Reference no: EM133383080
User Authentication, Access Control
Question 1
Password strength is an important aspect of user authentication. Given the following passwords, and the multiple types of password attacks discussed in the chapter, explain why each one of these passwords may be good (strong, hard to crack) or bad (weak, easily crack-able) and by what type of attack. Present your answer as a table using the structure below. You must use full sentences/paragraphs to receive credit, no bullets or scattered words.
|
Password
|
Explain Password Strength
|
Possible Attack Type
|
a.
|
KHG 1971
|
|
|
b.
|
ArmStrong89
|
|
|
c.
|
iLoToWaSo (I love to watch soccer)
|
|
|
d.
|
PhiladelphiaCity2021
|
|
|
Question 2
The ASCII character table contains 127 characters. However, 33 are non-printable so they can't be used in passwords, leaving 95 printable characters. Assume that passwords on a server must be exactly 10 characters long.
a. Given these constraints, how many possible passwords can be generated?
b. You have a password cracker that can crack 50 million passwords per second. How long will it take to test all possible passwords from the previous answer (a)?
You must show and explain your work and calculations to receive credit.
Question 3
Consider a system with three users: Alice, Jin and Priya. Each owns files alicerc, jinrc and priyarc correspondingly. Jin and Priya can read alicerc, Priya can read and write jinrc, Alice can read jinrc. Only Alice can read and write alicerc, the file she owns. Assume that each file can be executed by its owner.
a. Create the access control matrix that describes the system.
b. Create access control lists for all three files.
Question 4
Using a directed graph to represent each subject and each object by a node, depict the protection state shown in the discretionary access control (DAC) model described in the textbook1. An entity which is both subject and object is represented by a single node. A directed line from a subject to object indicates an access right. A label on that link defines the type of access right. Draw a directed graph that corresponds to the access matrix of Fig. A (see next page).