Security in Computing and IT Security
Added on 2022-08-18
7 Pages2956 Words17 ViewsType: 17
Theoretical Computer Science
|
|
|
Running head: Security in Computing and IT
Security in Computing and IT
Name of the Student
Name of the University
Authors note
Security in Computing and IT
Name of the Student
Name of the University
Authors note
SECURITY IN COMPUTING AND IT
1
Task 1
A
In order to decipher the message, we can use the brute force, rainbow table, dictionary attack in order to decrypt the message with the
public key. In case of BruteForce attack, intruder or attacker uses different possible keys / passwords as well as checks with the passwords in
order to check if any one of them returns correct plaintext from the decrypted message. This is often denoted as exhaustive key search. Required
amount of time is calculated with proportion to size of used secret key. Maximum number of attempts used is calculate as 2keysize where the
number of bits is considered as key size. In case of dictionary attack, it is attempted to guess the unknown key to decrypt the message through
the use of the well-known phrases.
B
For the automated techniques the time required for decryption mainly depends on the length of the keys even with the use of the current
high-end consumer hardware which includes AMD Ryzen 7 1800X running at 3.6GHz. While considering consumer hardware in order to
decrypt the intercepted message most effective and required hardware is graphics card or the GPU. As while considering the and trying too many
changed encryption keys at the same time the graphics cards that are able to execute threads in parallel manner are ideal. Therefore, depending
on the
As an example, it can be stated that with varying length of the key’s bits, following table is estimated;
Key length Estimated Time to decrypt
10 1Second or less
20 20 seconds
40 250 days
64 12000 years.
In the similar manner, if it is considered that the encryption key is 2048-RSA key, then the time required to decrypt the message will be
6.5 quadrillion years approximately.
C
Use of the salt inclusion techniques or keyword stretching can help in making the decryption process harder for the intruder. Salt is
random data that can be used while using the cryptography function along with plain text password at the time of hashing the passwords. In case
of Salt inclusion technique random string of characters is added with the key in the encryption process. While using the salts it is recommended
to use a salt that consist of a combination of letters, numbers as well as symbols.
D
Complex passwords and encryption technique such as SHA-512 can improve the security of the protected data. Therefore, exclusion of
the use of the strong keys for the encryption process as well as parallel processing with multiple techniques can enhance the forceful
decryption process /attacks faster as well as easier. Lack of the strong passwords and salts will help attacker to break the encryption minimum
amount of time with the matching hash and plain text passwords.
Task 2
A
If the organization is storing the user ID and passwords in plain text in database then in case of database breach then it will be easier for
hackers/ intruders to easily access to user credentials including their password. Therefore, it can be stated users/people who frequently utilize
same passwords on different sites are can get into trouble and may lead to economic loss and stolen identity of the users (Sahu and Ansari
2017). With the other vulnerabilities at the application end that allows SQL injection like attacks then the intruders does not even have to access
in the database in order to get the passwords that are stored in plain text.
1
Task 1
A
In order to decipher the message, we can use the brute force, rainbow table, dictionary attack in order to decrypt the message with the
public key. In case of BruteForce attack, intruder or attacker uses different possible keys / passwords as well as checks with the passwords in
order to check if any one of them returns correct plaintext from the decrypted message. This is often denoted as exhaustive key search. Required
amount of time is calculated with proportion to size of used secret key. Maximum number of attempts used is calculate as 2keysize where the
number of bits is considered as key size. In case of dictionary attack, it is attempted to guess the unknown key to decrypt the message through
the use of the well-known phrases.
B
For the automated techniques the time required for decryption mainly depends on the length of the keys even with the use of the current
high-end consumer hardware which includes AMD Ryzen 7 1800X running at 3.6GHz. While considering consumer hardware in order to
decrypt the intercepted message most effective and required hardware is graphics card or the GPU. As while considering the and trying too many
changed encryption keys at the same time the graphics cards that are able to execute threads in parallel manner are ideal. Therefore, depending
on the
As an example, it can be stated that with varying length of the key’s bits, following table is estimated;
Key length Estimated Time to decrypt
10 1Second or less
20 20 seconds
40 250 days
64 12000 years.
In the similar manner, if it is considered that the encryption key is 2048-RSA key, then the time required to decrypt the message will be
6.5 quadrillion years approximately.
C
Use of the salt inclusion techniques or keyword stretching can help in making the decryption process harder for the intruder. Salt is
random data that can be used while using the cryptography function along with plain text password at the time of hashing the passwords. In case
of Salt inclusion technique random string of characters is added with the key in the encryption process. While using the salts it is recommended
to use a salt that consist of a combination of letters, numbers as well as symbols.
D
Complex passwords and encryption technique such as SHA-512 can improve the security of the protected data. Therefore, exclusion of
the use of the strong keys for the encryption process as well as parallel processing with multiple techniques can enhance the forceful
decryption process /attacks faster as well as easier. Lack of the strong passwords and salts will help attacker to break the encryption minimum
amount of time with the matching hash and plain text passwords.
Task 2
A
If the organization is storing the user ID and passwords in plain text in database then in case of database breach then it will be easier for
hackers/ intruders to easily access to user credentials including their password. Therefore, it can be stated users/people who frequently utilize
same passwords on different sites are can get into trouble and may lead to economic loss and stolen identity of the users (Sahu and Ansari
2017). With the other vulnerabilities at the application end that allows SQL injection like attacks then the intruders does not even have to access
in the database in order to get the passwords that are stored in plain text.
SECURITY IN COMPUTING AND IT
2
Furthermore, while transmitting the plain text passwords that are stored in the databases through the non-SSL based transmission
channel also can lead to vulnerability that can be exploited using eavesdropping technique or network sniffing tools such as Wireshark.
Moreover, this user credentials are also vulnerable to the MITM attacks.
SSL stripping is another type of attack that can be utilized in order view or retrieve plain text passwords of the users that are flowing
through SSL encrypted channel. Most of the breached authentication/ password data mainly originates from employee espionage. Furthermore,
database backups are vulnerable to attacks by the hackers/intruders. Hackers can gain access to the backup servers in order to get access to the
passwords that are saved in plain text format. It is also possible that developers get the passwords from a database as the response against their
queries made to the server.
B
Hashing is one of the important functions in cryptography that helps in transformation of some specific fixed data into another data that
have fixed length through the use of a specific mathematical process. Hashing includes mapping of original data that may be of any size to some
specific fixed length data through the utilization of a hash table. After this the output data is stored in digest. In terms of security it can be stated
that reconstruction of the initial input data from the digest is virtually impossible from the resulting output even though the attacker has the
information about the used hash function in the process.
C
In the password cracking or key decryption process, the rainbow table is considered as the database which is helpful in gaining the
authentication through the creation of matching password hash for an user. The rainbow table uses a precomputed dictionary containing
plaintext passwords along with the corresponding hash. This table or dictionary is helpful in finding out which plaintext password in the table is
producing the particular hash that matches with the specific user password. Here it can be mentioned that as more than one password or text in
the table can be responsible for producing the same hash, therefore with the passwords that generates the same hash the authentication process
can be passed by the hackers.
Whenever any attacker is able to gains access to password database of any application, utilizing rainbow tables they can get the hashed
passwords. After this from the rainbow table the attacker then gets the possible plain text passwords matching with each hash and finally can use
then in order to get access to an users account.
The attacks backed by the rainbow table can be prevented through the use of the salt techniques while saving the password in the
database. Salt is random part of data which is provided to hash function along with plain text password at the time of hashing the passwords.
Utilization of the of the salt in the hashing process is helpful in the ensuing that each and every password generates unique hash value and
therefore use of the rainbow table in the password cracking attack that principally depends on the logic that the more than one text password
can generate similar hash values can be obviously prevented by adding the salt.
One more technique that can help in preventing the precomputed hash attacks is Key stretching while hashing the passwords before
storing them. In this technique the password, used salt as well as other transitional hash values are passed through the hash function numerous
times in order to improve the computation time which is required in order to hash provided password (Sahu and Ansari 2017). Another
alternative approach to mitigate the risk of rainbow table attacks is key strengthening. In this approach, the password or key is extended through
the use of random salt. In the next stage the salt is securely deleted. After the completion of this technique it enforces both the legitimate user
and the attackers to carry out brute-force search approach in order to search the salt value.
MD5, SHA1 and other variants are the password hashing function that generates a digest from the actual content. MD5 and SHA1 are
outdated password hashing algorithms and most rainbow tables used to crack passwords are built to target applications and systems using these
hashing methods. Consider using more modern hashing methods like SHA2 (Long 2019).
My student ID is s3587225
Now considering the numerical part we get the following
f5dcb114ea1dfb8ba884b0e2331e9d448a90d2c669404ce7bd504803972f1a88
url used: https://emn178.github.io/online-tools/sha256.html
2
Furthermore, while transmitting the plain text passwords that are stored in the databases through the non-SSL based transmission
channel also can lead to vulnerability that can be exploited using eavesdropping technique or network sniffing tools such as Wireshark.
Moreover, this user credentials are also vulnerable to the MITM attacks.
SSL stripping is another type of attack that can be utilized in order view or retrieve plain text passwords of the users that are flowing
through SSL encrypted channel. Most of the breached authentication/ password data mainly originates from employee espionage. Furthermore,
database backups are vulnerable to attacks by the hackers/intruders. Hackers can gain access to the backup servers in order to get access to the
passwords that are saved in plain text format. It is also possible that developers get the passwords from a database as the response against their
queries made to the server.
B
Hashing is one of the important functions in cryptography that helps in transformation of some specific fixed data into another data that
have fixed length through the use of a specific mathematical process. Hashing includes mapping of original data that may be of any size to some
specific fixed length data through the utilization of a hash table. After this the output data is stored in digest. In terms of security it can be stated
that reconstruction of the initial input data from the digest is virtually impossible from the resulting output even though the attacker has the
information about the used hash function in the process.
C
In the password cracking or key decryption process, the rainbow table is considered as the database which is helpful in gaining the
authentication through the creation of matching password hash for an user. The rainbow table uses a precomputed dictionary containing
plaintext passwords along with the corresponding hash. This table or dictionary is helpful in finding out which plaintext password in the table is
producing the particular hash that matches with the specific user password. Here it can be mentioned that as more than one password or text in
the table can be responsible for producing the same hash, therefore with the passwords that generates the same hash the authentication process
can be passed by the hackers.
Whenever any attacker is able to gains access to password database of any application, utilizing rainbow tables they can get the hashed
passwords. After this from the rainbow table the attacker then gets the possible plain text passwords matching with each hash and finally can use
then in order to get access to an users account.
The attacks backed by the rainbow table can be prevented through the use of the salt techniques while saving the password in the
database. Salt is random part of data which is provided to hash function along with plain text password at the time of hashing the passwords.
Utilization of the of the salt in the hashing process is helpful in the ensuing that each and every password generates unique hash value and
therefore use of the rainbow table in the password cracking attack that principally depends on the logic that the more than one text password
can generate similar hash values can be obviously prevented by adding the salt.
One more technique that can help in preventing the precomputed hash attacks is Key stretching while hashing the passwords before
storing them. In this technique the password, used salt as well as other transitional hash values are passed through the hash function numerous
times in order to improve the computation time which is required in order to hash provided password (Sahu and Ansari 2017). Another
alternative approach to mitigate the risk of rainbow table attacks is key strengthening. In this approach, the password or key is extended through
the use of random salt. In the next stage the salt is securely deleted. After the completion of this technique it enforces both the legitimate user
and the attackers to carry out brute-force search approach in order to search the salt value.
MD5, SHA1 and other variants are the password hashing function that generates a digest from the actual content. MD5 and SHA1 are
outdated password hashing algorithms and most rainbow tables used to crack passwords are built to target applications and systems using these
hashing methods. Consider using more modern hashing methods like SHA2 (Long 2019).
My student ID is s3587225
Now considering the numerical part we get the following
f5dcb114ea1dfb8ba884b0e2331e9d448a90d2c669404ce7bd504803972f1a88
url used: https://emn178.github.io/online-tools/sha256.html
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Advance Network and Infrastructure Securitylg...
|7
|686
|84
ITEC852 Advanced System And Network Security Assignmentlg...
|5
|666
|59
Encryption Symmetric Key Encryptionlg...
|9
|2853
|351
CSI2102 - Information Security Technologies | Case Studylg...
|14
|3537
|42
Security in Computing and IT in PDFlg...
|13
|2776
|33
World Interoperability Assignment PDFlg...
|6
|1956
|35