Taking a square root is harder than squaring, but not much. (square-root takes O(n) time on an n-bit number using Newton's method.) Furthermore, the ideal trapdoor function should map from the set N or all n-bit numbers to the same set N, one-to-one.If we have a pseudo-random number generator, this might serve. If rand(i) produces the next n-bit number in pseudo-random sequence, for example, but multiplicative congruence, it will be difficult, given the value of rand(i) to compute i.
Given that we have mixed-case alphanumeric passwords, there are 26+26+10 or 62 values for each character, or approximately 6 bits per character. 5 characters times 6 bits per character is 30 bits total for the shortest legal password. So, allowing an eavesdropper to discover that the password is as short as the minimum length may reduce a trial and error search to as few as 1 billion possibilities. If it takes k seconds to search all 8-character passwords, knowing that the password is shorter than 8 characters reduces the computation by a factor of 62.
We can use the MMU to prevent buffer overflow attacks if we always invalidate the page in the virtual address space of a process that immediately follows the buffer. UNIX does not provide tools to do this, but several operating systems I have used did so, and I routinely used this trick.
| ppp-notes | prog1 | project.t | splash.gif | -----+-----------+-------+-----------+------------+ pub | r | r x | | | -----+-----------+-------+-----------+------------+ users| r | r x | rw | | -----+-----------+-------+-----------+------------+ devel| r | r x | | r | -----+-----------+-------+-----------+------------+ gmw | rw | r x | rw | | -----+-----------+-------+-----------+------------+ asw | r | rwx | rw | rw | -----+-----------+-------+-----------+------------+ | ppp-notes | prog1 | project.t | splash.gif |
In the above, I'v added one more line than Tannenbaum asked for, a line for the user called public. This has all rights conferred to the public, in general, for each file. Members of the groups users and devel have access to the rights of the general public, plus additional rights conferred by the group entry in the access-control list of the files that are in those groups. Finally, individual users have the union of the rights they can get from the groups they belong to, plus the rights they get from the owner fields of files they own.
Do problem 31 on page 669.
ppp-notes: gmw/rw- asw/r-- prog1: gmw/r-x asw/rwx project.t: gmw/rw- asw/rw- splash.gif: asw/rw-
The UNIX access control system has a degree of universiality. If we create a distinct group for each file, we can use that group as an access control list for that file, adding and removing users from that group as a means of adding or removing entries in the ACL for the file. The restriction is, the UNIX model only supports 3 distinct patterns of access rights for each file, and furthermore, we cannot deny a right to the owner or group members which is allowed to the public, because all users are free to switch at any time between the groups they are members of.The first limitation can only be exercised if we have 4 or more distinct combinations of access rights in the ACL, so it only works with 4 or more distinct users. Therefore, we must devise an ACL that violates the second restriction. Consider this:
splash.gif: asw/rw- gmw/r-x
A 1600x1200 image has 1,920,000 pixels or 1,920,000 least significant bits. If our text compresses to bits per character, we can sneak 1,920,000/4 or 480,000 characters into the image. This is over 100 pages of single-spaced 12-point text with reasonable margins (60 lines per page, 72 characters per line), which is to say, it's about the size of a PhD thesis or a short novel.As an aside, the images can be compressed using a lossless image compression algorithm such as GIF. Lossy image compression, such as JPG will generally lose the steganographic content (although JPG compression parameters can be adjusted to make JPG lossless).
The dissedents could apply a digital signature to their messages, but this would require that they smuggle out, on a different channel, the public key for their digital signature. Because they hold the private key, it would be very difficult for the forged messages to contain the correct digital signature.