Security and Cryptography (CSS 322)

Overall Feedback

This was the 1st time I've held this assignment, so it is useful to receive your feedback, at least so I can improve for next year.

I've read all comments. Rather than responding individually, I've tried to identify the most common, important and interesting comments and provide responses below.

OpenSSL, with all its options, is hard to learn

True. OpenSSL does many things, has hundreds (if not thousands) of options and in some cases provides different ways to do the same thing. Learning the best options to use takes time reading the documentation, searching the Internet and testing. Although it is time consuming and sometimes frustrating, I think it is good for students to get experience doing this; when you work as computer scientists you will work with software much more complex than OpenSSL. However I recognise that some students spent all their time on finding the correct OpenSSL command, without understanding the underlying concepts. In future assignments I would provide more instructions, perhaps an in-class tutorial, on how to use OpenSSL.

It was easy if I follow the instructions and understood OpenSSL

What many people missed was the assignment was not about how to use OpenSSL (although of course you had to know), but about how to manage and use keys and security mechanisms. Which key to use? How to authenticate information? How do are the security mechanisms related? When to use RSA or DES? Once you knew the correct OpenSSL command, yes performing the operations was easy. But which operations to perform - that is not always obvious. (If it was, everyone would have received full marks).

There were problems with the email; should have used Hotmail.

I used the css322-ID@ict.siit.tu.ac.th email addresses for several reasons: a) The sender does not necessarily know who they are sending to (and therefore cannot discuss directly with the destination); b) I received a copy of all emails, so I could see who sent what and when; and c) I could delay emails and hence modify them before they were received by the intended destination (i.e. perform an attack). I would use a similar system in the future.

But there were problems with some people receiving emails. For example, there were instances where I think Hotmail was dropping received email and/or removing attachments. I'll need to find ways around this in the future.

In Task 4, it was unfair having to wait for another student to complete.

I knew that some would have to wait for others. Hence no-one was penalised in this case (e.g. no bonus or penalty points were given for the 2nd part of Task 4; only for completing the 1st part). Considering that you could test all your intended commands beforehand, it really only takes 10 minutes to submit once you receive the email from the other student. I gave people an extra day to complete, which was more than enough.

I would do the same in the future. Having students communicate with each other is more interesting/realistic than having everyone send only messages to me.

I felt tired with the assignment, and so did you.

My goal is not to make you tired, but to help you learn. Did I feel tired? Although I automated some tasks (checking answers, sending emails), there was still a lot of manual checking needed to be done for each task (especially when people sent emails in the wrong format or had wrong answers). This meant I spent much more time checking this assignment compared to others.

Getting OpenSSL working in Windows has hard.

Maybe. But there were multiple options available to students (install Ubuntu; use account on IT machine; use VMware or similar; use lab computer) who had trouble getting OpenSSL working on their own laptop. I expect all 3rd CS students to be able to install/setup/use software on a variety of operating systems (without assistance from the lecturer). In the future I would probably automatically create an account on IT machine for all students so they immediately have access to a Unix-based system (of course that requires you to learn Putty or similar; again, should be a simple task for a 3rd year CS student).

Deadlines are not clear; hard to plan for assignment

The release of task-by-task was so that all students could get to the same stage before proceeding (so if they make a mistake in one task, it can be corrected before moving to the next task). It also allowed me time to perform "attacks". I didn't release all tasks at the start to avoid some students finding answers to all tasks and then other students "discovering" those answers. Also, initially, I wasn't sure how much time you needed to complete a task. In the future I would at least let students know the schedule of all tasks at the start (even if not telling them each task).

All Comments

Comment 1

I like assignment like this. It looks like have to do some mission in each week. But I have some trouble. I can't do the assignment in anytime by using my computer because it have to install ubuntu but my computer has some limit. Some task I use friend's computer, some task I use lab's computer, so it's very inconvenient. However, I still like the assignment like this more than doing the report or coding the the program.

Comment 2

It is not hard if I follow manual. It was hard when I lost my private key and I forget to back up. Between using software to complete tasks and doing some calculations or report I think they are not different because to do something that I never do it before. I should find the manual or source to study and then just do it. Comment for task 4. In task 4 you gave us deadline to submit 17.00 Thursday by attach my image and another image from someone. If he send his encrypted image file to me before the deadline by 30 minute.  And bad luck if my internet connection doesn't work on that time or busy to do something. I worry that I may get deduct point cause of someone who send me his file slowly.

Comment 3

The assignment is a little difficult on finding the functions to use. I have a little problem with OpenSSL on my computer and it was quite inconvenient. It was fun to know how to actually encrypt data. And there are a lot less work to be done compare to writing a report.

Comment 4

I think this assignment is entertaining in the sense that it is challenging, fun and educational at the same time. It shows how these cryptography algorithms are really used and how to use it. I also had learnt more in-dept about cryptography and how it really functions with real messages and images. This assignment is different from reports in the sense that it comes in parts which makes it seems as if it is not too much to do. When doing a report i always feel that the load of the work is very heavy, but doing this assignment it feels as if i'm playing a game. 

Comment 5

Was it easy or hard?
In my opinion, it is not easier but also not harder to do 
What was easy/hard about it?
In my opinion, when everyone has a command, it is easy to do and understand why we have to choose this command. Therefore, before we have a command, we have to know what do you have to do in this task, how to re-arrange the command , what the command that we should use that is harder.     since we never do openssl before, so it is hard to understand suddenly.
How could it be improved?
it shoud have a task for hack any computer or wireless. hahaha, i want to learn about this. :)
Did you learn anything from it? What?
hahaha...  after i have done all assignments, i got more knowledge such as how to create private key, know about how the form of certificate,  some commands of openssl, to do certificate what should i do  , how to sign the message, when we sign the message how to verify it, how to encrypt or decrypt, some algorithms for encrypting messages, if i use wrong key what it  will happen next , how to encrypt or decrypt image, how to create password and some problems that i never seen before. 
How do you compare this type of assignment (using software, completing tasks) to others (e.g. calculating answers to problems, writing reports, programming)?
      In my opinion, we learn about encryption and decryption so the assignment should like your assignment that have to write a command, encrypt and decrypt in real situation not just in paper. i don't know about calculating answers to problems or writing report with encryption and decryption topic that you will do. so i think in this your assignment with encryption and decryption, it will give more knowledge for student who do the assignment. 
Any other thoughts ...
During in your assignment, i confess that i'm feel tried with your assignment and i just know you also feel tried. however it is a first time for me to do an assignment like this. Although there are some problems that we never seen , we already know. So keep the kind of assignment for next generation. it will give a cool knowledge for them.

Comment 6

it is both easy and hard, the hard part is actually about the commands to use as we are not taught about the program in normal lessons i believe. if you get the hang of the commands use, the assignment will be quite easy. some basic understandings about the program should be taught, like the usage of commands, input/out arguments... most the commands have to be searched on the internet and use the exact commands on the internet , my opinion is that i didn't really learn about security, like usage of keys and encrypt methods, however, we actually learned more on the commands and program as we have to search the internet and it is something new that i never learn before. To compare this assignment, i would compare it with C++ and Java, if basic concepts and commands are taught, further task can be completed and various ways can be done. some of the task requirements are unclear, like the output file format... the format can be various depending on the command use i believe. I got an email from my destination for task 4 that i sent wrong file format, i used .enc for the password file but he claimed that i sent the wrong format that he asked me to change...

Comment 7

The assignment is in the intermediate level, some are hard, some are easy. The hard part is, I will not know whether the sender use the correct encrypt code or not. The easy part is, the format of the operation (with options) are available through the documentation that you provided. Some parts of assignment should be improved. For example, you should writing the email system that can be used as hotmail. In addition, you should divide task 4 into 2 smaller tasks, because of assignment submission time depends on other students. I learnt the concept of communication and security. I like this type of assignment more than other, because group work on problems solving will put more works on one person and other persons will do not do anythings.

Comment 8

Was it easy or hard?
it was not easy.
What was easy/hard about it?
It was not easy because students have to understand Openssl command and understand the lecture.
How could it be improved?
Training some Openssl command before the assignment started. Although, Openssl provides document but i think sometimes it's hard to understand.
Did you learn anything from it? What?
Yes, i learnt anything from it. For example, Openssl command, Don't trust anything that i received because i have to verify it first. How do you compare this type of assignment (using software, completing tasks) to others (e.g. calculating answers to problems, writing reports, programming)? - I think this type of assignment(using software) is better than calculating answers to problems, writing reports, programming. It's more fun than writing report.

Comment 9

I think this assignment was not so hard if we know what commands we should use. It's quite new and I think you should provide examples, describe more clearly or at least guide the command for students who really can't understand how to use basic linux well. Like me I got D from Lab last year. Compared to the last year, I think last year was a lot easier. After I got help from friends and got the assignment done, I think I like task 4 assignment. I can not do it all alone by myself for sure even how hard I tried because I don't understand well what was wrong with my command and why the error came up. I think it's going to be easy for those students who really understand. This type of assignment I think it's similar to other assignments but more complicated.

Comment 10

Was it easy or hard?
It's seem to be hard to learn openssl but if you know it basic
operation, It' easy.
What was easy/hard about it?
easy -> All of it algorithm and the way to encrypt and decrypt is same as I was learn in the class.  hard -> First time to use openssl.
How could it be improved?
If you have enough time, Let assign some student to be an attacker and try to attack the mesage.
Did you learn anything from it? What?
Yes, This assignment gave me how to think, how to fix problem and how to use knowledge in class to perform this assignment.
How do you compare this type of assignment (using software, completing tasks) to others (e.g. calculating answers to problems, writing reports, programming)?
I love this assignment . When I do this assignment it make me feel like i play game . It have task to reach same as game that have quest to complete. So it very excited to me when compare to general assignment.

Comment 11

I think the task is easy in theory. the most difficult of this task is how I can use the openssl.this task make me know more about how to use openssl than theory Cryptography. I think you may have to teachall command in openssl. I think this task is better than just write report because it can make me apply that I have learn to the real.

Comment 12

The assignment was difficult in the beginning, but later easier. The hardest part was that I could not make Putty works and my virtual machine was not working properly (I don't know whether it was my own mistake or the machine's). After I quit using them and went to the lab instead, I faced no more problem. For the improvement, I do not know how could it be. Anyway, I do not think that the series of assignment is good for us because CS junior student have four or five assignments already. To me, I needed to insert OpenSSL tasks into the queue and postpone another tasks because you gave me three or four days to finish a task and the schedule was unknown. Thus my works were a little bit later than I expected. Anyway, this is not a big deal. It was much better to do the real task on how to achieve security than just remember the algorithms before going to the exam room. I had actually mapped the algorithms, the diagrams, and the commands to complete the task. This obviously shows us the simplified version of real world situation and this is excellence! I learns things the same way as how I learns things from other kinds of assignment, only the methodology changes. And it's (seriously) fun.

Comment 13

The assignment was not easy but not too hard as well. In my opinion, it is quite interesting compared to the other tasks. Being able to implement what we learned inside the class in the real program is quite impressive. I suggest you to hold this assignment again next year.

Comment 14

This assignment is not that hard, the hard thing is that I'm not sure what code to use. But when I knew the code, the assignment is not that hard. I learned a lot of openssl codes and syntax from this assignment. I think it's better than doing calculations on paper because I can actually use the program and have a clearer look at for it works. The submitting part is somehow confusing (eg. sometimes I need to send two emails). Overall I think this assignment is a good way of learning. I liked it a lot.

Comment 15

I think that this assignment was not too hard and quite fun. I've learn that we always need to be sure that the messages or data we receive from the others is actually send from them. This type of assignment is way better than writing reports because we can actually do the thing by ourselves.

Comment 16

This assignment is not easy or hard , it's medium. It's easy for students to copy from other (Just changing some code according to his/her keys). If you want to make the assignment to be harder, you should let each of the students to think something and make it differently. I would say I learned something but I can say that many students don't get anything from this assignment. This assignment is kind of completing tasks. Suggestion : There are something wrong with my Linux, you may have to provide the task that can be done on WINDOWS. There are some problem about late receiving e-mail. Some students do there task late will cause other to be late, marks are decreased...?. The deadline are not set clearly about this. You will have to set it more clear. There are some unfair marking, like providing bonus for the first person(This is really not good). Last problem is using an e-mail, some mails are through the JUNK ,some students can't find the receiving mails. 

Comment 17

* Was it easy or hard? I think it is OK. There are manual of OpenSSL in the internet that I can find syntax and example of it. * What was easy/hard about it? The hard parts may be the first idea and commands that i should use for the task. * How could it be improved? I think it can be more fun if you attach some text or some secret into the message, and you can play with it after sending. (But I don't know how to implement) * Did you learn anything from it? What? I learned that I cannot trust anything in internet. - -' And this assignment has improved my understanding in the security. I understand more about certificate and shared keys.   * How do you compare this type of assignment (using software, completing tasks) to others (e.g. calculating answers to problems, writing reports, programming)? I prefer this assignment. It make me to communicate with other more to find the best solution for the task. Some assignment could not do like this. The programming one may be also fun. But I think it will be harder. (Like your last task in Lab) * Any other thoughts ... It's really fun. I wish that the time period for this assignment should be longer with more tasks

Comment 18

I think more assignments are needed to demonstrate students how useful of openssl  and assignments needed to be assigned as soon as any topic in lecture that can be demonstrate by openssl is discussed.

Comment 19

Was it easy or hard? : It was so hard to download Openssl on Window 7. I have changed to use Openssl on Ubuntu. I have used Ubuntu on our lab and friend’s laptop. What was easy/hard about it? : It is easy to use if I can find the command to generate all the outputs. It must spend time to find all commands.   How could it be improved? : It could be improved by reading more examples and practicing more exercises. You should give us more examples. Did you learn anything from it? What? : It is so many to learn; how to use command line, how to generate private key/certificate, how to encrypt/decrypt an image. How do you compare this type of assignment to others? : I think this assignment is the best one because it helps me to learn new software that I didn’t know before. It uses all the knowledge to find, to think, to do by myself step by step. It’s very good one. Any other thoughts ... : You should give more example and more task to do from the begin of this subject. You should have task follow with the topic that we study in class in each week. I think that I understand better than I study in class in some case.

Comment 20

For this assignment is considered very good to understand more clearly. If do not understand but do the homework by yourself, it will at least understand the concept. Level of difficulty is good for me. I like this rather than trying to do the report because of what we learn in my own room to make it understand than reading from tight on the Internet. However, informed or asked about problems in the email might be a problem for some friends.

Comment 21

some of the tasks was difficult (task2) because I have to think about the attacker which is I forget to think about it before. I lernt many things from this assignment. I learn how to create private key check certificate encrypt decrypt create password, so next time when I want to sent some massage I think I have to encrypt with my private key and sent not only message. This assignment was good at all I think it let students to think to discuss to search (commands) but it difficult sometime but that's not a problem!

Comment 22

* Was it easy or hard? - I think it hard for me before I asked my friends to teach. * What was easy/hard about it? - I do not pay  more attention in the class that make me confused when I did tasks. * Did you learn anything from it? What? - Yes, I did. I got more knowledge about solving problems when the files was attacked from the attacker and how to decrypt or encrypt files. * How do you compare this type of assignment (using software, completing tasks) to others (e.g. calculating answers to problems, writing reports, programming)? - I think this assignment about using software is more useful than others(e.g. calculating answers to problems, writing reports, programming). Doing practices always better than reading theories. * Any other thoughts ... - Your Assignments are very good for many students.

Comment 23

In my opinion, this assignment is a good assignment compared to the other types of assignment.  As this assignment is assigned week-by-week, the students will have to make themselves catch up with the tasks all the time unlike the reports which everyone will start doing in the last week before due date. I think you should assign this task again to the students in the next year. One thing that might need to be fixed is the e-mail system because I saw some of my friends didn't receive any message when other students did. This is the only problem in my opinion. But, at last I think this assignment is very good and I like it.

Comment 24

The assigment was great, it give more perspectives of what we are learning rather than sitting in the class which is boring. The hard part are understanding assigned problems, and finding the right shell command. the problem is hard to understand. hoping this assignment will be used next year and later.

Comment 25

This assignment is not particularly hard given the user has a fair knowledge about commands and algorithm. .... I did scramble for the correct commands sometimes though. That is the most frustrating moment, but I have myself to blame because I did not try a lot before Task 2. I don't think there is any need for improvement in my opinion. Moreover I now have acquired skills and knowledge about security and how to use the algorithms we've studied. I prefer tasks over programming ...

Comment 26

It is not too hard.Some assignmet is too difficult.The difficult part is that when an attacker attacks my message.I am not sure that whether the encrypted message is attacked or not.I learned what is certificate key,what is private key,when to use it,how to decrypt the message from authentication server and so on.I think there is nothing to improve.This assignment is good.I understood from what i learn from a course more clearly.This assignment is not the same from what i have done another assignment for another course before.Since it gives several task.Each task i have to seach the command for resolving task and i have to be aware an attacker or error .It gives me a challenge. This assignment does not force me too much.So it is a fun assignment.

Comment 27

* Was it easy or hard?                                    not too hard (ok) * What was easy/hard about it?  hard to find the command * How could it be improved?                           may be give some more example  * Did you learn anything from it? What?           yes how to be attacked, how to encrypt/decrypt something, How to use key to encrypt/decrypt

Comment 28

- It ok, not easy or hard.- The hardest part is when we think it's ok, it will be not easy as we think. we have to look into the file and check it. - I learned how to encrypt or decrypt in real action. I may use what I learned to improve security of my secret message or anything. - I like this style of assignment, It made me know how to use what I was learn not only how it work.

Comment 29

o Was it easy or hard? not easy,but not too hard. o What was easy/hard about it? When type many command in Cygwin that lazy to remember with command ,because It can't Copy&paste. Hard to detect that message recive in task 4 ,such as password.ssl that wrong Encryption! Just find only can't decrypt file too large .... o How could it be improved? for task 4 may divide in to 2 part because some student may send password and image nealy due date. It hard to submit ontime. o Did you learn anything from it? What? How to use SSL command. , Encrypt, Decrypt with SSL.. o Any other thoughts ... need more assignment . It so funny !

Comment 30

All About this assignment, i think it's quite hard for person who didn't have knowledge about command in openssl especially me but it's not hard to learn because i have a big source from the internet. This assignment let me know how to create private key and how to encrypt or decrypt any file that i want and it can evolved if i study in deep detail about how to use it because this is a beginning and the first step. And the big major thing that i found in this assignment is i'm a programming but i'm not carefully to write a command. Hence, it get me stuck and can't find out what' wrong of my code. I think all of assignments are the same important. For example, first assignment,we know how to create own private key and one thing is we might not send own private key to any one and so on. So,i think this is a good assignment and it's fun to do it,but you should we have a time to practice because we have a little bit confuse the result that come out is correct or not. I hope you have any assignment to all of us to do it again.

Comment 31

this assignment is funny.

Comment 32

As for the assignment itself, the main problem I and XXX have is that we still cannot correctly generate our certificate requests with our own computers, as if sometihng is wrong with the OpenSSL operating in non-Linux environment, although our carelessness is also to be blamed. We also were not aware of the requirement to verify, and the suitable OpenSSL commands for verification. Also, XXX told me he didn't received my first submission of Task 4, so I have to resend it, but not before I know it, which is after its deadline. I suggest that this assignment could be done more conveniently if there's a submission system online that also let the users download what others have submitted, instead of using emails. That way any errors or mistakes can be detected faster. And I believe it is possible since all files send in this assignment (well except for the private key, obviously) doesn't really have to be invisible to the other parties since they're all cryptographically processed. Other than these, I'm happy with this assignment. And apart from learning cryptography in practice, I also learned that some people can be very careless as to leaving their private keys in the computer within the lab. When I saw them I deleted them, and I swear that I didn't do anything funny with them. (If you'd take my words for it :p)

Comment 33

This assignment is ok but we need to learn the software openssl before.

Comment 34

The assignment was a little bit hard when we need to figured out what's the code, but once we know the code it's easy. The Assignment 4 was bad because we have to wait from the other. I learned from assignment how to use openssl.   -it's different that calculating answers to problem is harder and more complex.

Comment 35

Was it easy or hard?   -Normal What was easy/hard about it?  -I have to search and try before i get solution. How could it be improved? -Some tasks shouldn't be depend on someone else. Did you learn anything from it? What? I know how to use openssl. know that don't trust any files until I verify. Know how to encrypt image. How do you compare this type of assignment (using software, completing tasks) to others (e.g. calculating answers to problems, writing reports, programming)? Every assignments I have to be careful that messages is send by your sender or not. But others you don't have to. This type of assignment is more complex than other. And if you understand or use to it. It might be easier than others .

Comment 36

There are some difficulties at the beginning of this assignments because I had no idea what to start. So it would be better if you can spend like an hour to explain and show us some example of how this program works. After task3 I started to get used to it, so, everything is getting better. But I still, would like you to speak more about the assignment in class. I think this kind of assignment is a lot better than do reports and programming because each task can be done individually and can be complete in short time, compare to doing a project or report that we can just know the theory. But it would be better to start the assignments earlier so we'll have more tasks to learn from this tool.

Return to: CSS322 Home | Course List | Steven Gordon's Home | SIIT