Question

A new operating system uses passwords that consist of three characters. Each character must be a digit between 0 and 9. For example, three distinct possible passwords are 123, 416, and 999. The system uses 32-bit salt values. The system also allows one login attempt every second and never locks out users regardless of how many failed attempts occur. If an adversary has obtained a copy of the password file and conducts an offline brute-force attack by trying every password combination until the adversary obtains username and password combination. The use of a 32-bit salt value

Answer 1

Brute force is technique that is used for cracking password

In this case the system uses only three characters(0-9). By applying Brute force attack in "hit and try" manner we easily crack the password.

Step-by-step explanation:

Solution

There are a wide variety of password cracking mechanisms.Brute force is one of the popular password cracking technique.Brute force attack is generally used to crack small passwords.

In the given example the system uses only three characters(0-9).By using Brute force attack in "hit and try" manner we easily crack the password.There are only 10 possible passwords for this type of system.Because we can arrange 0-9 only in 10 ways.But for Systems with long passwords it is difficult to find it in hit and try manner.But instead of having plain password each password have a random salt value.

In a system of 32 bit salt value there are 2^32 different key values.

By increasing the salt value from 32 bits to 64 bits there are 2^64 different key values.It increases the time taken to crack a password for an attacker.so by changing salt value from 32 to 64 bits will make it more harder for the adversary's attack to be successful.