In July 1999, The American Telemedicine Association (ATA) issued the following a

Question

In July 1999, The American Telemedicine Association (ATA) issued the following advice to consumers who use the Internet for health-related information and services. ATA’s criteria for a quality site include the following (“Advisories” 2–3): •The site is sponsored by a reputable healthcare organization (American Cancer Society, American Medical Association, nationally recognized medical college, or the like). Information from a commercial interest such as a drug company should include assurances that the material is reasonable, balanced, and objective and does not merely promote the company’s own products. •Each information source is clearly documented. •A site providing online diagnosis or prescribing treatment and medication avoids any direct sales of the treatments or medications being prescribed. •The professionals offering medical consultation are fully licensed and their credentials are clearly posted. •The site clearly describes its policies and procedures for maintaining records of the consultation and safeguarding patient privacy. Visit a health-related Website and evaluate it according to the above criteria. Focus on sites that cover alternative health such as as Alt Medicine, sites that create specific recommendations based on the information you provide such as WebMD, sites that offer specialized consultation about specific medical conditions such as HealthLine, or discussion sites for people with a specific medical condition such as the Cancer Survivors Network . Assume that you are a Website consultant. Based on your reading so far about technical communication and the ATA guidelines above, prepare a numbered list of specific problems you noticed on the Website and a recommendation of how each problem could be corrected. Your list should be approximately one page, single spaced, with a double space between the problem and the solution and a double space before each numbered item. Attach a title page to your list, formatted in proper APA style. Carefully review the Grading Rubric for the criteria that will be used to evaluate your assignment

Explanation / Answer

In a scenario such as yours, where there is only one password/passphrase, but it is used as key material for the encryption of multiple CBC encrypted files, you will (as you noted yourself) obviously not make it any harder for an attacker to compute your password, should you use a salt.

However, using a salt would mean that the encryption of each file is independently keyed, which might increase resistance against collisions in the CBC chaining state, should you use the same password for encrypting a very large number of very large files. Since you are using AES-CBC and AES has a 128 bit block size, you would have to encrypt billions of GB sized files to get close to a 0.5 probability there would be just one such collision (in two 128 bit blocks somewhere), but depending on your security requirements, even such a small risk might be unacceptable. An alternative to using salts, would in such case be to use a cipher with a 256 bit block size instead of AES.

A third alternative would be to use random keys for each file, and only encrypt that file specific key using the key you derived from your password. If you put those encrypted keys together in a separate index file, you will get two additional benefits:

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.