Related questions
We saw in class that password management is a complex problem with multiple dimensions to it.
Within the realm of password set-up rules, many factors including human memory limitaJons with long
and complex passwords, overhead in frequently asking users to change passwords, attacker capabilities
and more must be balanced against providing robust and secure Authentication.
For this assignment, imagine that you are taking over as the Authentication Manager of an IT firm, and
you identify that things were done ad-hoc in the past. For the particular case of password set-up, the
users could choose from a set of 62 characters (lower/ upper case alphabets and ten digits), and a
password length of ten characters was fixed. You consider a powerful attacker that can guess 10,000
passwords in one second.
a)If instead of 62 characters, you allow 94 characters to choose from. For password
lengths of 12, 14 and 16, compute the probability that a password in your organization is
correctly guessed by the adversary in one year period
perspective –
• Increasing length of a password, while fixing the number of characters to choose from, or
• Fixing the length of the password, but increasing the number of characters to choose from.
Please justify your answer.
to generate a solution
a solution
- You may describe a challenge-response authentication system in your own terms. What benefits do they have over a standard password-based system?arrow_forwardI would appreciate it if you could explain the need of designing a challenge-response authentication system so that I may have a better understanding of it. Solutions that rely on passwords are far less secure than the one that has been implemented here.arrow_forwardDescribe a "authentication challenge-response system" and give some examples of how it could be used. What are the specific benefits of this method over others, like those that require passwords?arrow_forward
- In the context of authentication, please elaborate on the idea of a challenge-response system. Is this strategy more secure than a conventional one that depends on passwords?arrow_forwardGive a description of the term "authentication challenge-response system" and some examples of how it is used. How does this method improve security compared to others, such as those that require passwords?arrow_forwardDefine a challenge-and-response authentication system in your own words. Don't paraphrase, please. Why is this authentication technique preferable than using a password if passwords may be easily cracked?arrow_forward
- Describe a challenge-response authentication system. Be distinct. Why is this authentication mechanism superior to a password, given that passwords are so insecure?arrow_forwardDescribe a "authentication challenge-response system" and provide examples of how it could be implemented. What advantages does this method have over others, such as those requiring passwords?arrow_forwardI have a sketchy idea of what multifactor authentication entails. So how does it aid in preventing the abuse of stolen or leaked passwords?arrow_forward
- Define a "authentication challenge-response system" and provide some examples of its use. Why is this method preferable than password-based ones?arrow_forwardUse your own words to explain a challenge-and-response authentication system. Why is this authentication technique better than using a password when passwords are so insecure?arrow_forwardClarify the term "authentication challenge-response system" and its relevance to the topic at hand. How does it improve upon the standard password-based security mechanism in use today?arrow_forward