Grades on line
Burton Rosenberg
November 20, 1996
Executive Summary
This applet is used for students to get their grades
over the Web without compromising the data's privacy.
The student's ID number, password and grade, plus an
additional master password, are passed through the MD5
hashing function.
Only the result of the hashing is ever made public on the Web,
and it is made freely available. The security rests entirely on the
non-invertibility of the hashing function.
Discussion
The clear text SampleGradeFile is
processed with the Java application
GradeRollMain.java to produce an encoded
SampleGradeFile.out file.
The encoded file is placed in an http directory.
The clear text grade file should not be in a public directory.
Here we have allowed you to see it just for instruction purposes.
The applet GradeRollAp.java takes two parameters: the URL of the GradeFile
and a MasterKey. The applet, running locally in the browser,
encodes the provided student ID, password and MasterKey with all
possible grades, and searches the GradeFile, here called
SampleGradeFile.out, for a match. Since only the encoded data
is public, security is not compromised. If a match is found, the applet can
infer the student's grade.
The applet and Main use the MD5 Class,
which is a translation from C to Java of the MD5 implementation found in
RFC 1321
. Please read the copyright notices for this RSA product.
Example Operation
You can test the applet using any entry in the SampleGradeFile:
Download
This applet and application are covered by copyrights of
RSA
and Burton Rosenberg.
Please email
burt@cs.miami.edu
for further information.
Hits since Thu Nov 21 14:04:59 EST 1996.
Last Update: Mon Nov 25 12:52:35 EST 1996