Homework Help is Here – Start Your Trial Now!
Engineering
Computer Science
we calculate these bits of entropy? NIST has proposed the following rules to calculate the number of bits of entropy for a password: 1. The first byte counts as 4 bits. 2. The next 7 bytes count as 2 bits each. 3. The next 12 bytes count as 1.5 bits each. 4. Anything beyond that counts as 1 bit each. 5. Mixed case + nonalphanumeric = 2 to 6 more bits, depending on complexity. For example, let's evaluate the following password's entropy: Pa$$word (one you shouldn't use). Recall that each letter is represented as 1 byte. - The first byte counts as 4 bits; therefore, "P" gives us 4 bits of entropy. - The next 7 bytes count as 2 bits each; therefore, "a$$wOrd" gives us 7 x 2 bits 14 additional bits of entropy. - Mixed case + nonalphanumeric can give us up to 6 extra bits. Let's stay conservative and count 2 bits for these characters in our password, because the symbols are a close match for letters.

we calculate these bits of entropy? NIST has proposed the following rules to calculate the number of bits of entropy for a password: 1. The first byte counts as 4 bits. 2. The next 7 bytes count as 2 bits each. 3. The next 12 bytes count as 1.5 bits each. 4. Anything beyond that counts as 1 bit each. 5. Mixed case + nonalphanumeric = 2 to 6 more bits, depending on complexity. For example, let's evaluate the following password's entropy: Pa$$word (one you shouldn't use). Recall that each letter is represented as 1 byte. - The first byte counts as 4 bits; therefore, "P" gives us 4 bits of entropy. - The next 7 bytes count as 2 bits each; therefore, "a$$wOrd" gives us 7 x 2 bits 14 additional bits of entropy. - Mixed case + nonalphanumeric can give us up to 6 extra bits. Let's stay conservative and count 2 bits for these characters in our password, because the symbols are a close match for letters.

Database System Concepts
Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
See similar textbooks
icon
Related questions
Question
page336 336 Chapter 11 Network Security informed of the departure and accounts remain in the system. For example, an examination of the user accounts at the University of Georgia found 30% belonged to staff members no longer employed by the university. If the staff member's departure was not friendly, there is a risk that he or she may attempt to access data and resources and use them for personal gain, or destroy them to get back at the organization. Many systems permit the network manager to assign expiration dates to user accounts to ensure that unused profiles are automatically deleted or deactivated, but these actions do not replace the need to notify network managers about an employee's departure as part of the standard human resources procedures. MANAGEMENT 11-9 Selecting Passwords FOCUS The keys to users' accounts are passwords-we all force attack? Well, we have 220 possibilities, and if a com- know this. The stronger the password, the more secure is your account. But what does it mean to have a "strong" approximately 17 minutes to break this password. We can password? We all heard that we shouldn't pick keyboard agree that this is a very easy password to remember, but it patterns or names of family members or pets. But then different organizations have different rules for how create strong passwords. Some might not give you any without guidelines, whereas others are strict about how many puter can guess 1,000 guesses per second it would take us is also very easy to break. So how can we increase our password strength t making it almost impossible to remember it? More companies are moving to passphrases instead of letters you should use, numbers, and special passwords. A passphrase is simply four or more words that is not a common phrase such as a line from a song or The National Institute of Standards and Technology movie. Let's look at the following password that uses four common words: horses love eating apples (without the spaces between the words). This password has 4 (for "h") + 14 (for "orseslov") + 18 (for "eeatingapple") + 1 (for "s") = 37 bits of entropy. It would take 4.35 years for a this characters you should use. (NIST) advises that the password strength boils down to the number of bits of entropy that a password has. So how can we calculate these bits of entropy? NIST has proposed the following rules to calculate the number of bits of entropy for a password: 1. The first byte counts as 4 bits. + 1o computer guessing 1,000 guesses per second to break password. You can increase the strength of this password by adding spaces between the words or a few numbers at the end. This will then become a very easy password to 2. The next 7 bytes count as 2 bits each. 3. The next 12 bytes count as 1.5 bits each. 4. Anything beyond that counts as 1 bit each. 5. Mixed case + nonalphanumeric = 2 to 6 more bits, depending on complexity. remember but a very difficult one to crack. General rules: For example, let's evaluate the following password's entropy: Pa$$wOrd (one you shouldn't use). Recall that each letter is represented as 1 byte. - The first byte counts as 4 bits; therefore, "p" gives us 4 bits of entropy. 1 The next 7 bytes count as 2 bits each; therefore, "a$$wOrd" gives us 7 x 2 bits = 14 additional bits of entropy. 1 Mixed case + nonalphanumeric can give us up to 6 extra bits. Let's stay conservative and count 2 bits for these characters in our password, because the symbols are a close match for letters. - Use passphrases, not passwords. Choose three or four easily remembered words. 1 Longer is better. We recommend passphrases that are at least 15 characters long. 1 Don't use the same passphrase everywhere. Instead, create a general passphrase you use but customize it for each site that requires a password by adding some numbers to it. For example, count the number of times the letter "a" in the URL of the website you are logging in to and add that to the end of your usual passphrase to create a unique passphrase just for that site. 1 Always choose a unique passphrase for every high-risk site, such as your bank. appears The total number of bits of entropy for our password is 20. How long will it take to crack this password using a brute
Transcribed Image Text:page336 336 Chapter 11 Network Security informed of the departure and accounts remain in the system. For example, an examination of the user accounts at the University of Georgia found 30% belonged to staff members no longer employed by the university. If the staff member's departure was not friendly, there is a risk that he or she may attempt to access data and resources and use them for personal gain, or destroy them to get back at the organization. Many systems permit the network manager to assign expiration dates to user accounts to ensure that unused profiles are automatically deleted or deactivated, but these actions do not replace the need to notify network managers about an employee's departure as part of the standard human resources procedures. MANAGEMENT 11-9 Selecting Passwords FOCUS The keys to users' accounts are passwords-we all force attack? Well, we have 220 possibilities, and if a com- know this. The stronger the password, the more secure is your account. But what does it mean to have a "strong" approximately 17 minutes to break this password. We can password? We all heard that we shouldn't pick keyboard agree that this is a very easy password to remember, but it patterns or names of family members or pets. But then different organizations have different rules for how create strong passwords. Some might not give you any without guidelines, whereas others are strict about how many puter can guess 1,000 guesses per second it would take us is also very easy to break. So how can we increase our password strength t making it almost impossible to remember it? More companies are moving to passphrases instead of letters you should use, numbers, and special passwords. A passphrase is simply four or more words that is not a common phrase such as a line from a song or The National Institute of Standards and Technology movie. Let's look at the following password that uses four common words: horses love eating apples (without the spaces between the words). This password has 4 (for "h") + 14 (for "orseslov") + 18 (for "eeatingapple") + 1 (for "s") = 37 bits of entropy. It would take 4.35 years for a this characters you should use. (NIST) advises that the password strength boils down to the number of bits of entropy that a password has. So how can we calculate these bits of entropy? NIST has proposed the following rules to calculate the number of bits of entropy for a password: 1. The first byte counts as 4 bits. + 1o computer guessing 1,000 guesses per second to break password. You can increase the strength of this password by adding spaces between the words or a few numbers at the end. This will then become a very easy password to 2. The next 7 bytes count as 2 bits each. 3. The next 12 bytes count as 1.5 bits each. 4. Anything beyond that counts as 1 bit each. 5. Mixed case + nonalphanumeric = 2 to 6 more bits, depending on complexity. remember but a very difficult one to crack. General rules: For example, let's evaluate the following password's entropy: Pa$$wOrd (one you shouldn't use). Recall that each letter is represented as 1 byte. - The first byte counts as 4 bits; therefore, "p" gives us 4 bits of entropy. 1 The next 7 bytes count as 2 bits each; therefore, "a$$wOrd" gives us 7 x 2 bits = 14 additional bits of entropy. 1 Mixed case + nonalphanumeric can give us up to 6 extra bits. Let's stay conservative and count 2 bits for these characters in our password, because the symbols are a close match for letters. - Use passphrases, not passwords. Choose three or four easily remembered words. 1 Longer is better. We recommend passphrases that are at least 15 characters long. 1 Don't use the same passphrase everywhere. Instead, create a general passphrase you use but customize it for each site that requires a password by adding some numbers to it. For example, count the number of times the letter "a" in the URL of the website you are logging in to and add that to the end of your usual passphrase to create a unique passphrase just for that site. 1 Always choose a unique passphrase for every high-risk site, such as your bank. appears The total number of bits of entropy for our password is 20. How long will it take to crack this password using a brute
9. Refer to "Selecting passwords" on page 337 to determine the entropy of the following password "R@pt0r" and estimate how long it will take a computer that can guess 100 guesses in a second to crack this password.
Transcribed Image Text:9. Refer to "Selecting passwords" on page 337 to determine the entropy of the following password "R@pt0r" and estimate how long it will take a computer that can guess 100 guesses in a second to crack this password.
Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 2 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer
Knowledge Booster
Encryption and decryption
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education
SEE MORE TEXTBOOKS