Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Ashley Madison is an online dating service for people seeking extra marital affa

ID: 3862190 • Letter: A

Question

Ashley Madison is an online dating service for people seeking extra marital affairs – their motto is “Life is short. Have an affair.” In the summer of 2015, a hacking group known as “The Impact Team” released files that they claimed included all Ashley Madison customer data as well as a trove of the CEO’s email messages. One of the files included approx. 36 mil hashed passwords. These passwords were each hashed, with a salt, using biometric cryptography [230] (https://www.usenix.org/legacy/event/usenix99/provos/provos.pdf ), which is a hash function based on the Blowfish block cipher [252] (http://www.schneier.com/blowfish.html ). The biometric cryptography hash includes a “cost” parameter, and each hash uses 2cost rounds of a modified form of the Blowfish key schedule algorithm. For the Ashley Madison passwords, cost = 12, so the required time to crack passwords should be at least 4096 times greater, as compared to an optimized version of the hash. Answer parts a – c based on the info in the article [122] (http://arstechnica.com/security/2015/08/cracking-all-hacked-ashley-madison-passwords-could-take-a-lifetime/ )

a) For the particular hardware configuration discussed in the article, how many Ashley Madison passwords (i.e. biometric cryptography hashes with cost = 12) could be tested per sec? With the same hardware, how many MD5 hashes could be tested per sec?

b) Within a few days of the release of the Ashley Madison files, about 4000 passwords were cracked. Using the rates from part a. and assuming the same rate of success, how many passwords could have been cracked in this same amount of time, assuming that MD5 with salt had been used instead of bycrpt? The article also states that if MD5 had been used. It would have taken “only” 3.7 years to crack all the passwords. Explain any discrepancy between this number and your estimate.

c) The article also claims that it would have taken 116,958 years to crack all 36 mil Ashley Madison passwords. As mentioned above, the article claims that if MD5 had been used, it would only take 3.7 yrs. This implies a ratio of 116,958/3.7 = 36610. That is, the biometric cryptography hash is 31,610 times slower to test on this specific hardware. Is this number consistent with the results from part a? Explain

d) An alternative to biometric cryptography is the Password-Based Key Derivation Function (PBKDF2), which is described in RFC 2898 [156] (https://tools.ietf.org/html/rfc2898 )

Explanation / Answer

written a popular blog about internet security, analysing thefts of consumer data from big companies around the world, Tesco, Adobe, Domino’s Pizza among them. Now Krebs, as his weekend came to an end, was being tipped off about a more sensational breach. An anonymous informant had emailed him a list of links, directing him to caches of data that had been stolen from servers at a Canadian firm called Avid Life Media (ALM). Krebs vaguely knew of ALM. For years it had run a notorious, widely publicised web service called Ashley Madison, a dating site founded in 2008 with the explicit intention of helping married people have affairs with each other. “Life is short. Have an affair” was the slogan Ashley Madison used.

At the time Krebs received his tip-off, Ashley Madison claimed to have an international membership of 37.6 million, all of them assured that their use of this service would be “anonymous”, “100% discreet”. Only now Krebs was looking at the real names and the real credit-card numbers of Ashley Madison members. He was looking at street addresses and postcodes. Among documents in the leaked cache, Krebs found a list of telephone numbers for senior executives at ALM and Ashley Madison. He even found the personal mobile number of the CEO, a Canadian called Noel Biderman.

Some people found they could be identified by their height, weight, and erotic desires

“How you doing?” Krebs asked Biderman when he dialled and got through – still not sure, until this moment, that he was on to a legitimate story.

Only a few hours later, in the west of England, a contentedly married man we’ll call Michael woke up and went through his usual Monday-morning routine. Coffee. Email. A skim of the news online. Already Krebs’s storyabout a hack of servers at Ashley Madison had been picked up by prominent media agencies. The story was a lead item on every news page Michael browsed. Infidelity site hacked, he read; a group calling itself the Impact Team claiming responsibility and threatening to release a full database of Ashley Madison customers, present and past, inside a month. More than 30 million people in more than 40 countries affected.

Though in the days to come the number of active users of Ashley Madison’s service would be disputed – was that figure of 37.6 million for real? – Michael could say for sure there were many authentic adulterers who used the site because he was one of them. “I’d taken some elementary precautions,” Michael told me recently, explaining that he’d registered on Ashley Madison with a secret email address and chosen a username by which he couldn’t be personally identified. He had uploaded a photograph. He was experienced enough with adultery websites – Ashley Madison and a British equivalent called Illicit Encounters – to know that “if you don’t put a photo up you won’t get many responses”. But the picture he chose was small and he was wearing sunglasses in it. “Deniable,” Michael said.

Whenever he visited the site he was careful. If he wanted to log on to Ashley Madison to speak to women he would only do so on a work laptop he kept in his office at home. Michael had six internet browsers installed on the laptop, and one of these browsers could only be loaded via external hard drive – this was the browser he used to arrange affairs. So Michael was “irritated and surprised” to realise, that Monday morning, that his elaborate precautions had been pointless. He tried to work out ways in which he would be exposed if the hackers went through with their threat to release Ashley Madison’s customer database.

Related Questions

Asap 19. 0() s 20. O(n) is 21. A hashing function matches fronm would be the bes
Question #3706988
Asap upvote guarantee QUESTION 4 An American company produces $10 million worth
Question #1162407
Asap upvote guarantee QUESTION 4 points Sav Using the information below, answer
Question #1162429
Asap upvote guarantee QUESTION 5 A Japanese consultancy firm operating in New Yo
Question #1162408
Asap upvote guarantee QUESTION 7 An unusually large age cohort (e.g. the baby bo
Question #1162412
Asap upvote guarantee QUESTION Suppose the production function is given by Y K1/
Question #1162413
Asap333 The context for the set of questions below is a gas-fired industrial boi
Question #2073513
Asbestos is a material that was once used extensively in construction. One risk
Question #199876
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Ashley Latham | 3/7/18 6:13 PM Homework: Homework 8 (80% required) Save Score: 0
Next
Ashley Nord Online C... x 2 LON-CAPA Railroad Car x C Physics question I Chegg x

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.