Password management schemes are complex in ITsystems. Consider an IT company that does not want users to choosepasswords from a database of easily guessable passwords during accountregistra8on. The challenge is how to implement this mechanism. Oneapproach is to store all these guessable passwords in a database and checkevery password chosen during registra8on against this database. a) What isthe security problem in this implementa8on?ANer listening to you, the company has the following expecta8ons for a newsolu8on. Your solu8on should have the following proper8es – There shouldbe no False Nega8ves (a guessable (bad) password should not be mistakenlyiden8fied as a non-guessable (good) password); Some False Posi8ves aretolerated (a very small number of non-guessable (good) passwords can beiden8fied as guessable (bad) passwords by mistake); The guessablepasswords should not be stored in plain text; The solu8on should be spaceefficient; It should be fast. b) Iden8fy another solu8on to this problem thatmeets these expecta8ons. c) Analyze and explain how each property is metin your iden8fied solu8on.Your company has an addi8onal requirement. They want users to betransparent to the fact that your solu8on is execu8ng in the background toprotect them against bad passwords. So, they are reques8ng you toconsider this in your implementa8on. d) What design principle is thisrequirement referring to and jus8fy your answer, and e) why is this principleimportant in cybersecurity?

icon
Related questions
Question
Password management schemes are complex in IT
systems. Consider an IT company that does not want users to choose
passwords from a database of easily guessable passwords during account
registra8on. The challenge is how to implement this mechanism. One
approach is to store all these guessable passwords in a database and check
every password chosen during registra8on against this database. a) What is
the security problem in this implementa8on?
ANer listening to you, the company has the following expecta8ons for a new
solu8on. Your solu8on should have the following proper8es – There should
be no False Nega8ves (a guessable (bad) password should not be mistakenly
iden8fied as a non-guessable (good) password); Some False Posi8ves are
tolerated (a very small number of non-guessable (good) passwords can be
iden8fied as guessable (bad) passwords by mistake); The guessable
passwords should not be stored in plain text; The solu8on should be space
efficient; It should be fast. b) Iden8fy another solu8on to this problem that
meets these expecta8ons. c) Analyze and explain how each property is met
in your iden8fied solu8on.
Your company has an addi8onal requirement. They want users to be
transparent to the fact that your solu8on is execu8ng in the background to
protect them against bad passwords. So, they are reques8ng you to
consider this in your implementa8on. d) What design principle is this
requirement referring to and jus8fy your answer, and e) why is this principle
important in cybersecurity?
 
 
Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 2 steps

Blurred answer