Unix based operating systems use the salt scheme in order to secure passwords. Answer the following questions:
Question:
Unix based operating systems use the salt scheme in order to secure passwords. Answer the following questions:
a. What is the purpose of the salt?
b. Is salt helpful in an online dictionary attack? Explain if your answer is yes.
c. What mechanisms can an attacker use to make an offline dictionary attack on a UNIX system fast and efficient ?
d. Assume an attacker has compiled a dictionary of 10,000 entries for an off-line dictionary attack on a server with 100 users. If the Operating System uses salt, and the attacker's goal is to get a particular user Bob's password. How many hash values will the attacker compute in the worst case?
e. If the attacker's goal is not to get a particular user's password, but to get as many passwords as possible, what is your answer then?
f. The UNIX machine has advanced its authentication processes by using facial recognition biometrics for authentications. However the system has a high false non-match rate. Can you explain what that means? How can you overcome the problem of false non-match?
Principles Of Information Security
ISBN: 9780357506431
7th Edition
Authors: Michael E. Whitman, Herbert J. Mattord