we calculate these bits of entropy? NIST has proposed the following rules to calculate the number of bits of entropy for a password: 1. The first byte counts as 4 bits. 2. The next 7 bytes count as 2 bits each. 3. The next 12 bytes count as 1.5 bits each. 4. Anything beyond that counts as 1 bit each. 5. Mixed case + nonalphanumeric = 2 to 6 more bits, depending on complexity. For example, let's evaluate the following password's entropy: Pa$$word (one you shouldn't use). Recall that each letter is represented as 1 byte. - The first byte counts as 4 bits; therefore, "P" gives us 4 bits of entropy. - The next 7 bytes count as 2 bits each; therefore, "a$$wOrd" gives us 7 x 2 bits 14 additional bits of entropy. - Mixed case + nonalphanumeric can give us up to 6 extra bits. Let's stay conservative and count 2 bits for these characters in our password, because the symbols are a close match for letters.

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question
page336
336 Chapter 11 Network Security
informed of the departure and accounts remain in the system. For example, an examination
of the user accounts at the University of Georgia found 30% belonged to staff members no
longer employed by the university. If the staff member's departure was not friendly, there is a
risk that he or she may attempt to access data and resources and use them for personal gain,
or destroy them to get back at the organization. Many systems permit the network manager
to assign expiration dates to user accounts to ensure that unused profiles are automatically
deleted or deactivated, but these actions do not replace the need to notify network managers
about an employee's departure as part of the standard human resources procedures.
MANAGEMENT
11-9 Selecting Passwords
FOCUS
The keys to users' accounts are passwords-we all force attack? Well, we have 220 possibilities, and if a com-
know this. The stronger the password, the more secure is
your account. But what does it mean to have a "strong" approximately 17 minutes to break this password. We can
password? We all heard that we shouldn't pick keyboard agree that this is a very easy password to remember, but it
patterns or names of family members or pets. But then
different organizations have different rules for how
create strong passwords. Some might not give you any without
guidelines, whereas others are strict about how many
puter can guess 1,000 guesses per second it would take us
is also very easy to break.
So how can we increase our password strength
t making it almost impossible to remember it?
More companies are moving to passphrases instead of
letters you should use, numbers, and special passwords. A passphrase is simply four or more words
that is not a common phrase such as a line from a song or
The National Institute of Standards and Technology movie. Let's look at the following password that uses four
common words: horses love eating apples (without the
spaces between the words). This password has 4 (for "h")
+ 14 (for "orseslov") + 18 (for "eeatingapple") + 1 (for
"s") = 37 bits of entropy. It would take 4.35 years for a
this
characters you should use.
(NIST) advises that the password strength boils down to the
number of bits of entropy that a password has. So how can
we calculate these bits of entropy? NIST has proposed the
following rules to calculate the number of bits of entropy
for a password:
1. The first byte counts as 4 bits.
+ 1o
computer guessing 1,000 guesses per second to break
password. You can increase the strength of this password
by adding spaces between the words or a few numbers at
the end. This will then become a very easy password to
2. The next 7 bytes count as 2 bits each.
3. The next 12 bytes count as 1.5 bits each.
4. Anything beyond that counts as 1 bit each.
5. Mixed case + nonalphanumeric = 2 to 6
more bits, depending on complexity.
remember but a very difficult one to crack.
General rules:
For example, let's evaluate the following password's
entropy: Pa$$wOrd (one you shouldn't use). Recall that
each letter is represented as 1 byte.
- The first byte counts as 4 bits; therefore, "p" gives
us 4 bits of entropy.
1 The next 7 bytes count as 2 bits each; therefore,
"a$$wOrd" gives us 7 x 2 bits = 14 additional
bits of entropy.
1 Mixed case + nonalphanumeric can give us up
to 6 extra bits. Let's stay conservative and count 2
bits for these characters in our password, because
the symbols are a close match for letters.
- Use passphrases, not passwords. Choose three or
four easily remembered words.
1 Longer is better. We recommend passphrases that
are at least 15 characters long.
1 Don't use the same passphrase everywhere.
Instead, create a general passphrase you use but
customize it for each site that requires a password
by adding some numbers to it. For example,
count the number of times the letter "a"
in the URL of the website you are logging in to
and add that to the end of your usual passphrase
to create a unique passphrase just for that site.
1 Always choose a unique passphrase for every
high-risk site, such as your bank.
appears
The total number of bits of entropy for our password is 20.
How long will it take to crack this password using a brute
Transcribed Image Text:page336 336 Chapter 11 Network Security informed of the departure and accounts remain in the system. For example, an examination of the user accounts at the University of Georgia found 30% belonged to staff members no longer employed by the university. If the staff member's departure was not friendly, there is a risk that he or she may attempt to access data and resources and use them for personal gain, or destroy them to get back at the organization. Many systems permit the network manager to assign expiration dates to user accounts to ensure that unused profiles are automatically deleted or deactivated, but these actions do not replace the need to notify network managers about an employee's departure as part of the standard human resources procedures. MANAGEMENT 11-9 Selecting Passwords FOCUS The keys to users' accounts are passwords-we all force attack? Well, we have 220 possibilities, and if a com- know this. The stronger the password, the more secure is your account. But what does it mean to have a "strong" approximately 17 minutes to break this password. We can password? We all heard that we shouldn't pick keyboard agree that this is a very easy password to remember, but it patterns or names of family members or pets. But then different organizations have different rules for how create strong passwords. Some might not give you any without guidelines, whereas others are strict about how many puter can guess 1,000 guesses per second it would take us is also very easy to break. So how can we increase our password strength t making it almost impossible to remember it? More companies are moving to passphrases instead of letters you should use, numbers, and special passwords. A passphrase is simply four or more words that is not a common phrase such as a line from a song or The National Institute of Standards and Technology movie. Let's look at the following password that uses four common words: horses love eating apples (without the spaces between the words). This password has 4 (for "h") + 14 (for "orseslov") + 18 (for "eeatingapple") + 1 (for "s") = 37 bits of entropy. It would take 4.35 years for a this characters you should use. (NIST) advises that the password strength boils down to the number of bits of entropy that a password has. So how can we calculate these bits of entropy? NIST has proposed the following rules to calculate the number of bits of entropy for a password: 1. The first byte counts as 4 bits. + 1o computer guessing 1,000 guesses per second to break password. You can increase the strength of this password by adding spaces between the words or a few numbers at the end. This will then become a very easy password to 2. The next 7 bytes count as 2 bits each. 3. The next 12 bytes count as 1.5 bits each. 4. Anything beyond that counts as 1 bit each. 5. Mixed case + nonalphanumeric = 2 to 6 more bits, depending on complexity. remember but a very difficult one to crack. General rules: For example, let's evaluate the following password's entropy: Pa$$wOrd (one you shouldn't use). Recall that each letter is represented as 1 byte. - The first byte counts as 4 bits; therefore, "p" gives us 4 bits of entropy. 1 The next 7 bytes count as 2 bits each; therefore, "a$$wOrd" gives us 7 x 2 bits = 14 additional bits of entropy. 1 Mixed case + nonalphanumeric can give us up to 6 extra bits. Let's stay conservative and count 2 bits for these characters in our password, because the symbols are a close match for letters. - Use passphrases, not passwords. Choose three or four easily remembered words. 1 Longer is better. We recommend passphrases that are at least 15 characters long. 1 Don't use the same passphrase everywhere. Instead, create a general passphrase you use but customize it for each site that requires a password by adding some numbers to it. For example, count the number of times the letter "a" in the URL of the website you are logging in to and add that to the end of your usual passphrase to create a unique passphrase just for that site. 1 Always choose a unique passphrase for every high-risk site, such as your bank. appears The total number of bits of entropy for our password is 20. How long will it take to crack this password using a brute
9. Refer to "Selecting passwords" on
page 337 to determine the entropy of
the following password "R@pt0r" and
estimate how long it will take a
computer that can guess 100 guesses
in a second to crack this password.
Transcribed Image Text:9. Refer to "Selecting passwords" on page 337 to determine the entropy of the following password "R@pt0r" and estimate how long it will take a computer that can guess 100 guesses in a second to crack this password.
Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 2 steps

Blurred answer
Knowledge Booster
Encryption and decryption
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education