Homework 3, Authentication.

Short Description:

Answer questions associated with authentication and access control.

Goals

When you finish this homework, you should have:

Formal Description

Answer the following questions in a word document. Make sure that you note any collaborators.
  1. The Edinboro policy requires that a new password meet the requirements in the following image.
    1. A student in one of your gen-ed classes is upset by the complexity of these rules. Explain, in non-technical language why these rules are important.
    2. Is there provide another simple rule that could be added to strengthen passwords even further.
  2. You have a 8 core cpu capable of creating, encrypting and checking a password every 2 ms on a single core. Assuming the process to create, encode and check a password is perfectly parallelizable,
    1. How long would it take to brute force crack a password that meets all of the EUP criteria?
    2. Ignoring the first criteria, what is the longest password you could brute force crack in 15 weeks?
    Please state all of your assumptions and show all of your work.
  3. Under what conditions does adding a salt to an encrypted password make the encryption stronger? Where is this not effective?
  4. Question 14, page 129 from the book
    List three authentication questions (but not the answers) your credit card company could ask to authenticate you over the phone. Your questions should be ones to which an impostor could not readily obtain the answers. How difficult would it be for you to provide the correct answer (for example, you would have to do something up or you would have to do a quick arithmetical calculation)?
  5. Question 16, page 129 from the book
    Defeating authentication follows the method-opportunity-motive paradigm described in Chapter 1. Discuss how these three factors apply to an attack on authentication.

Required Files

A single word document.

Submission

Submit the assignment to the D2L folder Homework 3 by the due date.