Cryptography Reference
In-Depth Information
9 . What is the size of the password space if we permit passwords to consist
only of:
(a) eight alphabetic characters (not case sensitive);
(b) eight alphabetic characters (case sensitive);
(c) six alphanumeric characters (case sensitive);
(d) eight alphanumeric characters (case sensitive);
(e) ten alphanumeric characters (case sensitive);
(f) eight alphanumeric characters and keypad symbols (case sensitive);
10 . FIPS 181 describes a standard for an automated password generator.
(a) What desirable password properties do passwords generated using
FIPS 181 have?
(b) How does FIPS 181 generate the required randomness?
11 . Let E be a symmetric encryption algorithm (such as AES), K be a publicly
known symmetric key, and P be a password. The following function F has been
suggested as a one-way function suitable for storing passwords:
F ( P )
=
E K ( P )
P
.
(a) Explain in words how to compute F ( P ) from P .
(b) Since the key K is publicly known, explain why an attacker cannot reverse
F ( P ) to obtain P .
(c) What advantages and disadvantages does this one-way function have over
the UNIX password function described in Section 8.4.2?
12 . An alternative function for storing passwords is LAN Manager hash .
(a) Which applications use LAN Manager hash?
(b) Explain how LAN Manager hash uses symmetric encryption to protect a
password.
(c) What criticisms have been made about the security of LAN Manager hash?
13 . Passwords stored on a computer in encrypted formare a potential attack target.
Explain how encrypted passwords can be attacked by using:
(a) an exhaustive search;
(b) a dictionary attack;
(c) rainbow tables.
14 . Biometric technologies provide a source of identity information that could
be used as part of an entity authentication mechanism based on use of an
electronic identity card.
(a) What biometric technology might be suitable for such an application?
(b) What issues (technical, practical and sociological) might arise through the
use of your chosen biometric technology?
Search WWH ::




Custom Search