Homework 3, Authentication.

Short Description:

Goals

• Strengthened your understanding of the concepts involved in Authentication.

Formal Description

1. The Edinboro policy requires that a new password meet the requirements in the following image.
   1. A student in one of your gen-ed classes is upset by the complexity of these rules. Explain, in non-technical language why these rules are important.
   2. Is there provide another simple rule that could be added to strengthen passwords even further.
2. You have a 8 core cpu capable of creating, encrypting and checking a password every 2 ms on a single core. Assuming the process to create, encode and check a password is perfectly parallelizable,
   1. How long would it take to brute force crack a password that meets all of the EUP criteria?
   2. Ignoring the first criteria, what is the longest password you could brute force crack in 15 weeks?
   Please state all of your assumptions and show all of your work.
3. Under what conditions does adding a salt to an encrypted password make the encryption stronger? Where is this not effective?
4. Question 14, page 129 from the book

   List three authentication questions (but not the answers) your credit card company could ask to authenticate you over the phone. Your questions should be ones to which an impostor could not readily obtain the answers. How difficult would it be for you to provide the correct answer (for example, you would have to do something up or you would have to do a quick arithmetical calculation)?

5. Question 16, page 129 from the book

   Defeating authentication follows the method-opportunity-motive paradigm described in Chapter 1. Discuss how these three factors apply to an attack on authentication.

Required Files

Submission