The goal of this assignment is to find some (deliberate) security holes in a short program I wrote. (It's quite possible there are more than I intended -- you get extra credit if you find a new one, so long as your attack techniques only target this program and not, say, my account, the network, etc....) The program in question is /homes/ACMClass/acm50/file-hmac; it exists on compute01-compute08. You'll have to do your work on one of those machines. (Temporarily, it's not on compute02 or compute07, since they're down.) file-hmac computes an HMAC-MD5 (more or less; see RFC 2104) on a file or set of files. It's up to you to figure out how to invoke it. Roughly speaking, HMAC involves a secret key K and a hash function. You calculate the HMAC of message M as H(K, H(K, M)). This program does the same as cat secretfile input | md5sum | cat secretfile - | md5sum The goal of this assignment is to figure out what the secret is. The actual attack program is likely to be quite small; the real effort here is in finding the holes. As such, you need to turn in a written document explaining your analysis, including the output of any commands you ran. *This is not a paper-writing exercise*. If you found it useful to run snark --boojum say so, and mention signficant output lines from the program. Don't bother to explain what snark or its --boojum option do; assume that I either know or can find out. An annotated session from "script", though not quite what I want, is much closer to what I'm looking for than a technical paper is. Again -- concentrate on the techniques; don't spend your time writing or (worse yet) formatting. (If you like writing papers, sign up for my Privacy and Anonymity course (E6184) next spring, where you'll have to write two papers, or do an independent study course.) There are at least three (maybe four, depending on how you count) holes in the program -- impressive, in a source file that's less than 100 lines long. You only need to find one hole. You get (quite modest) extra credit if you can explain how one of the holes is a consequence of protective measures I did take. (Yes, I know I'm being vague.) In addition to those bugs, there may be a buffer overflow. Since knowledge of assembler is not a prerequisite for this class, I'm not asking you to exploit any buffer overflows if they exist. However, you *must* write up how you tested for their presence or absence, and how you reached the conclusion you did. I do not think you can damage /homes/ACMClass/acm50/file-hmac; regardless, it's against the rules to try. If you think you've done so accidentally, notify me *immediately*.