he designers of the UNIX password algorithm used a 12-bit salt to perturb the fi

Question

he designers of the UNIX password algorithm used a 12-bit salt to perturb the first and third sets of 12 entries in the E-table of the UNIX hashing function (the DES). Consider a system with 2^24 users. Assume that each user is assigned a salt from a uniform random distribution and that anyone can read the password hashes and salts for the users.

What is the expected time to find all users' passwords using a dictionary attack?

Assume that eight more characters were added to the password and that the DES algorithm was changed so as to use all 16 password characters. What would be the expected time to find all users' passwords using a dictionary attack?

Assume that the passwords were eight characters long but that the salt length was increased to 24 bits. Again, the salts (and the corresponding algorithms) are known to all users. What would be the expected time to find all users' passwords using a dictionary attack?

Explanation / Answer

think the answer depends on what type of class you're taking. This could be a time complexity problem (theoretical) or more practical. In either case, here is what you know: you have a fairly large user population, each user has a unique salt, and anyone can read the salt and password hash for any user. You find a link to a benchmark of a large list of ciphers and hash functions here, which can be used as a guide to figure out how much data you can pump through a hash function. Without giving away too much, figure out what the purpose of adding a salt value provides in computing a hash.

Related Questions

Navigate

• Browse (All)
• Browse H
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.