Suppose testing an individual password for correctness requires 3 seconds. (a) I

Question

Suppose testing an individual password for correctness requires
3 seconds.
(a) If passwords are three uppercase alphabetic characters long and an
attacker can try one password at a time, how much time on average
would an attacker require to determine a particular password?
(b) If passwords are six symbols long and each symbol is any of upper-
case characters, lowercase characters, and numerals, then how much
time on average would an attacker require to determine a particular
password?
(c) Suppose an English dictionary contains 50,000 words. If an attacker
knows that a user's password is an English word followed by two dig-
its, how much time on average is needed to determine the password?
(d) If an attacker knows that a user's password is a phrase made of two
words from the dictionary, how much time on average is needed to
determine the password?
(e) Desktop processors are now multicore. Explain how multicore pro-
cessors improve an attacker's ability to determine a user's password.
(f) How could an attacker utilize a botnet to eciently determine a user's
password?
(g) How could an operating system detect an attacker attempting to nd
a password via brute force search?

Explanation / Answer

(a) If passwords are three uppercase alphabetic characters long and an attacker can try one password at a time, how much time on average would an attacker require to determine a particular password? 26^3*3=52728 seconds/2 (half searches longer, half less)=26364 seconds (b) If passwords are six symbols long and each symbol is any of upper- case characters, lowercase characters, and numerals, then how much time on average would an attacker require to determine a particular password? (26+26+10)^6*3/2=85 200 353 376 seconds (c) Suppose an English dictionary contains 50,000 words. If an attacker knows that a user's password is an English word followed by two dig- its, how much time on average is needed to determine the password? 50,000*10^2*3/2=7 500 000 seconds (d) If an attacker knows that a user's password is a phrase made of two words from the dictionary, how much time on average is needed to determine the password? 50,000^2/2=1 250 000 000 seconds (e) Desktop processors are now multicore. Explain how multicore pro- cessors improve an attacker's ability to determine a user's password. Faster=more tries = less time? (f) How could an attacker utilize a botnet to eciently determine a user's password? More computers = more tries = less time (g) How could an operating system detect an attacker attempting to nd a password via brute force search? lots of random tries completely unrelated. For example a password of walnut10 if someone did wallnut10 might seem reasonable, hottopic56 wouldn't. If 1000s = probably problematic.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.