Computer Security: Art and Science

12.10 Exercises

1:
Prove Theorem 12�1.
2:
A system allows the user to choose a password with a length of one to eight characters, inclusive. Assume that 10,000 passwords can be tested per second. The system administrators want to expire passwords once they have a probability of 0.10 of having been guessed. Determine the expected time to meet this probability under each of the following conditions.

Password characters may be any ASCII characters from 1 to 127, inclusive.
Password characters may be any alphanumeric characters ("A" through "Z," "a" through "z," and "0" through "9").
Password characters must be digits.
3:
Anderson's Formula assumes that all passwords are equally likely to be chosen. Generalize the formula to handle cases where the probability of the ith string in a set of possible passwords is p_i.
4:
Classify the following proposed passwords as good choices or poor choices, and justify your reasoning.

Mary
go2work
cat&dog
3.1515pi
5:
The strings used as examples of good passwords are constructed to make them difficult to guess. Yet the particular good passwords in this chapter should not be used as passwords. Why not?
6:
If password aging is based on previous passwords, why should those previous passwords not be stored in the clear on disk?
7:
Why should salts be chosen at random?
8:
Does using passwords with salts make attacking a specific account more difficult than using passwords without salts? Explain why or why not.
9:
Show that a system using an EKE scheme is vulnerable to a dictionary attack of type 2.
10:
The designers of the UNIX password algorithm used a 12-bit salt to perturb the first and third sets of 12 entries in the E-table of the UNIX hashing function (the DES). Consider a system with 2²⁴ users. Assume that each user is assigned a salt from a uniform random distribution and that anyone can read the password hashes and salts for the users.

What is the expected time to find all users' passwords using a dictionary attack?
Assume that eight more characters were added to the password and that the DES algorithm was changed so as to use all 16 password characters. What would be the expected time to find all users' passwords using a dictionary attack?
Assume that the passwords were eight characters long but that the salt length was increased to 24 bits. Again, the salts (and the corresponding algorithms) are known to all users. What would be the expected time to find all users' passwords using a dictionary attack?
11:
The example describing S/Key stated that "for MD4 and MD5, dictionary attacks are not a threat provided the seeds are chosen randomly." Why? How realistic is this assumption?
12:
Why should a time-based authentication system invalidate the current password on a successful authentication?
13:
A computer system uses biometrics to authenticate users. Discuss ways in which an attacker might try to spoof the system under each of the following conditions.

The biometric hardware is directly connected to the system, and the authentication software is loaded onto the system.
The biometric hardware is on a stand-alone computer connected to the system, and the authentication software on the stand-alone computer sends a "yes" or "no" to the system indicating whether or not the user has been authenticated.
14:
What complications arise in dynamic keystroke monitoring as a biometric authentication mechanism when the user's keystrokes are sent over the Internet? In particular, what characteristics of the keystroke sequences are valid, and which ones are distorted by the network?
15:
PAM can be used to provide authorization as well as authentication. Design a set of modules for the PAM scheme that implements the Chinese Wall model.

Top

1:	Prove Theorem 12�1.
2:	A system allows the user to choose a password with a length of one to eight characters, inclusive. Assume that 10,000 passwords can be tested per second. The system administrators want to expire passwords once they have a probability of 0.10 of having been guessed. Determine the expected time to meet this probability under each of the following conditions. Password characters may be any ASCII characters from 1 to 127, inclusive. Password characters may be any alphanumeric characters ("A" through "Z," "a" through "z," and "0" through "9"). Password characters must be digits.
3:	Anderson's Formula assumes that all passwords are equally likely to be chosen. Generalize the formula to handle cases where the probability of the ith string in a set of possible passwords is p_i.
4:	Classify the following proposed passwords as good choices or poor choices, and justify your reasoning. Mary go2work cat&dog 3.1515pi
5:	The strings used as examples of good passwords are constructed to make them difficult to guess. Yet the particular good passwords in this chapter should not be used as passwords. Why not?
6:	If password aging is based on previous passwords, why should those previous passwords not be stored in the clear on disk?
7:	Why should salts be chosen at random?
8:	Does using passwords with salts make attacking a specific account more difficult than using passwords without salts? Explain why or why not.
9:	Show that a system using an EKE scheme is vulnerable to a dictionary attack of type 2.
10:	The designers of the UNIX password algorithm used a 12-bit salt to perturb the first and third sets of 12 entries in the E-table of the UNIX hashing function (the DES). Consider a system with 2²⁴ users. Assume that each user is assigned a salt from a uniform random distribution and that anyone can read the password hashes and salts for the users. What is the expected time to find all users' passwords using a dictionary attack? Assume that eight more characters were added to the password and that the DES algorithm was changed so as to use all 16 password characters. What would be the expected time to find all users' passwords using a dictionary attack? Assume that the passwords were eight characters long but that the salt length was increased to 24 bits. Again, the salts (and the corresponding algorithms) are known to all users. What would be the expected time to find all users' passwords using a dictionary attack?
11:	The example describing S/Key stated that "for MD4 and MD5, dictionary attacks are not a threat provided the seeds are chosen randomly." Why? How realistic is this assumption?
12:	Why should a time-based authentication system invalidate the current password on a successful authentication?
13:	A computer system uses biometrics to authenticate users. Discuss ways in which an attacker might try to spoof the system under each of the following conditions. The biometric hardware is directly connected to the system, and the authentication software is loaded onto the system. The biometric hardware is on a stand-alone computer connected to the system, and the authentication software on the stand-alone computer sends a "yes" or "no" to the system indicating whether or not the user has been authenticated.
14:	What complications arise in dynamic keystroke monitoring as a biometric authentication mechanism when the user's keystrokes are sent over the Internet? In particular, what characteristics of the keystroke sequences are valid, and which ones are distorted by the network?
15:	PAM can be used to provide authorization as well as authentication. Design a set of modules for the PAM scheme that implements the Chinese Wall model.