Hi guys! I really don\'t even know where to start with these questions. Any help

Question

Hi guys!

I really don't even know where to start with these questions. Any help would be great! Thanks!

Consider a password-based authentication system. The system uses a password file that stores the hashed value of each password. To simplify your calculations, assume that passwords in this system are exactly 10 bits long.

a) What is the maximum number of attempts needed by an adversary launching a dictionary attack to gain access to all valid passwords in the system?

b) Assume that the password file in this system stores the passwords of 225 users and all passwords are distinct. What is the maximum number of attempts needed in a dictionary attack launched to gain access to one valid password, i.e., the attack stops after finding the first valid password?

c) What is the length (in bits) of the salt needed to generate at least a five-fold increase in the maximum number obtained in part (a)? Assume the attacker does not have access to the salt field.

Explanation / Answer

a) dictionary attacks have precalculated dictionaries. so it depends on the size of your guessed words in dictionary how many attempts it takes. If you take all 10 bit possiblities then you have to attempt 2^10 times = 1024

b) average attempts will be 2^10/225 but the maximum no of attempts may go to
2^10 - 225 + 1 = 1024 - 224 = 800 attempts

c) 5 fold increase would need to ceil(log25) more bits than account to 3 bit salt

Related Questions

Navigate

• Browse (All)
• Browse H
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.