Question 1. Let H: {0,1}* → {0, 1}" be a hash function that achieves the one-way and collision resistance security properties. (b). Show that the new function H' achieves collision resistance. Suppose that we want to use H for the deployment of a password-based user authentication mechanism that is a variant of the standard password hashing mechanism as follows: when loading a new password P selected by the user with ID U, instead of choosing a random salt, the password P is hashed. Then, the n-bit digest H(P) and password P serve as inputs to produce a fixed-length hash code. Namely, the information that is stored in the password file is the triple (U, H(P), H(H(P)||P)). During password verification for user ID U, the system receives a password P* and (i) computes H(P*), (ii) computes H(H(P*)||P*), and (iii) checks if H(H(P*)||P*) matches the value H(H(P)||P) that is stored for U. 1 Does the aforementioned mechanism provide protection against offline dictionary attacks? Justify your answer. Recall that in such an at- tack, the attacker obtains the system password file and compares the password hashes against precomputed hashes of commonly used pass- words.

icon
Related questions
Question
Question 1. Let H: {0,1}* → {0, 1}" be a hash function that achieves
the one-way and collision resistance security properties.
(b).
Show that the new function H' achieves collision resistance.
Suppose that we want to use H for the deployment of a
password-based user authentication mechanism that is a variant of
the standard password hashing mechanism as follows: when loading a
new password P selected by the user with ID U, instead of choosing
a random salt, the password P is hashed. Then, the n-bit digest
H(P) and password P serve as inputs to produce a fixed-length hash
code. Namely, the information that is stored in the password file is the
triple (U, H(P), H(H(P)||P)). During password verification for user
ID U, the system receives a password P* and (i) computes H(P*), (ii)
computes H(H(P*)||P*), and (iii) checks if H(H(P*)||P*) matches
the value H(H(P)||P) that is stored for U.
1
Does the aforementioned mechanism provide protection against offline
dictionary attacks? Justify your answer. Recall that in such an at-
tack, the attacker obtains the system password file and compares the
password hashes against precomputed hashes of commonly used pass-
words.
Transcribed Image Text:Question 1. Let H: {0,1}* → {0, 1}" be a hash function that achieves the one-way and collision resistance security properties. (b). Show that the new function H' achieves collision resistance. Suppose that we want to use H for the deployment of a password-based user authentication mechanism that is a variant of the standard password hashing mechanism as follows: when loading a new password P selected by the user with ID U, instead of choosing a random salt, the password P is hashed. Then, the n-bit digest H(P) and password P serve as inputs to produce a fixed-length hash code. Namely, the information that is stored in the password file is the triple (U, H(P), H(H(P)||P)). During password verification for user ID U, the system receives a password P* and (i) computes H(P*), (ii) computes H(H(P*)||P*), and (iii) checks if H(H(P*)||P*) matches the value H(H(P)||P) that is stored for U. 1 Does the aforementioned mechanism provide protection against offline dictionary attacks? Justify your answer. Recall that in such an at- tack, the attacker obtains the system password file and compares the password hashes against precomputed hashes of commonly used pass- words.
Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 1 steps

Blurred answer
Similar questions
  • SEE MORE QUESTIONS