Win a copy of Kotlin for Android App Development this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Devaka Cooray
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Junilu Lacar
  • Paul Clapham
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • salvin francis
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

Is this project too hard to take on?  RSS feed

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Guys,

Very grateful for a bit of advice and this goes above my head as a mere php guy!

My son is doing computing at Abi level in Germany. (Abi level is A-level in UK ... not sure what the US is but he is 18 .. pre university)

As a team they were given the job of building a messaging system. My son's part was the encryption.

He tells me

 Quote
My task was to take a message encrypt it and decrypt it again
An added difficulty was to use RSA to encrypt and transfer the key of the symmetrical encryption (AES) and decrypt it on the other side so user 2 could safely send a message back to user 1

If I understand rightly he was working with 128bit.

He spent all xmas holiday writing several versions but all were too slow. (13 minutes was his fastest) A programmer friend said it would not be possible to get it fast enough simply using java and he should search java libraries in an attempt to solve the problem.

He found Java.security and Javax.crypto so used those.

The comment from the teacher was if they were in the libraries he should have been able to write them himself. (another teacher in Germany says this would be uni-level stuff)

I have two questions ... firstly is that true that it could be done without the library? and secondly .. is that a reasonable exercise for Abi?

Just to finish .. my son is not the average nerd (and I use the term affectionately not as an insult), he enjoys it but it's not his life, which often means in this class he is not as good as the others...  so there is lots more going on in the class than this... verging on mobbing ... which his teacher is more encouraging than preventing.

I honestly do not mind if you agree with the teacher... I am simply trying to find out facts!

many thanks for any quick replies (we have a meeting with the teacher booked today!)
(if you could state your experience and/or qualifications I would be very grateful.

 
Master Rancher
Posts: 1107
18
Firefox Browser Hibernate IntelliJ IDE Java MySQL Database Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

firstly is that true that it could be done without the library?


A java Libary is written in pure java, so yes the teacher is write, if he can do it with, he also can do it without.
This being said, I do think it's a lot of bs, he can't use any lib's, libaries are there to make your life as a programmer easier and take care of a lot of the boilerplate code for you.

is that a reasonable exercise for Abi?


It dosn't seem so over the top. I don't really know what the specification are, but maybe you take the encription to far.
He could write a simple algoritme that replaces the tekst in other letters and numbers.
If that's not enough, I would take a look at the classes from the libaries he used before and base myself on that code to write my own implementation
 
Marshal
Posts: 62881
203
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch

You will have to get a definitive decision on whether he is or is not allowed to use ready‑made classes. Some people would say it is good to write the algorithm oneself, and others would say that ready‑made code is much more reliable and less error‑prone. I am 99% sure that best practice in industry would be to use ready‑made code, but you might have to see the regulations for the Abitur to be sure. Until proven otherwise, you should assume that your son's teacher is familiar with the regulations and assume he is correct. Also consider the risk that marks are given to a group and shared out. If that happens, there is a risk that poor marks for one part of the work will reduce everybody's marks.
Yes, it is possible to write your own encryption, but that should only be used for demonstration purposes or exercises, which is what this project is. If that is necessary, I would suggest you go to Wikipedia or somewhere else and look up a symmetrical algorithm, e.g. AES. They should provide all the steps to execute that algorithm. Get taht working and test it. Make sure to record the code used for testing; that should be submitted as part of the assignment.
Once you have AES working, find out the algorithm to encrypt the AES key with RSA or similar, and repeat the procedure. Make sure to divide it into small stages. I am not sure whether the difficulty changes with the number of bits.
What sort of message was taking 13 min to encrypt? Unless it occupies hundreds of pages, that sort of speed suggests something has gone seriously wrong.

If it is permitted (it might not be) it is worth discussing such code on a forum like this one.
 
Marshal
Posts: 6510
441
BSD Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Daniel Demesmaecker wrote:This being said, I do think it's a lot of bs, he can't use any lib's, libaries are there to make your life as a programmer easier and take care of a lot of the boilerplate code for you.


I would think the assignment makes sense, need to remember, that students studying for the purpose of learning. What is the best way to understand what engine consists of and how it works if not disassemble it and re-assemble it back again.

I think that is quite a common practice in schools, colleges, universities. Similarly as we have learned how to do simple match operations by hand on a piece of paper as opposed to using calculator. Once you understand how certain steps of operations lead you to a correct answer, you stop using manual calculations and use calculator instead for the reasons you have mentioned (to speed up things). However, sometimes you still need to go back to the drawing board and verify whether calculator isn't broken and you can still trust it.

I think in computer science in particular, the most important is to understand how the internal model behind some concept works, so then you much easier can understand the whole concept and why it exists. There are quite a few examples out there which make your life easier when you understand how the hash functions work, and such knowledge is related to many concepts which you re-use, whether it is how HashMap works, how Git works, how security algorithms work - so if you know how hash functions work and what they produce, you possibly better understand how hash maps work, why they are efficient, if you know how hash functions and hash maps work, it is much easier to understand how Git works.

So everything is connected. I think it is a wonderful assignment, kudos to teacher.

After all, if student spent whole Christmas holidays just doing that, I'm sure he's few steps ahead of most of us here now on how to implement such algorithm, even though if it accomplishes work in 13 minutes. And that is what matters at the end - knowledge student obtained. So Christmas holidays spent that way I think were well spent - Chris, few thumbs ups to your son.
 
Saloon Keeper
Posts: 9710
192
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Honestly, if the teacher expects a university freshman to perform RSA encryption without using standard libraries, they're not in touch with reality. Frankly, I wouldn't even expect a freshman to *use* the cryptography libraries properly.

I think using the standard crypto libraries to perform encryption is a good assignment for a second year university student, but only if they've had a course about the basics of cryptography and another course about how to use modern well established algorithms properly.

Re-implementing RSA is probably a master subject, as part of a research assignment.

I would not be surprised if these expectations stem from a poor understanding of cryptography on part of the teacher.
 
Bartender
Posts: 20353
111
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Chris Skidmore wrote:The comment from the teacher was if they were in the libraries he should have been able to write them himself. (another teacher in Germany says this would be uni-level stuff)



Modern-day encryption algorithms tend to be implemented as complex polynomial bitwise operations. It's not totally unreasonable to think that lower-level students could implement them, since the actual operations are basic shift-and-logic, but I wouldn't give such a task as a "side operation" to another assignment.

In fact, this grates on me for the same reason I don't like the professional world making security a "side operation" for the application developer. Or even for some in-house "expert". It may seem a little superstitious on my part but I don't like the idea of using high-security code that wasn't developed and tested by full-time high-security experts. Who not only don't have distractions - like getting that application out ASAP - but also have a full toolbox with which to develop and test their code. And even then, periodically we hear that one algorithm or implementation has to be scrapped because someone has found an easy way to crack it.

Security is one of those weakest-link chain things and it already gets treated too casually, as witness the frequent massive data leaks from major corporations who should be able to fund the highest levels of security.

To give an analog, I believe that nuclear power can be safe. The US Navy and NASA have sterling records in that regard (nothing like living a wall away from the reactor to keep one on one's toes!). But civilian plants are too often owned by Mr. Burns and run by Homer Simpson. Or their Soviet counterparts. Hence, 3-mile Island and Chernobyl. Here, too, the failures have been few, but the consequences vast.
 
Stephan van Hulst
Saloon Keeper
Posts: 9710
192
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Note that implementing crypto for the sake of learning is NOT like implementing other libraries for the sake of learning. Crypto is HARD: it's VERY EASY to make mistakes, and worst of all, you WILL NOT be able to tell that you've made a mistake. You can't really write a lot of tests and be confident that you didn't introduce an accidental back-door.

Imagine learning about hash tables and getting the assignment to implement your own version of HashMap. That is difficult, but doable. Learning about asymmetric keys and writing your own version of RSA is orders and orders of magnitude more difficult.
 
Tim Holloway
Bartender
Posts: 20353
111
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And in case there was any confusion, this is what I just said myself.

The other reason I don't like Do-It-Yourself crypto is related. It makes crypto look "easy" and thus causes people to devalue it. As Stephen said, it's entirely too easy to accidentally introduce an exploit that only lab-level testing can (or at least may) find. I oppose anything that encourages slip-shod security to become acceptable.

I reserve the term "back door" for deliberately-introduced exploit points (like a lot of governments foolishly want), but otherwise we're in perfect accord on this.
 
Campbell Ritchie
Marshal
Posts: 62881
203
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And in the meantime I looked at Wikipedia about AES and the algorithm seemed really complicated, and I think you are right; this is beyond what you can reasonably expect somebody to do, even by copying.
 
Liutauras Vilda
Marshal
Posts: 6510
441
BSD Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since OP mentioned A-levels difficulty, could be well that wording is incomplete or incorrect. Both scenarios to some extent sound slightly unrealistic, but not so wouldn't make sense at all.

1. Of course no one expects A-level standard student to implement industry grade encryption algorithms. Of course. Maybe some defined by the teacher "light" version of some encryption algorithm which got lost in translation over the posts.

2. Also no one probably expects that A-level students start on using built libraries without even understanding why they are for. So I guess some sort of exercise to implement own custom encryption were provided. Otherwise where would be all the joy for student having a feel actually implementing something.

A-Levels that's not even a college, but secondary school, isn't?
 
Tim Holloway
Bartender
Posts: 20353
111
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Campbell Ritchie wrote:And in the meantime I looked at Wikipedia about AES and the algorithm seemed really complicated, and I think you are right; this is beyond what you can reasonably expect somebody to do, even by copying.



It's not as fearsome as it looks. As I said, you generally do this stuff using simple logic (typically bitwise XOR) and shift operations. It's the theoretical math that the logic comes from that's very college-level. Matrix mathematics is about 1 step below tensor calculus.

As a side note, matrix math is ideally suited to computers. The individual computations aren't that difficult, but you have to do them according to strict rules. And there are so many of them.
 
What does a metric clock look like? I bet it is nothing like this tiny ad:
Programmatically Create PDF Using Free Spire.PDF with Java
https://coderanch.com/wiki/703735/Programmatically-Create-PDF-Free-Spire
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!