CS513 Homework 3: Storing Passwords
General Instructions.
You are expected to work alone on this assignment.
Due October 24, 10am.
No late assignments will be accepted.
Submit your solution using CMS.
Prepare your solution using Word (.doc) or some ascii editor (.txt), as follows:
-
Use 10 point or larger font.
-
Start each problem's solution on a new page.
-
Use at most 1 page per problem.
We discussed in class storing passwords using salt and pepper.
For each user id uidi, a password file contains
the triple
< uidi,
salti,
H(passi || salti || ppri)
>
where H is a hash function like MD5 or SHA-1,
passi is the password,
salti is the salt,
and ppri is the pepper.
Two alternatives have been proposed.
Compare each alternative to the above scheme and discuss whether (and how) it is
better or worse.
-
For each user id uidi, the password file instead contains a pair
< uidi,
Epassi(uidi ||
stuffi)
>
where
-
Epassi
is the AES shared-key encryption function where the key is formed
by padding passi as appropriate,
-
stuffi is padding to ensure the input to E long enough, given
the length of uidi.
Here, a login is permitted if a user u provides a password pwd
and the system computes that
Exists Y such that:
Dpwd( X ) = u || Y
holds, where
-
Dpwd is the AES shared-key decryption function where the key is formed
by padding pwd as appropriate, and
-
X denotes the second part of the pair that is found in the password file and
has u as its first part.
-
For each user id uidi, the password file instead contains a triple
< uidi,
Epassi(ni),
H( passi || ni)
>
where
-
Epassi
is the AES shared-key encryption function where the key is formed
by padding passi as appropriate,
-
ni is a nonce padded as appropriate to be an input
to E, and
-
H is hash function like MD5 or SHA-1.
Here, a login is permitted if a user u provides a password pwd
and the system computes that
where Y denotes the third part of the password file's triple
having as its first part user id u;
X denotes the second part of that triple.