$(15$ points$)$ Password file hashing.

To make sure the passwords of users are securely stored, we normally need to

hash each password in the password file. Is SHA$-512$ a good candidate for

password hashing? Why or why not?

Somebody suggested a protocol like this: the client side hash the password

before sending to the server side, but both username and password are not

encrypted during the transmission. The server just need to compare the

presented hashed password with the corresponding record in the hashed

password file to find out whether the password presented was accurate or not.

Is this a secure solution? Justify your conclusion.

Suppose a company has $n$ users and $n$ password records that are stored in the

hashed format. Each password is $10$ characters long and there are $128$

possible choices of characters. A hacker has obtained this password file and

plan to use the brute$-$force way to find out all n passwords.

i$.$ What is the lowest computing complexity for the case when salt was

not used?

ii$.$ What is the lowest computing complexity for the case when salt was

used? Note that for both cases you need to consider the practicality of

available memory.