ZuoTi.Pro
Question

Write a network program where a client will prove to the server that it knows a...

Write a network program where a client will prove to the server that it knows a secret key without revealing the secret key. Implement the Zero Knowledge Proof technique that we have discussed in the class to achieve this. The secret could be a large number or hash code of a password. Hint: Use Big Integer API in Java for handling Big Integer.

engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

The next most clever thing Bob can do is to hash the passwords before storing them. The simplest approach is for Bob to record SHA256(PASSWORD) instead of the raw PASSWORD. Now Ida can't get the password directly. But she can run through a dictionary of likely passwords, hash each one, and compare it, and if she gets a match, now she knows the password too. Because every password is hashed the same way, she can do this in parallel for every entry in the table. Worst of all, she can do this ahead of time, once, and spend hardly any time at all doing the lookup (for certain situations, there is an efficient time/space tradeoff called a "Rainbow Table" that fits onto a DVD-ROM and can deduce the password in a few seconds).

The work it takes to guess a password is the number of passwords that need to be guessed (on average, you'll have to search half the dictionary before you find the word), multiplied by the time it takes to check each guess. Thanks to Bitcoin, modern parallelized GPUs can perform a nearly a billion SHA256 hashes per second, so we'll define Tsearch as 1ns.

Code:

Setup: Bob stores verifiers[ALICE] = sha256(PASSWORD) Alice: send PASSWORD to Bob Bob: grant access if sha256(PASSWORD) == verifiers[ALICE]

Work Needed To Recover Password:

Bob: 0 Eve: 0 Ida: Tsearch(=1ns) * len(dictionary) / num_users

or less with precomputation

Salted Hashed Passwords

To prevent parallel attacks, Bob can hash each password slightly differently, by using a "salt". Anyone who knows the stored hash can still do a dictionary attack, but they have to do a different search for each one.

Code:

Setup: Bob picks 256-bit random SALT, stores in salts[ALICE]

Bob stores verifiers[ALICE]=HMAC_sha256(SALT, PASSWORD)

Alice: send PASSWORD to Bob Bob: look up SALT=salts[ALICE]

grant access if HMAC_sha256(SALT, PASSWORD) == verifiers[ALICE]

Work Needed To Recover Password:

Bob: 0 Eve: 0 Ida: Tsearch * len(dictionary)

0 0
Add a comment
Know the answer?
Add Answer to:
Write a network program where a client will prove to the server that it knows a...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • Write a network program where a client will prove to the server that it knows a secret key withou...

    Write a network program where a client will prove to the server that it knows a secret key without revealing the secret key. Implement the Zero Knowledge Proof technique that we have discussed in the class to achieve this. The secret could be a large number or hash code of a password. Hint: Use Big Integer API in Java for handling Big Integer.

  • I have to modify a server program and chat program to work as the following instructions...

    I have to modify a server program and chat program to work as the following instructions but I am completely clueless as to where to start. I'd appreciate any help on how to atleast get started. This must be done in java. Diffie-Hellman Two parties use a key agreement protocol to generate identical secret keys for encryption without ever having to transmit the secret key. The protocol works by both parties agreeing on a set of values (a) and (q)....

  • 1 Overview For this assignment you are required to write a Java program that plays (n,...

    1 Overview For this assignment you are required to write a Java program that plays (n, k)-tic-tac-toe; (n, k)-tic- tac-toe is played on a board of size n x n and to win the game a player needs to put k symbols on adjacent positions of the same row, column, or diagonal. The program will play against a human opponent. You will be given code for displaying the gameboard on the screen. 2 The Algorithm for Playing (n, k)-Tic-Tac-Toe The...

  • 1) Echo the input: First, you should make sure you can write a program and have...

    1) Echo the input: First, you should make sure you can write a program and have it compile and run, take input and give output. So to start you should just echo the input. This means you should prompt the user for the plaintext, read it in and then print it back out, with a message such as "this is the plaintext you entered:". [4 points, for writing a working program, echoing the input and submitting the program on the...

  • Summary Write a program that demonstrates the skills you’ve learned throughout this quarter. This type of...

    Summary Write a program that demonstrates the skills you’ve learned throughout this quarter. This type of project offers only a few guidelines and requirements, allowing you to invest as much time, effort and imagination as you want.  Submit your java programs (*.java) and any other I/O (*.txt) via Canvas  You’ve worked quite hard to make it this far, so have a bit of fun with this project! Design Brief: Use Case Scenario You are hired to develop a...

  • This interactive program focuses on if/else statements, Scanner, and returning values. Turn in a file named...

    This interactive program focuses on if/else statements, Scanner, and returning values. Turn in a file named Budgeter.java. To use a Scanner for console input, you must import java.util.*; in your code. This program prompts a person for income and expense amounts, then calculates their net monthly income. Below are two example logs of execution from the program. This program’s behavior is dependent on the user input (user input is bold and underlined below to make it stand out and differentiate...

  • Read this article. Then write a 250 word response on two of the programs you like...

    Read this article. Then write a 250 word response on two of the programs you like the most. Open source business intelligence software 1. BIRT BIRT is an open source BI program that CloudTweaks says is often viewed as the industry standard. BIRT boasts “over 12 million downloads and over 2.5 million developers across 157 countries.” Its users include heavyweights such as Cisco, S1, and IBM (which is also a BIRT sponsor). They also have maturity going for them, as...

  • Write a French/English dictionary lookup program. Read a list of pairs of English and French words...

    Write a French/English dictionary lookup program. Read a list of pairs of English and French words from a file specified by the user. English/French words should be exact matches (don't try to find partial matches). Use the supplied EnglishFrenchDictionary.java class as your main class. Fill in the missing code in the DictionaryTable.java class to read the input file and perform the searches. Add code to the DictionaryTable read() method to: read pairs of lines (English word is on the first...

  • Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...

    Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...

  • The discussion: 150 -200 words. Auditing We know that computer security audits are important in business....

    The discussion: 150 -200 words. Auditing We know that computer security audits are important in business. However, let’s think about the types of audits that need to be performed and the frequency of these audits. Create a timeline that occurs during the fiscal year of audits that should occur and “who” should conduct the audits? Are they internal individuals, system administrators, internal accountants, external accountants, or others? Let me start you: (my timeline is wrong but you should use some...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT