6(a)

Note: for the next few problems on hashing, please read all details carefully, as they may change between questions. Please enter exact numbers. Not all information is guaranteed to be relevant.

Consider a system that uses a 32-bit unique salt where users have a 4-digit number as a password (e.g. 6813). Eve wants to crack the accounts of two users, Alice and Bob. Eve performs an online attack, and is able to guess 1 password per second, though there is no lockout after guessing too many times. In the worst case, in seconds, how long will it take Eve to crack both Alice's and Bob's accounts?

Answer:

(b)

Consider a system with no salts where users have a 4-digit number as a password (e.g. 6813). Eve wants to crack the accounts of two users, Alice and Bob. Eve gets the password file and performs an offline brute force attack, where she can hash 1000 passwords every second. Assume that the time to compare the hashes is negligible. In the worst case, in seconds, how long will it take Eve to crack both Alice's and Bob's accounts?

Answer:

(c)

Consider a system that uses a 32-bit unique salt where users have a 4-digit number as a password (e.g. 6813). Eve wants to crack the accounts of two users, Alice and Bob. Eve gets the password file and performs an offline brute force attack, where she can hash 1000 passwords every second. Assume that the time to compare the hashes is negligible. In the worst case, in seconds, how long will it take Eve to crack both Alice's and Bob's accounts?

Answer:

Note: for the next few problems on hashing, please read all details carefully, as they may change between questions. Please enter exact numbers. Not all information is guaranteed to be relevant. Consider a system that uses a 32-bit unique salt where users have a 4-digit number as a password (e.g. 6813). Eve wants to crack the accounts of two users, Alice and Bob. Eve performs an online attack, and is able to guess 1 password per second, though there is no lockout after guessing too many times. In the worst case, in seconds, how long will it take Eve to crack both Alice's and Bob's accounts? Answer: Consider a system with no salts where users have a 4-digit number as a password (e.g. 6813). Eve wants to crack the accounts of two users, Alice and Bob. Eve gets the password file and performs an offline brute force attack, where she can hash 1000 passwords every second. Assume that the time to compare the hashes is negligible. In the worst case, in seconds, how long will it take Eve to crack both Alice's and Bob's accounts? Answer: Consider a system that uses a 32-bit unique salt where users have a 4-digit number as a password (e.g. 6813). Eve wants to crack the accounts of two users, Alice and Bob. Eve gets the password file and performs an offline brute force attack, where she can hash 1000 passwords every second. Assume that the time to compare the hashes is negligible. In the worst case, in seconds, how long will it take Eve to crack both Alice's and Bob's accounts? Answer: Note: for the next few problems on hashing, please read all details carefully, as they may change between questions. Please enter exact numbers. Not all information is guaranteed to be relevant. Consider a system that uses a 32-bit unique salt where users have a 4-digit number as a password (e.g. 6813). Eve wants to crack the accounts of two users, Alice and Bob. Eve performs an online attack, and is able to guess 1 password per second, though there is no lockout after guessing too many times. In the worst case, in seconds, how long will it take Eve to crack both Alice's and Bob's accounts? Answer: Consider a system with no salts where users have a 4-digit number as a password (e.g. 6813). Eve wants to crack the accounts of two users, Alice and Bob. Eve gets the password file and performs an offline brute force attack, where she can hash 1000 passwords every second. Assume that the time to compare the hashes is negligible. In the worst case, in seconds, how long will it take Eve to crack both Alice's and Bob's accounts? Answer: Consider a system that uses a 32-bit unique salt where users have a 4-digit number as a password (e.g. 6813). Eve wants to crack the accounts of two users, Alice and Bob. Eve gets the password file and performs an offline brute force attack, where she can hash 1000 passwords every second. Assume that the time to compare the hashes is negligible. In the worst case, in seconds, how long will it take Eve to crack both Alice's and Bob's accounts