Question 1. Let H: {0,1}* → {0, 1}" be a hash function that achieves the one-way and collision resistance security properties. (b). Show that the new function H' achieves collision resistance. Suppose that we want to use H for the deployment of a password-based user authentication mechanism that is a variant of the standard password hashing mechanism as follows: when loading a new password P selected by the user with ID U, instead of choosing a random salt, the password P is hashed. Then, the n-bit digest H(P) and password P serve as inputs to produce a fixed-length hash code. Namely, the information that is stored in the password file is the triple (U, H(P), H(H(P)||P)). During password verification for user ID U, the system receives a password P* and (i) computes H(P*), (ii) computes H(H(P*)||P*), and (iii) checks if H(H(P*)||P*) matches the value H(H(P)||P) that is stored for U. 1 Does the aforementioned mechanism provide protection against offline dictionary attacks? Justify your answer. Recall that in such an at- tack, the attacker obtains the system password file and compares the password hashes against precomputed hashes of commonly used pass- words.
Question 1. Let H: {0,1}* → {0, 1}" be a hash function that achieves the one-way and collision resistance security properties. (b). Show that the new function H' achieves collision resistance. Suppose that we want to use H for the deployment of a password-based user authentication mechanism that is a variant of the standard password hashing mechanism as follows: when loading a new password P selected by the user with ID U, instead of choosing a random salt, the password P is hashed. Then, the n-bit digest H(P) and password P serve as inputs to produce a fixed-length hash code. Namely, the information that is stored in the password file is the triple (U, H(P), H(H(P)||P)). During password verification for user ID U, the system receives a password P* and (i) computes H(P*), (ii) computes H(H(P*)||P*), and (iii) checks if H(H(P*)||P*) matches the value H(H(P)||P) that is stored for U. 1 Does the aforementioned mechanism provide protection against offline dictionary attacks? Justify your answer. Recall that in such an at- tack, the attacker obtains the system password file and compares the password hashes against precomputed hashes of commonly used pass- words.
Related questions
Question
![Question 1. Let H: {0,1}* → {0, 1}" be a hash function that achieves
the one-way and collision resistance security properties.
(b).
Show that the new function H' achieves collision resistance.
Suppose that we want to use H for the deployment of a
password-based user authentication mechanism that is a variant of
the standard password hashing mechanism as follows: when loading a
new password P selected by the user with ID U, instead of choosing
a random salt, the password P is hashed. Then, the n-bit digest
H(P) and password P serve as inputs to produce a fixed-length hash
code. Namely, the information that is stored in the password file is the
triple (U, H(P), H(H(P)||P)). During password verification for user
ID U, the system receives a password P* and (i) computes H(P*), (ii)
computes H(H(P*)||P*), and (iii) checks if H(H(P*)||P*) matches
the value H(H(P)||P) that is stored for U.
1
Does the aforementioned mechanism provide protection against offline
dictionary attacks? Justify your answer. Recall that in such an at-
tack, the attacker obtains the system password file and compares the
password hashes against precomputed hashes of commonly used pass-
words.](/v2/_next/image?url=https%3A%2F%2Fcontent.bartleby.com%2Fqna-images%2Fquestion%2F76a38be8-a1f5-46f2-a405-6a748a1c86fe%2Ff13b0ab0-3994-4e7a-8662-dad85ca7affd%2F52j553x_processed.png&w=3840&q=75)
Transcribed Image Text:Question 1. Let H: {0,1}* → {0, 1}" be a hash function that achieves
the one-way and collision resistance security properties.
(b).
Show that the new function H' achieves collision resistance.
Suppose that we want to use H for the deployment of a
password-based user authentication mechanism that is a variant of
the standard password hashing mechanism as follows: when loading a
new password P selected by the user with ID U, instead of choosing
a random salt, the password P is hashed. Then, the n-bit digest
H(P) and password P serve as inputs to produce a fixed-length hash
code. Namely, the information that is stored in the password file is the
triple (U, H(P), H(H(P)||P)). During password verification for user
ID U, the system receives a password P* and (i) computes H(P*), (ii)
computes H(H(P*)||P*), and (iii) checks if H(H(P*)||P*) matches
the value H(H(P)||P) that is stored for U.
1
Does the aforementioned mechanism provide protection against offline
dictionary attacks? Justify your answer. Recall that in such an at-
tack, the attacker obtains the system password file and compares the
password hashes against precomputed hashes of commonly used pass-
words.
Expert Solution
![](/static/compass_v2/shared-icons/check-mark.png)
This question has been solved!
Explore an expertly crafted, step-by-step solution for a thorough understanding of key concepts.
This is a popular solution!
Trending now
This is a popular solution!
Step by step
Solved in 1 steps
![Blurred answer](/static/compass_v2/solution-images/blurred-answer.jpg)