This question is concerned password authentication with random salt. We introduced the idea of using random salt as a means to mitigate offline dictionary attacks.
This question is concerned password authentication with random salt. We introduced the idea of using random salt as a means to mitigate offline dictionary attacks. For each user, the server chooses a random bit string called salt, hashes the concatenation of the users password and salt, and stores the users salt and hashed password in the users record.
1. Describe how the server authenticates a user in this method, that is, upon receiving a users username and password, how the server would determine whether or not the user is authentic.
2. Explain why it is infeasible for the attacker to precompute a rainbow table prior to compromising the server when random salt is used.
3. Suppose that an attacker is eventually able to compromise the server and obtain the users records. With the help of a dictionary of passwords at his disposal, how can the attacker determine whether he can log in as user Alice?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started