Homework Sourse Homework Sourse

Charlie has discovered and decrypted the file that associate

Charlie has discovered and decrypted the file that associates each userid with its 24-bit random salt value, and he has also discovered and decrypted the password file, which contains the salted-and-hashed passwords for the 200 people in his department. If he has a dictionary of 500,000 words and he is confident that all 200 people have passwords from this dictionary, what is the size of his search for performing a dictionary attack on their passwords? If there was no salting used in the system, what would be different in the attack Charlie had to perform (what would be the size of the search Charlie would need to do)? Bob having heard about the attack Charlie performed, thinks that generating and storing a random salt value for each userid is a waste. Instead, he is proposing that his system administrators use a cryptographic hash of the userid as its salt. Describe whether this choice impacts the security of salted passwords and include an analysis of the respective search space sizes. Would Bob\'s system be harder or easier for Charlie to attack and in what way?

Solution

a) charlie\'s size of his search for performing a dictionary attck on thier password is 500,000 words.

If there are no salting used in the system charlie would not perform any attack. depends upon his ids and salting only he performs the attacks.

b) Criptographic hashing is one way. You can not get convert your data/ string from a hash code.

where as,Encryption is 2 way you can decrypt again the encrypted string if you have the key with you.

bob\'s system is harder and secured comparing with charlie\'s to attack. because

If you have a usecase where you have determined that encryption is necessary, you then need to choose between symmetric and public key encryption. Symmetric encryption provides improved performance, and is simpler to use, however the key needs to be known by both the person/software/system encrypting and decrypting data.

Yes this security might be impacts the security of salted passwords and include an analysis of the respective search space sizes.

Charlie has discovered and decrypted the file that associates each userid with its 24-bit random salt value, and he has also discovered and decrypted the passw

Get Help Now

Submit a Take Down Notice
Tutor
Tutor: Dr Jack
Most rated tutor on our site