We saw in class that password management is a complex problem with multiple dimensions to it.Within the realm of password set-up rules, many factors including human memory limitaJons with longand complex passwords, overhead in frequently asking users to change passwords, attacker capabilitiesand more must be balanced against providing robust and secure Authentication.For this assignment, imagine that you are taking over as the Authentication Manager of an IT firm, andyou identify that things were done ad-hoc in the past. For the particular case of password set-up, theusers could choose from a set of 62 characters (lower/ upper case alphabets and ten digits), and apassword length of ten characters was fixed. You consider a powerful attacker that can guess 10,000passwords in one second. a)If instead of 62 characters, you allow 94 characters to choose from. For passwordlengths of 12, 14 and 16, compute the probability that a password in your organization iscorrectly guessed by the adversary in one year period b)Based on answers above, which solution will you prefer from a password protectionperspective –• Increasing length of a password, while fixing the number of characters to choose from, or• Fixing the length of the password, but increasing the number of characters to choose from.Please justify your answer.
We saw in class that password management is a complex problem with multiple dimensions to it.
Within the realm of password set-up rules, many factors including human memory limitaJons with long
and complex passwords, overhead in frequently asking users to change passwords, attacker capabilities
and more must be balanced against providing robust and secure Authentication.
For this assignment, imagine that you are taking over as the Authentication Manager of an IT firm, and
you identify that things were done ad-hoc in the past. For the particular case of password set-up, the
users could choose from a set of 62 characters (lower/ upper case alphabets and ten digits), and a
password length of ten characters was fixed. You consider a powerful attacker that can guess 10,000
passwords in one second.
a)If instead of 62 characters, you allow 94 characters to choose from. For password
lengths of 12, 14 and 16, compute the probability that a password in your organization is
correctly guessed by the adversary in one year period
perspective –
• Increasing length of a password, while fixing the number of characters to choose from, or
• Fixing the length of the password, but increasing the number of characters to choose from.
Please justify your answer.
Unlock instant AI solutions
Tap the button
to generate a solution