
 * Ramon

Topics The discussion was focused on two subjects: homework assignment and first part of the Lab code.

We talked about different systems passwords policy, starting with the most popular (yahoo, google) and ending up with different forums or membership websites, with pretty different password policies:
 * at least two of each: capitals, small caps, symbols, numbers; adding to this, change password every two months, without having a string of 4 or more characters from the previous 4 passwords present in the new password
 * regular Yahoo/Google with just "more than 8 characters" rule. At least they show you the "password strength indicator" when you chose your password. We do not believe that indicator to be very accurate (depends on hacker skills).
 * just characters, numbers and the, %, ! symbols. One can't chose other symbols than the stated ones. Not a very good strong password policy.

To do for next week: put all question answers in writing in the homework report.

The second discussion point was related to the encoding algorithm. We went again over the algorithm, taking into consideration that one of us missed the lab/class. This was a good opportunity for us to discuss once again the encoding steps, including the pseudo random generator. I hope all of us got it now.

Open questions How to locate different websites that deal with web security. Hopefully we will come with various enough answers for the homework report. Google was mainly the only suggestion, as out website security testing skills are just beginning to develop. Even if we had those skills, we did not thing it would be ethic to start taking down websites.

Concerns none

Week of Sept 25th
Time: 4:30-5:30pm

Present:
 * Gabriel
 * Colby***
 * David
 * Matt
 * Ramon
 * John
 * Charlie

Topics We have to turn in the homework 1 today, so we are discussing the solutions we found for the exercises. We found interesting solutions for the random generator, like raising character value to the power of index, or using the index to compose the P2 parameter, in order to give it more random values. We are having discussions peer to peer (1 to 1) about the homework. Some of us had some trouble in creating the hash function, so we try to help each other understand. Still discussing using the index and how it can generate unique keys. It seems we had different views regarding websites dealing with security. My peers talked about firewall/security company websites. I assumed we had to discuss about websites that had security issues. It seemed to me that they dealt with security issues.

Concerns

Week of Oct 2nd
Time: 4:30-5:30pm

Present:
 * Gabriel
 * Matt
 * Ramon
 * John

Topics We are discussing about lock picking and how to prevent it. So far we came up with some ideas, none of them seems to be lock picking proof.

For the encoded message problem, we were wondering about the decoding process. Understanding the decoding process would help us understand how to better encode it. In the case of a brute force attack, all we have for "Hello" is a 5 characters message, encoded on 7 bits, so a brute force attack would be pretty straight forward. We have to think on how encoding it twice would complicate the decoding process.

Concerns

Week of Oct 9th
Time: 4:30-5:30pm

Present:
 * Gabriel
 * Charlie
 * Colby
 * John
 * David
 * Matt
 * Ramon

Topics Top discussion about the numbers of tries. It seems everybody has a pretty vague idea about a big number, but nothing concrete. Not everybody turned in the homework just yet, so concrete discussions are a little bit out of the question.

We got 7 initial positions for 3/5 known keys. Well, we don't, we have more possible combinations for 3 out of 5 known keys.

We split in groups of two in order to discuss different homework questions/solutions, as getting a common ground for all of us is not so easy. Everybody seems to be talking about something else or nothing at all/just listening/thinking. We seem captured by the problem, I really cannot shift the discussion towards anything else.

500k dictionary with a 16 bit salt. It seems that everybody agrees that 500k are words in the dictionary, not bits/bytes...

A for loop inside the encrypt/decrypt function should do the job for the Lab question, it seems everybody came up with the same solution.

Open questions Well, pretty much everything related to the number of tries question.

Concerns none

Week of Oct 16th
Time: 4:30-5:30pm

Present:
 * Gabriel
 * Charlie
 * Colby**
 * John
 * David
 * Matt
 * Ramon

Topics

Today is the practice test day. We are discussing the possibilities for different questions in the test.

Methods to crack passwords were also a part of the discussion - we were thinking that the future password crack will not be on a server, but on a local implemented system or so. Probably a brute force attack would do it... we'll just have to wait and see.

Week of Oct 23rd
Time: 4:30-5:30pm

Present:
 * Gabriel
 * Charlie
 * John
 * David
 * Matt
 * Ramon

Topics During the discussion we revised the lectures, emphasizing some of the key points.

Basically it was a general discussion over the lectures and the test exam from the previous week: the test exam questions and the best possible answers for them.

We also tried to generate some possible problems/questions for the exam and tried to come up with suitable answers.

The point of the meeting was a final revision just before the exam. Everybody was active. I believe we touched some key points and everybody had something to learn.

Week of Oct 30th
Time: 4:30-5:30pm

Present:
 * Gabriel
 * Charlie
 * John
 * David
 * Matt
 * Ramon

Topics We discussed some of the midterm questions and tried to come up with the right answers, just to see if we were on the right track.

Besides that, homework questions were also discussed, and solutions to them (worms, viruses, port sniffers). It seems the Lab question was not difficult, and my colleagues managed to implement it....

Week of Now 6th
Time: 4:30-5:30pm

Present:
 * Gabriel
 * Charlie
 * John
 * David
 * Matt
 * Ramon
 * James and Joshua from other teams were also present and participated in the discussion

Topics The main topic was the password hunt. We discussed ways to implement the algorithm for the password hunt. We came up with the following ideas:
 * personal life words
 * regular expressions
 * eliminate duplicate results
 * encode/decode multiple times
 * use regular expressions perhaps - even if we don't know how to implement regular expressions at this point

Week of Now 13th
Time: 4:30-5:30pm

Present:
 * Gabriel
 * John
 * David
 * Matt
 * Ramon
 * James and Joshua from other teams were also present and participated in the discussion

Topics The main topic was again the password hunt - this time the "how many did you get?" question was on the table.

Time left is short, but some are still trying...

We agreed on how some algorithms were useful to find particular results (regular expressions, multiple decryption,...).

Some ideas that we implemented during last week:
 * eliminate all duplicates
 * try regular expressions
 * try regular expressions and only afterwards compare against a dictionary => reduce time
 * work with the random number generator, as results above approx. 24k repeat themselves - the random number generator it's cyclic starting at around 24k => analyze first 24k results => reduce time

Week of Nov 20th
Time: 4:30-5:30pm

Present:
 * Gabriel
 * David
 * Matt
 * Ramon
 * John

Topics Our discussions are mainly based on the
 * if we do an i-s replacement and after that an s-i replacement, will the tool do a i-s-i replacement and we end up with the initial character? After testing, no.
 * character frequency is significant for decoding the encoded text (it seems to be a simple shift)
 * David is working in getting the linus server working so we can log in and test what nmap does
 * it seems Caesar's cipher was implemented in the algorithm, so finding the right shift value is essential. The text can be decoded by simply decoding the shift cipher.

Week of Dec 4th
Time: 4:30-5:30pm

Present:
 * Gabriel
 * David
 * Matt
 * Ramon
 * John

Topics Our discussions are mainly based on possible subjects for the exam. We went over lecture sections from the second part of the semester, also reviewing some of the first part of the semester lectures, as the exam was somehow comprehensive. Topics included:
 * different types of attacks on different communication layers
 * ways to avoid attacks on communication layers
 * explained different types of firewalls (bastion host, screened subnet, dual firewall)
 * web attacks: session hijacking, phishing