Question: The Passfaces based password system was described during lectures. Consider a Passfaces system with a database of faces containing 100 entries in total. A user
The Passfaces based password system was described during lectures. Consider a Passfaces system with a database of faces containing 100 entries in total. A user of this system is given a set of 5 randomly chosen passfaces from the database to memorize as their password. During verification, a user is presented with 5 challenges. In each challenge the user is shown a 3 x 3 matrix of faces. Each matrix includes one passface from the user's password set, and also 8 decoy faces chosen randomly from the remaining 95 entries in the database. In each challenge the user is asked to identify the passface from their password set. If the user passes each challenge, the user is authenticated 01.1 Assuming the face database is public, what is the entropy of the passwords? Q1.2 What is the probability of an adversary guessing the password of a selected user? 01.3 Would the security increase if the database was not public? Justify your answer 01.4 What is the probability of an adversary guessing the password if the system allows one incorrectly answered challenge? 01.5 Describe two attacks that are more effective in Passfaces compared to traditional password systems. You may assume the attacker has access to a verification terminal (Passfaces, or password system) that blocks an account after 3 unsuccessful attempts
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help