Suppose a user employs one-time passwords as above (or, for that matter, reusable passwords), but that the password is transmitted sufficiently slowly. (a) Show that an eavesdropper can gain access to the remote server with a relatively modest number of guesses. (Hint: The eavesdropper starts guessing after the original user has typed all but one character of the password.) (b) To what other attacks might a user of one-time passwords be subject?

Suppose a user employs one-time passwords as above (or, for that matter, reusable passwords), but that the password is transmitted sufficiently slowly. (a) Show that an eavesdropper can gain access to the remote server with a relatively modest number of guesses. (Hint: The eavesdropper starts guessing after the original user has typed all but one character of the password.) (b) To what other attacks might a user of one-time passwords be subject?

Database System Concepts

7th Edition

ISBN:9780078022159

Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Chapter1: Introduction

Section: Chapter Questions

Problem 1PE

See similar textbooks

Similar questions

When an attack is being carried out, what purpose does it serve to employ poison packets? Could you illustrate your point with a few specific instances?
Which mode of operation is the most susceptible to attack when an adversary is able to effectively modify some ciphertext blocks without having knowledge of the key being used?
Is a MAC (message authentication code) capable of modifying the Tag and the ciphertext while they are in transit? This attack will fail because the recipient will always be able to identify a changed Tag/ciphertext.
What happens if an attacker uses a MAC and tries to change both the Tag (the MAC) and the ciphertext as it is being transmitted? Explain why this attack would never succeed since the recipient would be able to recognise a modified Tag or ciphertext.
Consider the following scenario: you receive an email from your company's mail server alerting you that your password has been changed and that you must take action to confirm this. However, as far as you are aware, you have not changed the password. What gives? Why was the password changed, and what could have caused it to be changed? How did an attacker obtain the information they required to successfully reset the password? Was it a virus, and on what systems did it infect?
Consider the following scenario: you get a message from your company's mail server informing you that the password for your account has been changed and that you must confirm the change. According to what you know, you have not altered the password! What may have motivated the password change, and how did it happen? Was it a virus, and if so, on which computers, that may have given an attacker with the information they needed to successfully reset the password?
Give some examples of the many means through which a session may be taken over by an attacker. The question is how one would protect oneself against such an attack.
Is it possible to encrypt the connection as well as the data from end to end? Where is the value in that? Describe an instance in which all available methods of encryption would be beneficial.
What happens if an attacker attempts to modify the Tag (the MAC) and the ciphertext while the message is in transit while using a message authentication code (MAC)? Explain why this kind of attack will never succeed since the recipient would be able to recognise a changed tag or ciphertext.
What happens if an attacker changes the Tag (MAC) and ciphertext of a message while it is in transit? Explain why this attack is unsuccessful and why the receiver will always be able to detect a modified Tag or ciphertext.
An attacker attempts to alter the Tag (the MAC) and the ciphertext in transit while using a MAC (message authentication code). What would happen? Provide a rationale for why this attack will fail, that is, why the receiver will always be able to identify a changed Tag or ciphertext.
Suppose a user employs one-time passwords as above (or, for that matter, reusable passwords), but that the password is transmitted sufficiently slowly. (a) Show that an eavesdropper can gain access to the remote server with a relatively modest number of guesses. (Hint: The eavesdropper starts guessing after the original user has typed all but one character of the password.) (b) To what other attacks might a user of one-time passwords be subject?