1 / 1 80% Assignment 2 Due Date: Wednesday, January 5, 2022 1. (30 points) Consider password authentication. (a) Suppose an off-line dictionary attack is used, and suppose the attacker has prepared a dictionary of 10,0000 entries, the password file contains 1000 users with 50 different salt values (Salt values correlation to user accounts attackers is unknown to the attacker). If the attacker's goal is to get as many passwords as possible, how many hash values would the attacker compute in the worst case? (b) B on the above part, how many comparisons between hash values are needed in the worse case? 2. (30 points) A Digital Certificate usually contains an identity and other fields such as certificate isster's name etc. (a) Explain the process for a service owner (le web application) to get a Digital Certificate. (b) How does the Digital Certificate issued in part{a) enable any end user to detect the man in the middle attack? (c) What is the impact on the validity of the Digital Certificate if the hash algorithm used is not wenk collision resistant? Justify your answer. 3. (40 points) Ali is the owner and can read and write to the file grades.xlsx, controls and can read the file salaries.xlsx, and can execute the file dean.exe. Ahmed can read, write, and execute from grades.xlsx and can not access(no read, no write, and no execute) salaries.xloc or dean.exe (a) Build an access control matrix that reflects the above description (b) After applying all the below sequence of commands, draw the final extended access control Matrix matrix 1. All transfer write privilege to Ahmed on grades xlsx 2. Ali transfer rend privilege to Ahmed on dean xbox 3. Ali delete read privilege from Ahmed on grades.xlex 4. Ahmed destroy grades xlix. 5. All destroy salaries.xlsx