25 lines
958 B
Plaintext
25 lines
958 B
Plaintext
From: hochspezialisiert@sec.in.tum.de
|
||
To: itsec_examdraft@sec.in.tum.de
|
||
Subject: [Draft Question — Cryptography]
|
||
|
||
Confidential (ONLY FOR AUTHORIZED PERSONNEL)
|
||
|
||
Question:
|
||
Consider a toy "QR-encryption" scheme where a message is encoded into
|
||
a QR code and then randomized by permuting its tiles with a secret seed.
|
||
|
||
(a) Under ideal assumptions, explain why this scheme could satisfy
|
||
Kerckhoffs' principle.
|
||
(b) Now assume an attacker can test permutations against the QR format
|
||
(find patterns, error correction, alignment markers). Why does this
|
||
reduce the effective security of the scheme?
|
||
|
||
Solution (DO NOT DISTRIBUTE):
|
||
(a) If the algorithm is known and the seed remains secret, only the
|
||
seed determines security → aligns with Kerckhoffs’ principle.
|
||
(b) QR codes have strong structural redundancy (finder patterns,
|
||
error correction). This gives the attacker an oracle to prune wrong
|
||
seeds quickly → brute force feasible.
|
||
|
||
Verification Token:
|