The user’s private key will be stored on the computer’s hard drive and protected by a password. The MOST significant risk of this approach is:

Last Updated on December 27, 2021 by Admin 3

A company has decided to implement an electronic signature scheme based on public key infrastructure. The user’s private key will be stored on the computer’s hard drive and protected by a password. The MOST significant risk of this approach is:

  • use of the user’s electronic signature by another person if the password is compromised.
  • forgery by using another user’s private key to sign a message with an electronic signature.
  • impersonation of a user by substitution of the user’s public key with another person’s public key.
  • forgery by substitution of another person’s private key on the computer.
Explanation: 
The user’s digital signature is only protected by a password. Compromise of the password would enable access to the signature. This is the most significant risk. Choice B would require subversion of the public key infrastructure mechanism, which is very difficult and least likely.
Choice C would require that the message appear to have come from a different person and therefore the true user’s credentials would not be forged. Choice D has the same consequence as choice C.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments