Let h be a secure cryptographic hash function. For this problem, a password consists of a maximum of 14-characters and there are 32 possible choices for each character. If a password is less than 14 characters, it's padded with nulls until it is exactly 14 characters. Let P be the resulting 14 character password. Consider the following two password hashing schemes.
(i) The password P is split into two parts, with X equal to the first 7 characters and Y equal to the last 7 characters. The password is stored as (h(X), h(Y)). No salt is used.
(ii) The password is stored as h(P). Again, no salt is used.
Note that the method in scheme (i) is used in Windows to store the so-called LANMAN password.
a. Assuming a brute force attack, how much easier is it to crack the password if scheme (i) is used as compared with scheme (ii)?
b. If scheme (i) is used, why might a 10-character password be less secure than a 7-character password?14
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here