It was stated that the inclusion of the salt in the UNIX password scheme increases the difficulty of guessing. Let’s use a case to explain why it is asserted that the salt increases security although the salt is stored in plaintext in the same entry as the corresponding ciphertext password. Let’s assume that (1) a computing system adopts the traditional UNIX password scheme (password length: up to 8 characters) and (2) the adversary has obtained a password file containing 4000 entries, each using a unique 12-bit salt. (Hint: there are 95 printable ASCII characters.)
WHAT IS crypt(3)??
crypt() is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search. key is a user's typed password.
salt is a two-character string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algorithm in one of 4096 different ways.
a] Very often users are required to create their password according to a special policy that dictates, for instance, the minimum length of the password or whether the password must contain digits or special characters.
The number of all possible passwords is P = 95^6 + 95^7 + 95^8 ≈ 66.7*10^13 ∗ . The attacker would need ≈ 32years on average
Get Answers For Free
Most questions answered within 1 hours.