Exercise 10.2.2: Salted passwords.
An OS uses salting to prevent password guessing. Encrypting one password takes h μs. Encrypting one password with salt takes 10 times longer. Looking up and comparing a value in the password file takes c μs. The password file has n entries. An intruder is using a dictionary of m words to try to guess a valid name/password combination.
(a)
Determine the time to check if any of the dictionary words is a valid password of any user:
(b)
Compute the actual values for the two cases when h = 1 μs, c = 0.01 μs, n = 1000, and m = 100,000.
(a)
without salt : for m words dictionary and n password entries
total combinations = m*n
total time to check all combinations = no. of combinations * encryption time * check time
= (m*n) * h * c
for salted it will be 10 times of without salted because only difference is password encryption time which is 10 times to without salted
so total time to check all combinations for salted = m*n*h*c*10
(b)
without salted = 100000 * 1000 * 1 * 10^-6 * .01 * 10^-6 = .000001 sec = 1 micro sec
salted = 1 * 10 = 10 micro second
Get Answers For Free
Most questions answered within 1 hours.