Write pseudocode for the password guessing algorithm, Computer Network Security

Write Pseudocode for the password guessing algorithm:

Consider the following authentication protocol:

Client

Transmission

Host

Explanation

U, user

U à

 

I am user U

 

ß {n, DES, SHA-1}

n, random challenge, DES, SHA-1

- I have SHA_1(P(U)), where P(U) is password of user U

 

- Here is a random challenge n, please use DES and SHA-1 to generate a response

r=DES(n, SHA-1(P))

U, rà

 

Response r is the encryption of the hash of the password P of user U using key n, DES for encryption, and SHA-1 for hashing.

 

 

ß yes/no

Compare: DES-1(n, r) to SHA_1(P(U))

Can the password of user U be obtained by using an offline password guessing attack? If your answer is yes, describe the attack and write pseudocode for the password guessing algorithm.  If your answer is no, describe why the protocol is resistant to an offline guessing attack.

2) Using RSA, perform an encryption then a decryption of the message M=5 using p=3, q=11, and e=7. (please add explanation, Show all your work, not just the final answer.)

3) You are the designer of a password security policy that requires passwords to expire once they have a probability of 0.001 of being guessed.  A potential attacker can test 1,000,000 passwords per second. If you chose passwords to be alphanumeric ("A" through "Z", "a" through "z", and "0" through "9"), what would you have to set the maximum lifetime of a password to in order to meet the required guessing probability (represent in days)?Assume the password size is 9 characters.

Posted Date: 2/15/2013 2:20:40 AM | Location : United States







Related Discussions:- Write pseudocode for the password guessing algorithm, Assignment Help, Ask Question on Write pseudocode for the password guessing algorithm, Get Answer, Expert's Help, Write pseudocode for the password guessing algorithm Discussions

Write discussion on Write pseudocode for the password guessing algorithm
Your posts are moderated
Related Questions
REASON FOR MULTIPLE TOPOLOGIES Every topology has disadvantages and advantages, which are described below: IN A RING:  It is simple to coordinate access to other dev

Divide the user data into 6 equal sets. Use the first set for the enrollment phase of your system, and the rest for the verification phase. Use the following formula to calculate t

Problem: (a) What is a firewall and which are its most important tasks? (b) What is the difference between default deny and default permit? Which advantages and disadvanta

Problem a) Give three reasons why traditional Network Design approach is less appropriate for many of today's networks? b) The network requires of users are organized into m

Threat Identification After identifying and performing a primary classification of an organization’s information assets, the analysis phase moves onto an examination of threats

Consider the following case study: In order to avoid criticisms of their existing manned road-toll payment system on its private road, WS-Pass has decided to adopt an automated

What key which if used to encrypt the ciphertext again would give back the plaintext (i.e. key is a weak key)? Define a formula for identifying weak keys for the cipher below (

Question 1 (a) Explain briefly the following terms as used in network security: (i) Denial of service (DoS) attack (ii) Birthday attack (iii) DeMilitarized Zone

A  full-duplex (FDX) , accepts communication in both ways, and, unlike half-duplex, accept this to occur simultaneously. Land-line telephone networks are full-duplex, since they

Application-Based IDS Application-based IDS (AppIDS) is an advanced version of HIDS. It examines application for abnormal events. The ability to view encrypted data is the uniqu