1 of 15

CS 161 Discussion 4

Cryptography II

Shomil Jain

2 of 15

Asymmetric Cryptography

aka Public-Key Cryptography

3 of 15

4 of 15

5 of 15

6 of 15

Diffie Hellman Key Exchange

a public-key encryption scheme

7 of 15

8 of 15

Discussion Problem #1

9 of 15

El Gamal Encryption

another public-key encryption scheme!

it’s like one half of diffie hellman

10 of 15

11 of 15

Discussion Problem #2

12 of 15

Hashing

13 of 15

14 of 15

Q: Why did the breach contain only *weak* passwords? Why weren’t any lengthy/complex passwords revealed?

Q: How could Chegg have avoided this data breach?

Q: Why is the statement “hashing algorithms can be broken” misleading?

15 of 15

On the right is the most common passwords from the data breach.

Most likely: Chegg didn’t hash passwords with a salt!

(The leaked passwords didn’t include any *strong* passwords, indicating that these came from a pre-computed lookup table).