1. (30 points) Consider password authentication. (a) Suppose an off-line dictionary attack is used, and suppose the attacker has prepared a dictionary of 10,0000 entries, the password file contains 1000 users with 50 different salt values(Salt values correlation to user accounts attackers is unknown to the attacker). If the attackers goal is to get as many passwords as possible, how many hash values would the attacker compute in the worst case? (b) Based on the above part, how many comparisons between hash values are needed in the worse case? 2. (30 points) A Digital Certificate usually contains an identity and other fields such as certificate issuers name etc. (a) Explain the process for a service owner (i.e. web application) to get a Digital Certificate. (b) How does the Digital Certificate issued in part(a) enable any end user to detect the man in the middle attack? (c) What is the impact on the validity of the Digital Certificate if the hash algorithm used is not weak collision resistant? Justify your answer. 3. (40 points) Ali is the owner and can read* and write to the file grades.xlsx, controls and can read the file salaries.xlsx, and can execute the file dean.exe. Ahmed can read, write, and execute from grades.xlsx, and can not access(no read, no write, and no execute) salaries.xlsx or dean.exe. (a) Build an access control matrix that reflects the above description (b) After applying all the below sequence of commands, draw the final extended access control Matrix matrix. 1. Ali transfer write privilege to Ahmed on grades.xlsx 2. Ali transfer read privilege to Ahmed on dean.xlsx 3. Ali delete read privilege from Ahmed on grades.xlsx 4. Ahmed destroy grades.xlsx. 5. Ali destroy salaries.xlsx