2. Let n be the product of distinct primes p,q and let e,d be inverses mod φ(n). Here d is less than 1/3 * n1/4 and p is between q and 2q. Factor n for the following values:
n = 151339355784268862864759120910925660361478568759617718849686393875476226860927728820162298798444560267328429 e = 47011760371307472336991404805847545822065047648754062545767018099994341894667675275660856278086265516059587
3. Study the 96-bit hash function H() in hash.py. It takes about 248 trials to find a collision via the birthday attack, but we know a faster way. Please find a collision in H(). Include your code and a run showing two distinct messages hashing to the same thing. (You may reimplement H() in a different language if you want more speed. However, please ensure the collision you produce works for my python implementation given above.)
4. Suppose in XCBC we set K2 = K3. Give an attack that breaks XCBC in the ACMA model.
5. Extra Credit -- Usual disclaimer.
Go learn CRC32. (There are sites that have tutorials.) You'll notice that the math involved is verrrrry similar to the math we picked up for AES. Now let's build a MAC from CRC32: define ZMACK(M) = SHA1(K || CRC32(M)), where K is a 128-bit symmetric key. Break ZMAC in the ACMA model, by giving the attack with specific values (no handwaving!).
By the way, this isn't that far off from what WEP uses as a MAC.