-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Assignment 3 revised: 8/19/06 Assigned: 9/5/06 Due: 6:00pm 9/16/06 (email to dunigan@cs.utk.edu) Objective: PGP/gpg use (use gpg version on CS linux engines) /usr/bin/gpg Points: 20 Description: a) Create yourself a 1024-bit gpg key. Use your name and email address for your key label. For example, Tom Dunigan Remember, choose a good pass phrase. Extract (gpg --export -a) your public gpg key and copy it into your .plan file on your CS account home directory and make sure the .plan and your home directory are world-readable. Get my gpg public key from my CS web page and add it to your public key ring. b) Use gpg to verify the signature on this assignment. Copy/paste the output of your verification session into your ANSWERS file. Also include the gpg key fingerprint of your key in your ANSWERS file. c) Also include in your ANSWERS file your analysis of the programs ~dunigan/cns06/ncp/ncpd.c and ncp.c and ncp.h List as many possible security vulnerabilities in the code as you can. You could use "cat -n ncpd.c" to get line numbers for noting flaws. There are other files in ~dunigan/cns06/ncp/ that describe the protocol and function of the program. You don't need to run the code. You don't need to worry about the network/socket code sections. Think like a hacker. Input is EVIL. Sign your ANSWERS file and encrypt it with my public key in ascii mode (-sear) and email the resulting file to dunigan@cs.utk.edu d) After receiving your email, I will get your public key from your .plan file and add it to my public key ring, and then (eventually) I will send you an encrypted mail message using your public key. Use your gpg private key to decrypt the message, and then follow the instructions in the encrypted message. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFFCbkMj1IkeTeA+7YRAmg5AJ9r5e5JRTaLQo1n0ZBuw66si8UiewCfTuYQ ttns5ievkX8mg3n5wTknBV0= =kjYj -----END PGP SIGNATURE-----