Arvutiteaduse instituut
  1. Kursused
  2. 2025/26 sügis
  3. Infoturve (MTAT.07.028)
EN
Logi sisse

Infoturve 2025/26 sügis

  • Home
  • Lectures & labs
  • Homework & course rules
  • Terminology
  • Exam
  • Links

Homework #3 (6p)

Table of contents

  • Hash task (2p)
  • KeePassXC task (2p)
  • Email header (2p)



Deadline: 19th of December / 6th of December for students taking the exam on the 12th of December.

Estonian version (not for IT-Law) / eestikeelne kodutöö: https://courses.cs.ut.ee/2025/infsec/spring/Main/Hw3

Recommended reading

  • Authentication
    • The secret to online safety: Lies, random characters, and a password manager (written in 2013, so software recommendations are no longer valid)
    • How to: Use KeePassXC

Task 1: Hash breaking

Each student has a pseudonym for the information security course in this web site. The pseudonym was randomly connected to a hash value. Your task if to find the input that gave he hash value that is connected with your pseudonym and also the name of the hash function which was used to create that hash value.

This task illustrates why passwords have to be hashed and salted when stored in a database. The list of hashes for this task can be found from here: hash values and pseudonyms. (2p) 

 Hints and suggestions:
  • You do not need any additional software to solve this task. You do not have to break that hash value on your own. However, you will have to find other means to find the input. Think back to the authentication lecture and try to remember what the attackers are doing if a database is breached and no salting was used.
  • Make sure that you will be using the hash value that was assigned to your pseudonym. The solutions are graded automatically, which means that if you solve the wrong hash value then you will get 0 points.
  • Information about the common hash functions (e.g., the length of the hash value) can be found from the following Wikipedia page: List of cryptographic hash functions
  • Hash values are usually encoded using hex. In case the length of the hash is known (in number of bits), then it is easy to find its length in hex. To do that, one has to divide the number of bits with eight (to get the number of bytes) and then multiply the result with two (to represent one byte two hex symbols are required).
  • You may need to use a search engine to find the solution. Thus, it is good to know some tricks that helps you to find exact matches for your queries: Google Search Tips You'll Want to Learn

The solution has to be in a simple text file (with .txt extension, not in a .docx file!!!) that contains only two rows. The first row must only contain the found input value. The second row must only contain the name of the hash function. In case you add any additional information or do not use the required file type or file format then the automatic grading script can give you 0 points. In case you are using Windows then you can create a simple text file with the software Notepad.

Lahenduste esitamiseks peate olema sisse loginud ja kursusele registreerunud.

Task 2: KeePassXC

Use KeePassXC to create a password database file and submit this file (.kdbx file) below. You will find some background information from the lecture notes. We also did a demo in the lecture. The following guide can also help to solve the task: How to: Use KeePassXC. (2p)

The solution will have to follow the following guidelines:

  • The master password for the database has to be 123456789. The password is deliberately weak to make verifying the solutions easier (to prevent typos). You will get 0 points if a different master password is used.
  • Enter a new row / entry to the database. The entry's name (title) must be your pseudonym for the information security course and username must also be your pseudonym.
  • Password must be randomly generated and 25 characters long. It must include characters from the following three character classes: lowercase letters, uppercase letters, numbers.
Lahenduste esitamiseks peate olema sisse loginud ja kursusele registreerunud.

Task 3: Understanding the structure of email header

Phishing is one of the most common types of social engineering. This is partly due to the insecurity of email exchange and the underlying email protocol (read about the security / insecurity of email exchange from the lab notes). For example, it is possible to spoof the sender’s email address (pretend that the message was sent from a different address), and detecting this depends, among other things, on the configuration of the mail servers. Here, three methods are important for verifying the origin of an email and preventing spoofing attacks: SPF, DKIM, DMARC. Cloudflare provides a good short overview of these three methods. Spoofing can be partially mitigated if the email server is using SPF and DKIM records.

To check which security policies were used in the received email the email header has to be read (not visible by default). It contains information about the email servers that were used to deliver the email and whether TLS was used. In addition, it contains information regarding the usage of SPF and DKIM. In case of mail365.ut.ee (or outlook.office.com), you will find the email header by opening an email, then locating the button with three dots (see image below), and then selecting View -> View message details.

Your task is to take an email that you have received to your University of Tartu mailbox (mail365.ut.ee) and examine the information contained in its header (you may also send an email to yourself and examine that). First, read the information in the header and try to understand what is written there. To make the task easier, you may use Microsoft’s tool: Message Header Analyzer. To use this tool, you need to copy the information from the email header and paste it into the input form of the Microsoft tool.

NB! Microsoft’s Message Header Analyzer requires that the email header contain no empty lines. To obtain a properly formatted header, save the email as an .eml file. In mail365.ut.ee (or outlook.office.com), to save the email, first open it, then find the button with three dots, and from the menu select “Download” (see the screenshot on the right). To view and copy the email header, open the saved .eml file with a text editor (for example, Notepad in Windows). Copy the email header only, do not copy the email body!

You must locate the mail servers used to transmit the email, the TLS information, the result of SPF validation (Authentication-Results: spf), and the DKIM signature (if it exists). Copy the email header into Microsoft’s Message Header Analyzer and take screenshot(s) of the output. If you used Microsoft’s analyzer, the screenshots must clearly show the use of “categories: Received headers” (describes the servers) and “Other headers: Authentication-Results” (describes SPF and DKIM). Highlight the required information on the screenshot (e.g., underline or circle it).

Using Microsoft’s tool is not mandatory—you may find the required information directly in the email header, take screenshot(s), and highlight the relevant parts. NB! If you do not highlight the relevant information in the screenshot, you will not receive full points for this task!

Crop out irrelevant data from the screenshot(s). If the results do not fit into one screenshot, then make a second screenshot, zip them together and submit the zip file as a solution. (2p)

Lahenduste esitamiseks peate olema sisse loginud ja kursusele registreerunud.
  • Arvutiteaduse instituut
  • Loodus- ja täppisteaduste valdkond
  • Tartu Ülikool
Tehniliste probleemide või küsimuste korral kirjuta:

Kursuse sisu ja korralduslike küsimustega pöörduge kursuse korraldajate poole.
Õppematerjalide varalised autoriõigused kuuluvad Tartu Ülikoolile. Õppematerjalide kasutamine on lubatud autoriõiguse seaduses ettenähtud teose vaba kasutamise eesmärkidel ja tingimustel. Õppematerjalide kasutamisel on kasutaja kohustatud viitama õppematerjalide autorile.
Õppematerjalide kasutamine muudel eesmärkidel on lubatud ainult Tartu Ülikooli eelneval kirjalikul nõusolekul.
Courses’i keskkonna kasutustingimused