A software company uses textbook RSA digital signatures to secure its app update...
✅ The verified answer to this question is available below. Our community-reviewed solutions help you understand the material better.
A software company uses textbook RSA digital signatures to secure its app updates. Here’s how it works:
- The developer has a public key ( and a private key .
- To sign an update, the developer: Computes a hash of the update file (e.g., ). Creates a signature: .
- Users download the update and verify it: Compute (from the update file).
- Check if which is correct.
An attacker replaces the developer’s public key with their own on the download page. When users download the same update: They compute (unchanged). They check which is incorrect (≠ 10). But the attacker provides a new signature signature' = 8 such that which matches the original hash.
Why can a user be tricked into accepting the attacker’s update?
Want instant access to all verified answers on moodle.bcu.ac.uk?
Get Unlimited Answers To Exam Questions - Install Crowdly Extension Now!