We saw in class that password management is a complex problem with mulJple dimensions to it.Within the realm of password set-up rules, many factors including human memory limitations with longand complex passwords, overhead in frequently asking users to change passwords, attacker capabilitiesand more must be balanced against providing robust and secure authentication.For this assignment, imagine that you are taking over as the Authentication Manager of an IT firm, andyou identify that things were done ad-hoc in the past. For the particular case of password set-up, theusers could choose from a set of 62 characters (lower/ upper case alphabets and ten digits), and apassword length of ten characters was fixed. You consider a powerful attacker that can guess 10,000passwords in one second. a. In order to evaluate the strength of these rules from the perspective of an attackercorrectly guessing a user’s password, what formal method/principle, you will use for yoursolution? You must state the method, and describe parameters involved in it.b. In one year period, what will be probability that a password in your organization iscorrectly guessed by the adversary?c. For password lengths of 12, 14 and 16, compute the probability that a password inyour organization is correctly guessed by the adversary in one year period. Users can sJll choosefrom 62 characters only.d. If instead of 62 characters, you allow 94 characters to choose from. For passwordlengths of 12, 14 and 16, compute the probability that a password in your organization iscorrectly guessed by the adversary in one year period.e. Based on answers above, which solution will you prefer from a password protectionperspective –• Increasing length of a password, while fixing the number of characters to choose from, or• Fixing the length of the password, but increasing the number of characters to choose from.Please justify your answer.
We saw in class that password management is a complex problem with mulJple dimensions to it.
Within the realm of password set-up rules, many factors including human memory limitations with long
and complex passwords, overhead in frequently asking users to change passwords, attacker capabilities
and more must be balanced against providing robust and secure authentication.
For this assignment, imagine that you are taking over as the Authentication Manager of an IT firm, and
you identify that things were done ad-hoc in the past. For the particular case of password set-up, the
users could choose from a set of 62 characters (lower/ upper case alphabets and ten digits), and a
password length of ten characters was fixed. You consider a powerful attacker that can guess 10,000
passwords in one second.
a. In order to evaluate the strength of these rules from the perspective of an attacker
correctly guessing a user’s password, what formal method/principle, you will use for your
solution? You must state the method, and describe parameters involved in it.
b. In one year period, what will be probability that a password in your organization is
correctly guessed by the adversary?
c. For password lengths of 12, 14 and 16, compute the probability that a password in
your organization is correctly guessed by the adversary in one year period. Users can sJll choose
from 62 characters only.
d. If instead of 62 characters, you allow 94 characters to choose from. For password
lengths of 12, 14 and 16, compute the probability that a password in your organization is
correctly guessed by the adversary in one year period.
e. Based on answers above, which solution will you prefer from a password protection
perspective –
• Increasing length of a password, while fixing the number of characters to choose from, or
• Fixing the length of the password, but increasing the number of characters to choose from.
Please justify your answer.
Unlock instant AI solutions
Tap the button
to generate a solution