(Q5.) An online e-commerce website allows a user to login to the website uses username and password. To avoid password leakage during data transmission, the website introduces the following login protocol between the client PC and the website: 1. User enters his username (U) and password (P) to the client PC 2. The client PC sends the username (U) to the website in plain form 3. The website extracts the password (P) for the username (U) from his password database, generates a random number N, and encrypts N with SHA1(P) as the key using AES, then sends the encrypted result back to the client PC 4. The client PC decrypts the reply from the website using SHA1(P) and obtains N 4 5. The client then encrypts N-1 with SHA1(P) as the key using AES, then sends the encrypted result to the website again 6. The website decrypts the message from the client to obtain N-1 and the login is successful 7. The client PC and the website then communicate without any encryption In order to protect the communication between the client and the website, it is suggested the communication in step 7 above be encrypted with the password (P) as the key using AES-128. If P is less than 128 bits, it is padded with O to create a 128 bits key. What is the problem with such approach if the average password length is 6? (Q5.) An online e-commerce website allows a user to login to the website uses username and password. To avoid password leakage during data transmission, the website introduces the following login protocol between the client PC and the website: 1. User enters his username (U) and password (P) to the client PC 2. The client PC sends the username (U) to the website in plain form 3. The website extracts the password (P) for the username (U) from his password database, generates a random number N, and encrypts N with SHA1(P) as the key using AES, then sends the encrypted result back to the client PC 4. The client PC decrypts the reply from the website using SHA1(P) and obtains N 4 5. The client then encrypts N-1 with SHA1(P) as the key using AES, then sends the encrypted result to the website again 6. The website decrypts the message from the client to obtain N-1 and the login is successful 7. The client PC and the website then communicate without any encryption In order to protect the communication between the client and the website, it is suggested the communication in step 7 above be encrypted with the password (P) as the key using AES-128. If P is less than 128 bits, it is padded with O to create a 128 bits key. What is the problem with such approach if the average password length is 6