SlideShare a Scribd company logo

IT549 Foundation In Information Assurance Passwords

Download as DOCX, PDF
S
stirlingvwriters

course material

Education
1 of 2
IT549 Foundation In Information Assurance Answers: Alice sends a password, and Bob compares it against a database of passwords. This scenario involves the password-based type of authentication. Passwords exist in the form of letters, numbers, or special characters. However, they are prone to phishing and password attacks. Today, users have different accounts and have a lot of passwords to remember. As a result, users choose convenience over security, and they end up using weak passwords that are easy to remember. If Alice sends a plain password to Bob, an intruder may use it maliciously to obtain confidential information from the database. Also, attackers may target the plain passwords stored in the database (Mohammed et al., 2017). As Kamal (2019) states, plain passwords are protected through hashing. Hashing involves turning a password into a different string of letters and numbers using an encryption algorithm or cryptographic hash function. This method is effective because it is an irreversible one-way function. This way, if the database is hacked or an intruder accesses it, they cannot read the actual password. Also, Alice can hash it before sending it over the network, or the system should incorporate an automatic hashing function when the user keys in the plain password. Alice sends a password, and Bob hashes it and compares it against a database of hashed passwords. Alice sending a plain password to Bob makes the password susceptible to phishing as well. Even though Bob hashes it and compares it to a list of hashed passwords, an intruder may be listening through the transmission channel. Like the previous scenario, the most appropriate solution is hashing the password before sending it over the network or channel. The organization should include a hashing function to encrypt the password at the user’s end (Kamal, 2019). Alice computes the hash of a password and uses it as secret key in challenge/response protocol.
Hashing passwords has been effective in protecting stored and passwords sent over a communication network. However, hackers can also crack hashes if the hacker has a hash dump. Dumped hashes can be cracked using brute-force or dictionary attack. To solve this, confidentiality at the application and transport level can be implemented. The scan2pass system model suggested by Zmezm et al. (2018) can be implemented here. The model first involves protecting the sensitive data and encryption key transmitted through the communication channel. Second, a key derivation function is used to extend the key space length of Alice’s password. Extending the key space to 256 bits prevents brute-force and dictionary attacks. Finally, mutual authentication between the entities is done through multi-factor techniques. The Quick Response Code (QR code) computes an OTP for the user and server during the challenge/response protocol. Alice computes the hash of a password and sends it to Bob, who hashes it and compares it against a database of doubly-hashed passwords. Hashing a password does not entirely secure it. Hashing it twice creates an iteration that makes it more difficult for an attacker to try it against the hash dump. However, the stored passwords are still prone to dictionary and brute-force attacks if the attacker spends more time on them. Also, if the attacker had already cracked Alice’s hashed password due to the lack of iteration, cracking the double-hashed password in the database would take less time. Solving this requires using salted hashes. Karrar et al. (2018) define a salted hash as a random string that appends or prepends the user’s original password before using the cryptographic hash function. The technique can also include swapping, reordering, or rearranging the user’s plain password before hashing and storing it. References Kamal, P. (2019). Security of password hashing in cloud. Journal of Information Security, 10(02). 45-68. https://doi.org/10.4236/jis.2019.102003 Karrar, D., Almutiri, T., Algrafi, S., Alalwi, N., & Alharbi, A. (2018). Enhancing salted password hashing technique using swapping elements in an array algorithm. International Journal of Computer Science and Technology. 9(1). 21-25. Mohammed, S., Lakshminarayanan, R., Ramalingam, R. (2017). Password-based authentication in computer security: Why is it still there? SIJ Transactions on Computer Science Engineering & its Applications. 5(2). Zmezm, H., Zmezm, H., Basiron, H., & Khalefa, M. (2018). A novel scan2pass architecture for enhancing security towards ecommerce. Future Technologies Conference.

Recommended

Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Fego Ogwara
 
Modified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password EncryptionModified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password EncryptionInternational Journal of Computer and Communication System Engineering
 
Password Cracking using dictionary attacks
Password Cracking using dictionary attacksPassword Cracking using dictionary attacks
Password Cracking using dictionary attackslord
 
A Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing AlgorithmsA Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing AlgorithmsIRJET Journal
 
Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper) Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper) BeeBryte | Energy Intelligence & Automation
 
F018133640.key aggregate paper
F018133640.key aggregate paperF018133640.key aggregate paper
F018133640.key aggregate paperIOSR Journals
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Kimberley Dray
 
A Novel Approach for Data Security in Cloud Environment
A Novel Approach for Data Security in Cloud EnvironmentA Novel Approach for Data Security in Cloud Environment
A Novel Approach for Data Security in Cloud EnvironmentSHREYASSRINATH94
 

Recommended

Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Fego Ogwara
 
Modified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password EncryptionModified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password EncryptionInternational Journal of Computer and Communication System Engineering
 
Password Cracking using dictionary attacks
Password Cracking using dictionary attacksPassword Cracking using dictionary attacks
Password Cracking using dictionary attackslord
 
A Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing AlgorithmsA Survey of Password Attacks and Safe Hashing Algorithms
A Survey of Password Attacks and Safe Hashing AlgorithmsIRJET Journal
 
Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper) Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper) BeeBryte | Energy Intelligence & Automation
 
F018133640.key aggregate paper
F018133640.key aggregate paperF018133640.key aggregate paper
F018133640.key aggregate paperIOSR Journals
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Kimberley Dray
 
A Novel Approach for Data Security in Cloud Environment
A Novel Approach for Data Security in Cloud EnvironmentA Novel Approach for Data Security in Cloud Environment
A Novel Approach for Data Security in Cloud EnvironmentSHREYASSRINATH94
 
Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Pvrtechnologies Nellore
 
A NOVEL WAY OF PROVIDING CONFIDENTIALITY TO SHARED SECRET KEY AND AUTHENTICAT...
A NOVEL WAY OF PROVIDING CONFIDENTIALITY TO SHARED SECRET KEY AND AUTHENTICAT...A NOVEL WAY OF PROVIDING CONFIDENTIALITY TO SHARED SECRET KEY AND AUTHENTICAT...
A NOVEL WAY OF PROVIDING CONFIDENTIALITY TO SHARED SECRET KEY AND AUTHENTICAT...cscpconf
 
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search overIEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search overIEEEMEMTECHSTUDENTPROJECTS
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam NotesVijayanand Yadla
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques أحلام انصارى
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search overIEEEFINALSEMSTUDENTPROJECTS
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Cryptography and security
Cryptography and securityCryptography and security
Cryptography and securityresearch30
 
Honey words
Honey wordsHoney words
Honey wordsSreya Sridhar PP
 
Attribute-Based Data Sharing
Attribute-Based Data SharingAttribute-Based Data Sharing
Attribute-Based Data SharingIJERA Editor
 
Brute force
Brute forceBrute force
Brute forcePrajwal Panchmahalkar
 
Brute Forcing
Brute ForcingBrute Forcing
Brute Forcingn|u - The Open Security Community
 
Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper) Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper) BeeBryte | Energy Intelligence & Automation
 
In responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docxIn responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docxmecklenburgstrelitzh
 
Bb31166168
Bb31166168Bb31166168
Bb31166168IJMER
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practiceAkash Mahajan
 
Control cloud data access privilege and anonymity with fully
Control cloud data access privilege and anonymity with fullyControl cloud data access privilege and anonymity with fully
Control cloud data access privilege and anonymity with fullyShakas Technologies
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...Kimberly Thomas
 
Speak to the idea of feminism from your perspective and.docx
Speak to the idea of feminism from your perspective and.docxSpeak to the idea of feminism from your perspective and.docx
Speak to the idea of feminism from your perspective and.docxstirlingvwriters
 
What is the logic behind How.docx
What is the logic behind How.docxWhat is the logic behind How.docx
What is the logic behind How.docxstirlingvwriters
 

More Related Content

Similar to IT549 Foundation In Information Assurance Passwords

Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Pvrtechnologies Nellore
 
A NOVEL WAY OF PROVIDING CONFIDENTIALITY TO SHARED SECRET KEY AND AUTHENTICAT...
A NOVEL WAY OF PROVIDING CONFIDENTIALITY TO SHARED SECRET KEY AND AUTHENTICAT...A NOVEL WAY OF PROVIDING CONFIDENTIALITY TO SHARED SECRET KEY AND AUTHENTICAT...
A NOVEL WAY OF PROVIDING CONFIDENTIALITY TO SHARED SECRET KEY AND AUTHENTICAT...cscpconf
 
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search overIEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search overIEEEMEMTECHSTUDENTPROJECTS
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam NotesVijayanand Yadla
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search overIEEEFINALSEMSTUDENTPROJECTS
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Cryptography and security
Cryptography and securityCryptography and security
Cryptography and securityresearch30
 
Attribute-Based Data Sharing
Attribute-Based Data SharingAttribute-Based Data Sharing
Attribute-Based Data SharingIJERA Editor
 
In responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docxIn responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docxmecklenburgstrelitzh
 
Bb31166168
Bb31166168Bb31166168
Bb31166168IJMER
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practiceAkash Mahajan
 
Control cloud data access privilege and anonymity with fully
Control cloud data access privilege and anonymity with fullyControl cloud data access privilege and anonymity with fully
Control cloud data access privilege and anonymity with fullyShakas Technologies
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...Kimberly Thomas
 

Similar to IT549 Foundation In Information Assurance Passwords (20)

Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Key aggregate searchable encryption (kase) for group data sharing via cloud s...
Key aggregate searchable encryption (kase) for group data sharing via cloud s...
 
A NOVEL WAY OF PROVIDING CONFIDENTIALITY TO SHARED SECRET KEY AND AUTHENTICAT...
A NOVEL WAY OF PROVIDING CONFIDENTIALITY TO SHARED SECRET KEY AND AUTHENTICAT...A NOVEL WAY OF PROVIDING CONFIDENTIALITY TO SHARED SECRET KEY AND AUTHENTICAT...
A NOVEL WAY OF PROVIDING CONFIDENTIALITY TO SHARED SECRET KEY AND AUTHENTICAT...
 
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search overIEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
IEEE 2014 DOTNET CLOUD COMPUTING PROJECTS Fuzzy keyword search over
 
Comptia Security+ Exam Notes
Comptia Security+ Exam NotesComptia Security+ Exam Notes
Comptia Security+ Exam Notes
 
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
 
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
2014 IEEE DOTNET CLOUD COMPUTING PROJECT Fuzzy keyword search over
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Cryptography and security
Cryptography and securityCryptography and security
Cryptography and security
 
Honey words
Honey wordsHoney words
Honey words
 
Attribute-Based Data Sharing
Attribute-Based Data SharingAttribute-Based Data Sharing
Attribute-Based Data Sharing
 
Brute force
Brute forceBrute force
Brute force
 
Brute Forcing
Brute ForcingBrute Forcing
Brute Forcing
 
Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper) Cryptography Unchained - BeeBryte (White Paper)
Cryptography Unchained - BeeBryte (White Paper)
 
In responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docxIn responding to your peers’ posts, assess your peers’ recommendatio.docx
In responding to your peers’ posts, assess your peers’ recommendatio.docx
 
Bb31166168
Bb31166168Bb31166168
Bb31166168
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practice
 
Control cloud data access privilege and anonymity with fully
Control cloud data access privilege and anonymity with fullyControl cloud data access privilege and anonymity with fully
Control cloud data access privilege and anonymity with fully
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...
 

More from stirlingvwriters

Speak to the idea of feminism from your perspective and.docx
Speak to the idea of feminism from your perspective and.docxSpeak to the idea of feminism from your perspective and.docx
Speak to the idea of feminism from your perspective and.docxstirlingvwriters
 
What is the logic behind How.docx
What is the logic behind How.docxWhat is the logic behind How.docx
What is the logic behind How.docxstirlingvwriters
 
Thinking about password identify two that you believe are.docx
Thinking about password identify two that you believe are.docxThinking about password identify two that you believe are.docx
Thinking about password identify two that you believe are.docxstirlingvwriters
 
The student will demonstrate and articulate proficiency in.docx
The student will demonstrate and articulate proficiency in.docxThe student will demonstrate and articulate proficiency in.docx
The student will demonstrate and articulate proficiency in.docxstirlingvwriters
 
To help lay the foundation for your study of postmodern.docx
To help lay the foundation for your study of postmodern.docxTo help lay the foundation for your study of postmodern.docx
To help lay the foundation for your study of postmodern.docxstirlingvwriters
 
TITLE Digital marketing before and after pandemic Sections that.docx
TITLE Digital marketing before and after pandemic Sections that.docxTITLE Digital marketing before and after pandemic Sections that.docx
TITLE Digital marketing before and after pandemic Sections that.docxstirlingvwriters
 
This assignment focuses on Marxist students will educate.docx
This assignment focuses on Marxist students will educate.docxThis assignment focuses on Marxist students will educate.docx
This assignment focuses on Marxist students will educate.docxstirlingvwriters
 
There are many possible sources of literature for.docx
There are many possible sources of literature for.docxThere are many possible sources of literature for.docx
There are many possible sources of literature for.docxstirlingvwriters
 
You enter your project team meeting with Mike and Tiffany.docx
You enter your project team meeting with Mike and Tiffany.docxYou enter your project team meeting with Mike and Tiffany.docx
You enter your project team meeting with Mike and Tiffany.docxstirlingvwriters
 
Write a minimum of 200 words response to each post.docx
Write a minimum of 200 words response to each post.docxWrite a minimum of 200 words response to each post.docx
Write a minimum of 200 words response to each post.docxstirlingvwriters
 
View the video on Law at Discuss various.docx
View the video on Law at Discuss various.docxView the video on Law at Discuss various.docx
View the video on Law at Discuss various.docxstirlingvwriters
 
Your software has gone live and is in the production.docx
Your software has gone live and is in the production.docxYour software has gone live and is in the production.docx
Your software has gone live and is in the production.docxstirlingvwriters
 
This learning was a cornucopia of enrichment with regard.docx
This learning was a cornucopia of enrichment with regard.docxThis learning was a cornucopia of enrichment with regard.docx
This learning was a cornucopia of enrichment with regard.docxstirlingvwriters
 
This is a school community relations My chosen school.docx
This is a school community relations My chosen school.docxThis is a school community relations My chosen school.docx
This is a school community relations My chosen school.docxstirlingvwriters
 
Write 3 Only one resource is I.docx
Write 3 Only one resource is I.docxWrite 3 Only one resource is I.docx
Write 3 Only one resource is I.docxstirlingvwriters
 
Sociology researches social issues through the use of theoretical.docx
Sociology researches social issues through the use of theoretical.docxSociology researches social issues through the use of theoretical.docx
Sociology researches social issues through the use of theoretical.docxstirlingvwriters
 
Step Listen to the Trail of Tears.docx
Step Listen to the Trail of Tears.docxStep Listen to the Trail of Tears.docx
Step Listen to the Trail of Tears.docxstirlingvwriters
 
You are the newly hired Director of Risk Management for.docx
You are the newly hired Director of Risk Management for.docxYou are the newly hired Director of Risk Management for.docx
You are the newly hired Director of Risk Management for.docxstirlingvwriters
 

More from stirlingvwriters (20)

Speak to the idea of feminism from your perspective and.docx
Speak to the idea of feminism from your perspective and.docxSpeak to the idea of feminism from your perspective and.docx
Speak to the idea of feminism from your perspective and.docx
 
What is the logic behind How.docx
What is the logic behind How.docxWhat is the logic behind How.docx
What is the logic behind How.docx
 
Thinking about password identify two that you believe are.docx
Thinking about password identify two that you believe are.docxThinking about password identify two that you believe are.docx
Thinking about password identify two that you believe are.docx
 
The student will demonstrate and articulate proficiency in.docx
The student will demonstrate and articulate proficiency in.docxThe student will demonstrate and articulate proficiency in.docx
The student will demonstrate and articulate proficiency in.docx
 
To help lay the foundation for your study of postmodern.docx
To help lay the foundation for your study of postmodern.docxTo help lay the foundation for your study of postmodern.docx
To help lay the foundation for your study of postmodern.docx
 
TITLE Digital marketing before and after pandemic Sections that.docx
TITLE Digital marketing before and after pandemic Sections that.docxTITLE Digital marketing before and after pandemic Sections that.docx
TITLE Digital marketing before and after pandemic Sections that.docx
 
This assignment focuses on Marxist students will educate.docx
This assignment focuses on Marxist students will educate.docxThis assignment focuses on Marxist students will educate.docx
This assignment focuses on Marxist students will educate.docx
 
Upton Souls of Black.docx
Upton Souls of Black.docxUpton Souls of Black.docx
Upton Souls of Black.docx
 
What is a In this.docx
What is a In this.docxWhat is a In this.docx
What is a In this.docx
 
There are many possible sources of literature for.docx
There are many possible sources of literature for.docxThere are many possible sources of literature for.docx
There are many possible sources of literature for.docx
 
You enter your project team meeting with Mike and Tiffany.docx
You enter your project team meeting with Mike and Tiffany.docxYou enter your project team meeting with Mike and Tiffany.docx
You enter your project team meeting with Mike and Tiffany.docx
 
Write a minimum of 200 words response to each post.docx
Write a minimum of 200 words response to each post.docxWrite a minimum of 200 words response to each post.docx
Write a minimum of 200 words response to each post.docx
 
View the video on Law at Discuss various.docx
View the video on Law at Discuss various.docxView the video on Law at Discuss various.docx
View the video on Law at Discuss various.docx
 
Your software has gone live and is in the production.docx
Your software has gone live and is in the production.docxYour software has gone live and is in the production.docx
Your software has gone live and is in the production.docx
 
This learning was a cornucopia of enrichment with regard.docx
This learning was a cornucopia of enrichment with regard.docxThis learning was a cornucopia of enrichment with regard.docx
This learning was a cornucopia of enrichment with regard.docx
 
This is a school community relations My chosen school.docx
This is a school community relations My chosen school.docxThis is a school community relations My chosen school.docx
This is a school community relations My chosen school.docx
 
Write 3 Only one resource is I.docx
Write 3 Only one resource is I.docxWrite 3 Only one resource is I.docx
Write 3 Only one resource is I.docx
 
Sociology researches social issues through the use of theoretical.docx
Sociology researches social issues through the use of theoretical.docxSociology researches social issues through the use of theoretical.docx
Sociology researches social issues through the use of theoretical.docx
 
Step Listen to the Trail of Tears.docx
Step Listen to the Trail of Tears.docxStep Listen to the Trail of Tears.docx
Step Listen to the Trail of Tears.docx
 
You are the newly hired Director of Risk Management for.docx
You are the newly hired Director of Risk Management for.docxYou are the newly hired Director of Risk Management for.docx
You are the newly hired Director of Risk Management for.docx
 

Recently uploaded

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 

Recently uploaded (20)

Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 

IT549 Foundation In Information Assurance Passwords

  • 1. IT549 Foundation In Information Assurance Answers: Alice sends a password, and Bob compares it against a database of passwords. This scenario involves the password-based type of authentication. Passwords exist in the form of letters, numbers, or special characters. However, they are prone to phishing and password attacks. Today, users have different accounts and have a lot of passwords to remember. As a result, users choose convenience over security, and they end up using weak passwords that are easy to remember. If Alice sends a plain password to Bob, an intruder may use it maliciously to obtain confidential information from the database. Also, attackers may target the plain passwords stored in the database (Mohammed et al., 2017). As Kamal (2019) states, plain passwords are protected through hashing. Hashing involves turning a password into a different string of letters and numbers using an encryption algorithm or cryptographic hash function. This method is effective because it is an irreversible one-way function. This way, if the database is hacked or an intruder accesses it, they cannot read the actual password. Also, Alice can hash it before sending it over the network, or the system should incorporate an automatic hashing function when the user keys in the plain password. Alice sends a password, and Bob hashes it and compares it against a database of hashed passwords. Alice sending a plain password to Bob makes the password susceptible to phishing as well. Even though Bob hashes it and compares it to a list of hashed passwords, an intruder may be listening through the transmission channel. Like the previous scenario, the most appropriate solution is hashing the password before sending it over the network or channel. The organization should include a hashing function to encrypt the password at the user’s end (Kamal, 2019). Alice computes the hash of a password and uses it as secret key in challenge/response protocol.
  • 2. Hashing passwords has been effective in protecting stored and passwords sent over a communication network. However, hackers can also crack hashes if the hacker has a hash dump. Dumped hashes can be cracked using brute-force or dictionary attack. To solve this, confidentiality at the application and transport level can be implemented. The scan2pass system model suggested by Zmezm et al. (2018) can be implemented here. The model first involves protecting the sensitive data and encryption key transmitted through the communication channel. Second, a key derivation function is used to extend the key space length of Alice’s password. Extending the key space to 256 bits prevents brute-force and dictionary attacks. Finally, mutual authentication between the entities is done through multi-factor techniques. The Quick Response Code (QR code) computes an OTP for the user and server during the challenge/response protocol. Alice computes the hash of a password and sends it to Bob, who hashes it and compares it against a database of doubly-hashed passwords. Hashing a password does not entirely secure it. Hashing it twice creates an iteration that makes it more difficult for an attacker to try it against the hash dump. However, the stored passwords are still prone to dictionary and brute-force attacks if the attacker spends more time on them. Also, if the attacker had already cracked Alice’s hashed password due to the lack of iteration, cracking the double-hashed password in the database would take less time. Solving this requires using salted hashes. Karrar et al. (2018) define a salted hash as a random string that appends or prepends the user’s original password before using the cryptographic hash function. The technique can also include swapping, reordering, or rearranging the user’s plain password before hashing and storing it. References Kamal, P. (2019). Security of password hashing in cloud. Journal of Information Security, 10(02). 45-68. https://doi.org/10.4236/jis.2019.102003 Karrar, D., Almutiri, T., Algrafi, S., Alalwi, N., & Alharbi, A. (2018). Enhancing salted password hashing technique using swapping elements in an array algorithm. International Journal of Computer Science and Technology. 9(1). 21-25. Mohammed, S., Lakshminarayanan, R., Ramalingam, R. (2017). Password-based authentication in computer security: Why is it still there? SIJ Transactions on Computer Science Engineering & its Applications. 5(2). Zmezm, H., Zmezm, H., Basiron, H., & Khalefa, M. (2018). A novel scan2pass architecture for enhancing security towards ecommerce. Future Technologies Conference.