The goal of this assignment is to find some (deliberate) security holes in a short program I wrote. (It's quite possible there are more than I intended -- you get extra credit if you find a new one, so long as your attack techniques only target this program and not, say, my account, the network, etc....) The program in question is /homes/ACMClass/acm50/file-hmac; it exists on compute01-compute08. You'll have to do your work on one of those machines. file-hmac computes an HMAC (more or less; see RFC 2104) on a file or set of files. It's up to you to figure out how to invoke it. Roughly speaking, HMAC involves a secret key K and a hash function. You calculate the HMAC of message M as H(K, H(K, M)). This program effectively does cat secretfile input | sha1sum | cat secretfile - | sha1sum The goal of this assignment is to figure out what the secret is. The actual attack program is likely to be quite small; the real effort here is in finding the holes. As such, you need to turn in a written document explaining your analysis, including the output of any commands you ran. *This is not a paper-writing exercise*. If you found it useful to run snark --boojum say so, and mention signficant output lines from the program. Don't bother to explain what snark or its --boojum option do; assume that I either know or can find out. An annotated session from "script", though not quite what I want, is much closer to what I'm looking for than a technical paper is. Again -- concentrate on the techniques; don't spend your time writing or (worse yet) formatting. (If you really want to write a paper, sign up for my Privacy and Anonymity course -- E6184, assuming it's approved -- where you'll have to write two papers, or do an independent study course.) There are at least three (maybe four, depending on how you count) holes in the program -- impressive, in a source file that's less than 100 lines long. You only need to find one hole. You get (quite modest) extra credit if you can explain how one of the holes is a consequence of protective measures I did take. (Yes, I know I'm being vague.) I do not think you can damage /homes/ACMClass/acm50/file-hmac; regardless, it's against the rules to try. If you think you've done so accidentally, notify me *immediately*. You do not need to know assembler to launch any of the attacks; that means that there are no buffer overflows.