Get Your Grades On Line

Grades on line

Burton Rosenberg
November 20, 1996

Executive Summary

This applet is used for students to get their grades over the Web without compromising the data's privacy. The student's ID number, password and grade, plus an additional master password, are passed through the MD5 hashing function. Only the result of the hashing is ever made public on the Web, and it is made freely available. The security rests entirely on the non-invertibility of the hashing function.

Discussion

The clear text SampleGradeFile is processed with the Java application GradeRollMain.java to produce an encoded SampleGradeFile.out file. The encoded file is placed in an http directory. The clear text grade file should not be in a public directory. Here we have allowed you to see it just for instruction purposes.

The applet GradeRollAp.java takes two parameters: the URL of the GradeFile and a MasterKey. The applet, running locally in the browser, encodes the provided student ID, password and MasterKey with all possible grades, and searches the GradeFile, here called SampleGradeFile.out, for a match. Since only the encoded data is public, security is not compromised. If a match is found, the applet can infer the student's grade.

The applet and Main use the MD5 Class, which is a translation from C to Java of the MD5 implementation found in RFC 1321 . Please read the copyright notices for this RSA product.

Example Operation

You can test the applet using any entry in the SampleGradeFile:

Download

This applet and application are covered by copyrights of RSA and Burton Rosenberg.

GradeRollAp.java: The applet.
GradeRollMain.java: The main prepares the input files.
Md5.java: A transcription of RSA MD5 code.

Please email burt@cs.miami.edu for further information.

Hits since Thu Nov 21 14:04:59 EST 1996.

Last Update: Mon Nov 25 12:52:35 EST 1996