Topic 1 Question 39
You are designing a mobile chat application. You want to ensure people cannot spoof chat messages, by providing a message were sent by a specific user. What should you do?
Tag messages client side with the originating user identifier and the destination user.
Encrypt the message client side using block-based encryption with a shared key.
Use public key infrastructure (PKI) to encrypt the message client side using the originating user's private key.
Use a trusted certificate authority to enable SSL connectivity between the client application and the server.
ユーザの投票
コメント(17)
I am not sure about this one. D works if SSL client authentication is enabled. C works as well if client encrypts message with private key and server decrypt with public key. I prefer C.
👍 31KouShikyou2019/10/23Encrypting each block and tagging each message at the client side is an overhead on the application. Best method which has been adopted since years is contacting SSL provider and use public certificate to encrypt the traffic between client and server.
D is correct
👍 10Tobbe2021/02/18C is the best A: Can be spoofed by amending the tags B: Shared key so can be spoofed C: Protects from start to end D: Encrypts the data in transit to the server. Attack possible on server
👍 5BiddlyBdoyng2022/09/28
シャッフルモード