1answer.
Ask question
Login Signup
Ask question
All categories
  • English
  • Mathematics
  • Social Studies
  • Business
  • History
  • Health
  • Geography
  • Biology
  • Physics
  • Chemistry
  • Computers and Technology
  • Arts
  • World Languages
  • Spanish
  • French
  • German
  • Advanced Placement (AP)
  • SAT
  • Medicine
  • Law
  • Engineering
Nataliya [291]
3 years ago
13

One of the earlier applications of crypto-graphic hash functions was the storage of passwords to authenticate usersin computer s

ystems. With this method, a password is hashed after itsinput and is compared to the stored (hashed) reference password.
(a) Assume that you are a hacker and you got access to the hashedpassword list. You would like to impersonate some of the users.Discuss which of the following three attacks below allow this. Exactlydescribe the consequences of each of the attacks:

•Attack A: You break the one-way property ofh.
•Attack B: You can find second preimages forh.
•Attack C: You can find collisions forh.

(b) Why is this technique of storing passwords often extended by theuse of a so-calledsalt? (A salt is a random value appended to thepassword before hashing. Together with the hash, the value of saltis stored in the list of hashed passwords.) Are the attacks aboveaffected by this technique?

(c) Is a hash function with an output length of 80 bit sufficient for this application?
Computers and Technology
1 answer:
vagabundo [1.1K]3 years ago
6 0

Answer: provided in the explanation part.

Explanation:

This is actually quite long but nevertheless i will make it as basic as possible.

Question (a)  

Attack A:

One way property of hash means that we can't find the input string if given the hash value. The calculation of hash from input string is possible but it is not possible to calculate the input string when given the hash. If the hash function is properly created to have one-way property then there is no way of finding the exact input string. So this attack won't work as the one-way property of hash function can't be broken if the hash function is properly created.

Attack B:

Suppose h() is the hash function. And h(x) = m where x is the string and m is the hash. Then trying to find another string y such that h(y) = m is called finding out the second pre-image of the hash.

Although we can't know the exact initial string for sure, we can by using brute force method find out a second preimage.

This attack will take a very long time. It has the time complexity of 2n. It requires the attacker to have an idea about the kind of passwords that might be used and then brute force all of them to find the string that has the same hash. Each try will have a chance of 1/2n to succeed.

Rainbow attack using rainbow table is often used for such brute-force attack. This comprises a rainbow table which contains passwords and their pre-hashed values.

Therefore, it is not possible to determine the second preimages of h so easily.

Attack C:

Collisions refer to finding out m and m' without knowing any of them. Finding out collisions is easier than finding preimages. This is because after finding out 2n pairs of input/output. The probability of two of them having the same output or hash becomes very high. The disadvantage is that we can't decide which user's hash to break. However, if I do not care about a particular user but want to get as many passwords as possible, then this method is the most feasible.

It has the time complexity of 2n/2.

Hence, this is the attack which has the most success rate in this scenario.

Question (b)

The brute force way of finding out the password usually involves using a rainbow attack. It comprises a rainbow table with millions of passwords and their hashes already computed. By matching that table against the database, the password can be recovered.

Therefore it is often preferred to salt the password. It means we add some random text to the password before calculating the hash.

The salts are usually long strings. Although users usually do not select long passwords, so a rainbow table with hashes of smaller passwords is feasible. But once salt is used, the rainbow table must accommodate for the salt also. This makes it difficult computationally. Although password might be found in the rainbow table. The salt can be anything and thus, make brute-force a LOT more difficult computationally.

Therefore salt is preferred to be added to passwords before computing their hash value.

Question (c)

A hash output length of 80 means there can be exactly 280 different hash values. This means there is at least one collision if 280+1 random strings are hashed because 280 values are used to accommodate all the possible strings. It is not hard with today's computation power to do match against more than this many strings. And doing so increases the probability of exposing a probable password of a user.

Hence, 80 is not a very secure value for the hash length.

cheers i hope this helps!!!!

You might be interested in
When working in Photoshop with the move tool, you can select multiple layers and use this option to arrange them into a straight
wel

Answer:

Distribute -  will put all of the layers in a straight line across the image

6 0
3 years ago
Read 2 more answers
Consider a set of mobile computing clients in a certain town who each
poizon [28]

Answer: answer given in the explanation

Explanation:

We have n clients and k-base stations, say each client has to be connected to a base station that is located at a distance say 'r'. now the base stations doesn't have allocation for more than L clients.

To begin, let us produce a network which consists of edges and vertex

Network (N) = (V,E)

where V = [S, cl-l, - - - -  cl-n, bs-l - - - - - - bs-k, t]

given that cl-l, - - - - - cl-n represents nodes for the clients

also we have that bs-l, - - - - - bs-k represents the nodes for base station

Also

E = [ (s, cl-i), (cl-i,bs-j), (bs-j,t)]

(s, cl-i) = have capacity for all cl-i (clients)

(cl-i,bs-j) = have capacity for all cl-i  clients & bs-j (stations)

⇒ using Fond Fulkorson algorithm we  find the max flow in N

⇒ connecting cl-i clients to  bs-j stations

      like (cl-i, bs-j) = 1

   if f(cl-i, bs-j)  = 0

⇒ say any connection were to produce a valid flow, then

if cl-i (clients) connected                f(s,cl-i) = 1 (o otherwise)

if cl-i (clients) connected  to bs-j(stations)   f(cl-i,bs-j) = 1 (o otherwise)

   f(bs-j,t) = no of clients  (cl-i)  connected to bs-j

⇒ on each node, the max flow value (f) is longer than the no of clients that can be connected.

⇒ create the connection between the client and base station i.e. cl-l to base bs-j iff    f(cl-i, bs-j) = 1

⇒ when considering the capacity, we see that any client cannot directly connect to the base stations, and also the base stations cannot handle more than L clients, that is because the load allocated to the base statsion is L.

from this, we say f is the max no of clients (cl-i) that can be connected if we find the max flow, we can thus connect the client to the base stations easily.

cheers i hope this helps

5 0
3 years ago
BRAINLIEST ANSWER AWARDED PLEASE HELP
Aleksandr-060686 [28]
When a formula produces output that is too lengthy to fit in the spreadsheet cell, the error that will show is "#####". When you enter an invalid cell reference in a formula, for instance using "AVE(" instead of "AVERAGE("; the error that will show is "#NAME?". When you type text in cells that accept numeric data, for instance adding 1 + 1 + A; then the error that will show is "#VALUE". Lastly, when you type in a cell reference that does not exist, the error that will show is "#REF".
4 0
3 years ago
Describe the difference between the circumscribed and inscribed options when using the AutoCAD Polygon command
marysya [2.9K]

Answer: Describe the difference between circumscribed and inscribed options when using the autocad polygon tool. Circumscribed draws the object around the circle while inscribed draws the object inside the circle. The Length is equal to 5.3151 and the Angle is equal to 41 degrees.

Explanation:

3 0
2 years ago
What does the /var directory contain?
Ghella [55]

Answer:A

Explanation:

The /var Directory. /var is a standard subdirectory of the root directory in Linux and other Unix-like operating systems that contains files to which the system writes data during the course of its operation

3 0
3 years ago
Other questions:
  • Is a software program that allows users to access the world wide web
    10·1 answer
  • What is the primary purpose for a screen saver in windows?
    8·1 answer
  • Using the media as equipment for living. Explain how you would use some form of media to serve a purpose in your life—and what t
    6·2 answers
  • How can volunteering yo help plan fundraiser for your team or club be a way to develop your strengths?
    13·1 answer
  • In information systems, _____ is information from a system that is used to make changes to input or processing activities.
    6·1 answer
  • Describe how electrons move between atoms to create electricity.
    7·2 answers
  • Write the method addItemToStock to add an item into the grocery stock array. The method will: • Insert the item with itemName ad
    12·1 answer
  • Widow in respect to word processing ​
    15·1 answer
  • Which control segment communicates with the satellites? OA master stations O B. monitoring stations O C. ground antennas D. cont
    7·1 answer
  • Copy the formula in cell M7 to the range M8:M15, and edit the copied formulas to return the value from the column indicated by t
    15·1 answer
Add answer
Login
Not registered? Fast signup
Signup
Login Signup
Ask question!