SSI, MEIC, FEUP– 2025/26
Feb.2026

Diagnostic Test - Main Answer Points

1.	The password could be captured by:
	. a keylogger covertly installed in the input socket
	. the login program itself!

2.	a) If "no unidirectionality":	from hash an admin could get the password
	b) If "no uniqueness":	you could produce 2 docs with same hash (collision)

3.	a) C(" mo", key=1) != C(" mo", key=3)
	b) sizeof(key) +-= sizeof(P)
	c) key = constant = 3 (or 2) , reuse appropriate rectangles of picture

4.	a) .P12 (.PFX):
		. private info (private key) ---> password protection
		. public info (digital certificate w/ public key)
	b) "Fundamental flaw": CA should not ever create private key!
	c) Subject S ; public key of S ; certificate emitter CA ; certificate signature (by CA)

5.	a) Trust:
		believe honesty of KDC
		able to communicate "securely" with KDC
	b) Bob must trust KDC (includes having its public key), to validate Alice's digital certificate

6.	a) Confidentiality (you should not even know info exists!)
	b) hiding of secret info in: metadata, unused parts of document, least important bits in pixels, ...

7.	NO! It is just a picture! You need software to electronically verify signature!

8.	a) Integrity (P1 is signed by Alice!): no one but Alice can change P1 (but everyone can read P1)
	b) Integrity with hash: send in message: P1 + signature of P1's hash
	c) production and signature of hash is much faster that direct signature of doc

9.	a) Do you want to risk sending your current password...
	b) Do you want to risk sending your current email address...
		... to someone's website?
		Only if you really trust owners of web servers:
			. to be honest and not misuse your personal info
			. to be truthful in the anwsers

10.	a) No, unless the user knows the fingerprint of host's public key
	b) SSH _allows_ public-key authentication