1answer.
Ask question
Login Signup
Ask question
All categories
  • English
  • Mathematics
  • Social Studies
  • Business
  • History
  • Health
  • Geography
  • Biology
  • Physics
  • Chemistry
  • Computers and Technology
  • Arts
  • World Languages
  • Spanish
  • French
  • German
  • Advanced Placement (AP)
  • SAT
  • Medicine
  • Law
  • Engineering
Nataliya [291]
3 years ago
13

One of the earlier applications of crypto-graphic hash functions was the storage of passwords to authenticate usersin computer s

ystems. With this method, a password is hashed after itsinput and is compared to the stored (hashed) reference password.
(a) Assume that you are a hacker and you got access to the hashedpassword list. You would like to impersonate some of the users.Discuss which of the following three attacks below allow this. Exactlydescribe the consequences of each of the attacks:

•Attack A: You break the one-way property ofh.
•Attack B: You can find second preimages forh.
•Attack C: You can find collisions forh.

(b) Why is this technique of storing passwords often extended by theuse of a so-calledsalt? (A salt is a random value appended to thepassword before hashing. Together with the hash, the value of saltis stored in the list of hashed passwords.) Are the attacks aboveaffected by this technique?

(c) Is a hash function with an output length of 80 bit sufficient for this application?
Computers and Technology
1 answer:
vagabundo [1.1K]3 years ago
6 0

Answer: provided in the explanation part.

Explanation:

This is actually quite long but nevertheless i will make it as basic as possible.

Question (a)  

Attack A:

One way property of hash means that we can't find the input string if given the hash value. The calculation of hash from input string is possible but it is not possible to calculate the input string when given the hash. If the hash function is properly created to have one-way property then there is no way of finding the exact input string. So this attack won't work as the one-way property of hash function can't be broken if the hash function is properly created.

Attack B:

Suppose h() is the hash function. And h(x) = m where x is the string and m is the hash. Then trying to find another string y such that h(y) = m is called finding out the second pre-image of the hash.

Although we can't know the exact initial string for sure, we can by using brute force method find out a second preimage.

This attack will take a very long time. It has the time complexity of 2n. It requires the attacker to have an idea about the kind of passwords that might be used and then brute force all of them to find the string that has the same hash. Each try will have a chance of 1/2n to succeed.

Rainbow attack using rainbow table is often used for such brute-force attack. This comprises a rainbow table which contains passwords and their pre-hashed values.

Therefore, it is not possible to determine the second preimages of h so easily.

Attack C:

Collisions refer to finding out m and m' without knowing any of them. Finding out collisions is easier than finding preimages. This is because after finding out 2n pairs of input/output. The probability of two of them having the same output or hash becomes very high. The disadvantage is that we can't decide which user's hash to break. However, if I do not care about a particular user but want to get as many passwords as possible, then this method is the most feasible.

It has the time complexity of 2n/2.

Hence, this is the attack which has the most success rate in this scenario.

Question (b)

The brute force way of finding out the password usually involves using a rainbow attack. It comprises a rainbow table with millions of passwords and their hashes already computed. By matching that table against the database, the password can be recovered.

Therefore it is often preferred to salt the password. It means we add some random text to the password before calculating the hash.

The salts are usually long strings. Although users usually do not select long passwords, so a rainbow table with hashes of smaller passwords is feasible. But once salt is used, the rainbow table must accommodate for the salt also. This makes it difficult computationally. Although password might be found in the rainbow table. The salt can be anything and thus, make brute-force a LOT more difficult computationally.

Therefore salt is preferred to be added to passwords before computing their hash value.

Question (c)

A hash output length of 80 means there can be exactly 280 different hash values. This means there is at least one collision if 280+1 random strings are hashed because 280 values are used to accommodate all the possible strings. It is not hard with today's computation power to do match against more than this many strings. And doing so increases the probability of exposing a probable password of a user.

Hence, 80 is not a very secure value for the hash length.

cheers i hope this helps!!!!

You might be interested in
PLLZZZZZ HELP I WILL GIVE BRAINLIEST IF ANSWER IS RIGHT
Aloiza [94]

Answer:

The answer is candyCost = int(input("How much is the candy?"))

Explanation:

3 0
3 years ago
Read 2 more answers
Write a function swap that swaps the first and last elements of a list argument. Sample output with input: 'all,good,things,must
zubka84 [21]

Answer:

li=list(map(str,input().strip().split()))#taking input of the string.

#swapping first and last element.

temp=li[0]

li[0]=li[-1]

li[-1]=temp

print(li)#printing the list.

Explanation:

I have taken the list li for taking the input of strings.Then after that swapping first and last element of the list.Then printing the list.

7 0
3 years ago
Read 2 more answers
What are 3 websites that talk about density of different gases, density in air, behavior of different gases of earth, convection
Tanzania [10]
I don’t know if this supports all, but try lenntech, duckters, and I will add on later
6 0
3 years ago
Easy way of communication with people is one disadvantage of a network. *<br><br> 1.True<br> 2.False
Maksim231197 [3]

Answer:

false

because we are able to connect with people easily..

without have to wait for long time in the case of letters..

4 0
2 years ago
Read 2 more answers
A program is expressed in a programming language. Whiat is true of the program?
zalisa [80]

Answer:

The answer is "The program can also be expressed as a binary code, but it is easier for people to understand when it is expressed in a higher programming language".

Explanation:

In the given question some details are missing that is options of the question that can be given as follows:

A. The program can also be expressed as a binary code, but it is easier for people to understand when it is expressed in a higher programming language.  

B. The program can also be represented as a binary code that reduces the likelihood of errors.  

C. Binary code can not be used for binary code, because binary code can only represent data.  

D. Some parts of the program, however, should be printed in a higher-level language for the operation.  

The computer knows the only binary language, It is a form of 0 and 1, but this language can't be understood by the user. It will convert into high-level language, that is understood by the user, that's why this option is correct.  In which accepts of option A, all options are wrong that can be described as follows:

  • In option B, It is wrong, because the user may not understand binary language, and he can also be writing some wrong code that is converted in binary code, that will increase error.
  • In option C and option D, is incorrect because all the data that is stored in the computer is in the form of binary code.

4 0
3 years ago
Other questions:
  • What statement best describes Konrad Zuse?
    6·2 answers
  • What process combines data from a list with the content of a document to provide personalized documents?
    9·2 answers
  • You have a chart that shows 100 data points and you've circled the highest value. Which of the following are you using?
    8·1 answer
  • In C++ write a program that prints out PI as a type double and a type float EXACTLY as shown below. Your program should have ONE
    13·1 answer
  • The file descriptor stderr is represented by the number ____.
    6·1 answer
  • What is the result of expression 15 &gt; 10 &gt; 5 in C? What is the result of the same expression in Java?
    14·1 answer
  • Keyshia wants to add movement to her PowerPoint presentation. Which tab should she use to complete this task
    15·2 answers
  • 1) "Information systems are revolutionizing the way businesses function in the 21st century," Do you agree or disagree with this
    5·1 answer
  • What is the role of computer in education sector?​
    13·1 answer
  • The Ocean Medallion is a wearable device that connects virtually to various devices on board a cruise ship. When a guest is wear
    14·1 answer
Add answer
Login
Not registered? Fast signup
Signup
Login Signup
Ask question!