Even though there is a forum for this class, no one seems to be using it. Since I got the same question from two students today, I figured I’d maintain a FAQ here. Questions about the HW can be posted here as well.

PS: For fastest response, email both me and the TA. That way whichever one of us reads your mail first will answer it.

Q1: How are we supposed to generate a DES key?
A1: I wanted you to generate the key yourself, rather than having the JCE do it all for you. Recall that a legal DES key is 64 bits long, but only 56 of this bits are random and the remaining bits are check-bits. I wanted you to generate a random DES key by (1) generating 56 random bits, and then (2) manually setting the check bits appropriately to get a legal 64-bit key. You can look at the DES specification to determine the proper format for a DES key. (For those of you who have the textbook, the information is also in there.)

Q2: How do we access the block ciphers? Are we supposed to implement them ourselves?
A2 (copied from the forum): The point of the HW was to implement the *modes*, assuming you have access to the cipher. Unfortunately, the JCE does not give direct access to the cipher; however, you can access, e.g., the DES cipher as described in the HW:

Cipher DEScipher = Cipher.getInstance(“DES/ECB/NoPadding”);

(and analogously for AES). Why does this give you access to the cipher? That’s what you are supposed to answer as part of the HW.

20 Responses to “HW1”

  1. fdecast Says:

    I have two questions about the homework:

    1) Are all homework supposed to be done in groups of two?
    2) hw1.pdf says that we need to read a HW1 FAQ but I couldn’t find it. Could you show me the link, please?

    Thank you Prof. Katz ;D

  2. jonkatz Says:


    1) They can be done in groups of 2, but if you prefer to work alone you may.

    2) The TA will post submission instructions sometime before the deadline. Any other questions/answers will be posted here.

  3. Michael Donovan Says:

    I’m having trouble understanding how to create a key for AES. Could we get an explanation like the one we got for DES?

  4. John Silberholz Says:

    I may be wrong here, but I think an AES key is just 128 random bits.

  5. John Silberholz Says:

    While looking up information on message padding, I happened upon this amusing anecdote:


  6. John Silberholz Says:

    Question: when HW1 says hex file, do they mean hex file as in http://en.wikipedia.org/wiki/Intel_HEX or hex file as in file that contains a long string containing 0-9, A-F?

  7. Anthony Gray Says:

    There is no provider for the CTR mode of encryption so how are we supposed to implement it?

    • jonkatz Says:

      Not sure I understand the question. You are supposed to implement all modes yourself, without relying on JCE to do it for you automatically.

  8. John Silberholz Says:

    We were verifying our version of CTR mode encryption with the JCE version and noticed the following discrepancy:

    – The lecture slides (lecture4.ppt from the website) imply that we should use z_i = F_k(IV+i) to calculate C_i (when xor’d with m_i). However, it starts the numbering from C_1 (aka i=1), which means that the first thing getting passed into the block cipher (for use in producing C_1) is not the IV but instead IV+1.
    – The JCE implementation appears to use F_k(IV) ^ m_1 to calculate C_1, which would mean that, when numbering the ciphertext blocks and message blocks from 1, we would instead be passing IV+i-1 into the block cipher (instead of IV+i as used in the lecture slides).

    Which technique should be use for this project?

  9. Michael Donovan Says:

    Are we supposed to be writing our own (AES|DES)/Encryption modes or can we just use the java provided ones? The homework description would make it sound like we have to write everything ourselves but that AES/DES documentation looks pretty scary :/

    • jonkatz Says:

      You are supposed to write your own modes. But you can rely on the underlying cipher, exactly as described in the HW.

  10. Anthony Gray Says:

    I have submitted my hw1, but I can’t run it myself on grace. I can compile just fine (e.g. javac Encrypt.java), but when I try to run the code (e.g. java Encrypt) I get “Exception in thread “main” java.lang.NoClassDefFoundError”. I have tried java -classpath . Encrypt from the hw/q1 directory but it still will not run. Could you check that the autograder has excecuted my code?

    • jonkatz Says:

      If you can’t run it on grace, it is not likely that the TA will be able to run it either.

      The TA was able to successfully compile using
      gcj -c -g -O Program.java
      gcj –main=Program -o Program Program.o
      Please email him if you are having further difficulty.

      • Anthony Gray Says:

        The first command (gcj -c -g -O Keygen.java) works but the second command (gcj –main=Keygen -o Keygen Keygen.o) gives me the following error:

        /tmp/ccbywzZC.o: In function `main’:
        ccp2MwnE.i:(.text+0x1d): undefined reference to `Keygen::class$$’
        collect2: ld returned 1 exit status

        This error occurs for every file i try to compile in this manner.

      • Anthony Gray Says:

        I got it to work by removing “package hw1.q1;” from the top of OTPgen.java, OTPenc.java, and OTPdec.java and “package hw1.q2;” from the top of Keygen.java, Encrypt.java, and Decrypt.java. But, the instructions said to “package OTPgen.java, OTPenc.java, and OTPdec.java in the hw1.q1 package and Keygen.java, Encrypt.java, and Decrypt.java in the hw1.q2 package.” So, I’m confused.

    • John Silberholz Says:

      It looks like you are running it incorrectly. Using javac, this is how you would set it up:

      Create directory hw1
      Create subdirectories q1 and q2
      Put your java files in the appropriate subdirectories (all of this thus far is in the faq)
      Build them (from the parent folder of hw1, this is “javac hw1/q1/*.java” and “javac hw1/q2/*.java”)
      Run them (For instance, to run OTPgen with parameter 50, you would run **from the parent folder of hw1** “java hw1.q1.OTPgen 500”).

      In this way, you can run with the packaging. For packaging to work, you need the folder structure, you need to be running from the top folder, and you need to specify the class name by its package name.

  11. dong phuc spa Says:

    dong phuc spa

    HW1 | CMSC414: Computer/Network Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: