Answered step by step
Verified Expert Solution
Link Copied!
Question
1 Approved Answer

This question is concerned password authentication with random salt. We introduced the idea of using random salt as a means to mitigate offline dictionary attacks.

This question is concerned password authentication with random salt. We introduced the idea of using random salt as a means to mitigate offline dictionary attacks. For each user, the server chooses a random bit string called salt, hashes the concatenation of the users password and salt, and stores the users salt and hashed password in the users record.

1. Describe how the server authenticates a user in this method, that is, upon receiving a users username and password, how the server would determine whether or not the user is authentic.

2. Explain why it is infeasible for the attacker to precompute a rainbow table prior to compromising the server when random salt is used.

3. Suppose that an attacker is eventually able to compromise the server and obtain the users records. With the help of a dictionary of passwords at his disposal, how can the attacker determine whether he can log in as user Alice?

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image
Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Modern Database Management

Authors: Jeff Hoffer, Ramesh Venkataraman, Heikki Topi

12th edition

133544613, 978-0133544619

More Books

Students explore these related Databases questions