Question

It was stated that the inclusion of the salt in the UNIX password scheme increases the...

It was stated that the inclusion of the salt in the UNIX password scheme increases the difficulty of guessing. Let’s use a case to explain why it is asserted that the salt increases security although the salt is stored in plaintext in the same entry as the corresponding ciphertext password. Let’s assume that (1) a computing system adopts the traditional UNIX password scheme (password length: up to 8 characters) and (2) the adversary has obtained a password file containing 4000 entries, each using a unique 12-bit salt. (Hint: there are 95 printable ASCII characters.)        

  1. In order to crack all the 4000 hashed passwords in the password file on a UNIX system, how many times does the hash routine, i.e., crypt(3), need to run in the worst case?

  1. If the salt is NOT used, how many times does the hash routine, i.e., crypt(3), need to run in the worst case in order to crack all the 4000 hashed passwords?       
  1. If 24-bit salt is used for this case, does the hash routine need to run more times in the worst case to crack all the 4000 hashed passwords? If so, how many more?  

Homework Answers

Answer #1

WHAT IS crypt(3)??

crypt() is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search. key is a user's typed password.

salt is a two-character string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algorithm in one of 4096 different ways.

a] Very often users are required to create their password according to a special policy that dictates, for instance, the minimum length of the password or whether the password must contain digits or special characters.

The number of all possible passwords is P = 95^6 + 95^7 + 95^8 ≈ 66.7*10^13 ∗ . The attacker would need ≈ 32years on average

Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions