You are impressed by how a one-time pad provides perfect cryptographic security

Question

You are impressed by how a one-time pad provides perfect cryptographic security so long as the pads are kept secret. (a) Briefly outline how you might adapt this one-time pad approach in order to supply passwords for bank accounts, i.e. what would be stored on such a password pad, how would the pads then be used, how strong could these passwords be, why would dictionary and brute-force attacks on these passwords be difficult to carry out, and when could this one-time pad approach to passwords actually be more effective than the usual approaches to passwords? (b) What are at least two different disadvantages of such an approach compared to the traditional management of passwords?

Explanation / Answer

One time pad is an encryption technique which requires the use of one tie password. It is valid only for one session or one transaction. That is why it is very suitable for banking transaction.

When user wants to transfer money in a banking transaction, the user inputs the amount to be transferred and the beneficiary account number. The bank then sends a one-time password for completing this transaction. One time password is normally a 6 digit number which is sent only to the mobile device registered at the bank. The customer can complete this banking transaction by entering the one time password. This one time password provides authentication, integrity and confidentiality in banking transactions.

This method requires a user to have a registered mobile device and a PIN (one time pad send from bank) to perform a banking transaction.

One time pad is not vulnerable to brute force attack and dictionary attack. These passwords are very strong. Brute force attack involves exhaustively trying out all the possibilities. Dictionary attack is a technique for finding out one time pad by trying hundreds or millions of possibilities such as words in a dictionary.

One time pad are not vulnerable to replay attacks. A hacker who is already logged in may somehow get a one-time pad, but will not be able to use it, since it is valid only for a session.

Brute force attack on one time pad will give all possibilities of messages which are meaningful or not meaningful. Then it is very difficult to guess the real message.

Example: A 140 character onetime pad subjected to brute force attack will result in every 140 character strings possible, including the correct one. But it is not possible to guess the correct one.

Limitations

It is difficult to memorize.

Only secure if used in a single transaction .

Difficult in key generation, exchange and management

Each time a new password is to be generated

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.