ZuoTi.Pro
Question

Write a network program where a client will prove to the server that it knows a secret key withou...

Write a network program where a client will prove to the server that it knows a secret key without revealing the secret key. Implement the Zero Knowledge Proof technique that we have discussed in the class to achieve this. The secret could be a large number or hash code of a password. Hint: Use Big Integer API in Java for handling Big Integer.

engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

The next most clever thing Bob can do is to hash the passwords before storing them. The simplest approach is for Bob to record SHA256(PASSWORD) instead of the raw PASSWORD. Now Ida can't get the password directly. But she can run through a dictionary of likely passwords, hash each one, and compare it, and if she gets a match, now she knows the password too. Because every password is hashed the same way, she can do this in parallel for every entry in the table. Worst of all, she can do this ahead of time, once, and spend hardly any time at all doing the lookup (for certain situations, there is an efficient time/space tradeoff called a "Rainbow Table" that fits onto a DVD-ROM and can deduce the password in a few seconds).

The work it takes to guess a password is the number of passwords that need to be guessed (on average, you'll have to search half the dictionary before you find the word), multiplied by the time it takes to check each guess. Thanks to Bitcoin, modern parallelized GPUs can perform a nearly a billion SHA256 hashes per second, so we'll define Tsearch as 1ns.

Code:

Setup: Bob stores verifiers[ALICE] = sha256(PASSWORD) Alice: send PASSWORD to Bob Bob: grant access if sha256(PASSWORD) == verifiers[ALICE]

Work Needed To Recover Password:

Bob: 0 Eve: 0 Ida: Tsearch(=1ns) * len(dictionary) / num_users

or less with precomputation

Salted Hashed Passwords

To prevent parallel attacks, Bob can hash each password slightly differently, by using a "salt". Anyone who knows the stored hash can still do a dictionary attack, but they have to do a different search for each one.

Code:

Setup: Bob picks 256-bit random SALT, stores in salts[ALICE]

Bob stores verifiers[ALICE]=HMAC_sha256(SALT, PASSWORD)

Alice: send PASSWORD to Bob Bob: look up SALT=salts[ALICE]

grant access if HMAC_sha256(SALT, PASSWORD) == verifiers[ALICE]

Work Needed To Recover Password:

Bob: 0 Eve: 0 Ida: Tsearch * len(dictionary)

0 0
Add a comment
Know the answer?
Add Answer to:
Write a network program where a client will prove to the server that it knows a secret key withou...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • Write a network program where a client will prove to the server that it knows a...

    Write a network program where a client will prove to the server that it knows a secret key without revealing the secret key. Implement the Zero Knowledge Proof technique that we have discussed in the class to achieve this. The secret could be a large number or hash code of a password. Hint: Use Big Integer API in Java for handling Big Integer.

  • I have to modify a server program and chat program to work as the following instructions...

    I have to modify a server program and chat program to work as the following instructions but I am completely clueless as to where to start. I'd appreciate any help on how to atleast get started. This must be done in java. Diffie-Hellman Two parties use a key agreement protocol to generate identical secret keys for encryption without ever having to transmit the secret key. The protocol works by both parties agreeing on a set of values (a) and (q)....

  • Summary Write a program that demonstrates the skills you’ve learned throughout this quarter. This type of...

    Summary Write a program that demonstrates the skills you’ve learned throughout this quarter. This type of project offers only a few guidelines and requirements, allowing you to invest as much time, effort and imagination as you want.  Submit your java programs (*.java) and any other I/O (*.txt) via Canvas  You’ve worked quite hard to make it this far, so have a bit of fun with this project! Design Brief: Use Case Scenario You are hired to develop a...

  • This interactive program focuses on if/else statements, Scanner, and returning values. Turn in a file named...

    This interactive program focuses on if/else statements, Scanner, and returning values. Turn in a file named Budgeter.java. To use a Scanner for console input, you must import java.util.*; in your code. This program prompts a person for income and expense amounts, then calculates their net monthly income. Below are two example logs of execution from the program. This program’s behavior is dependent on the user input (user input is bold and underlined below to make it stand out and differentiate...

  • Write a French/English dictionary lookup program. Read a list of pairs of English and French words...

    Write a French/English dictionary lookup program. Read a list of pairs of English and French words from a file specified by the user. English/French words should be exact matches (don't try to find partial matches). Use the supplied EnglishFrenchDictionary.java class as your main class. Fill in the missing code in the DictionaryTable.java class to read the input file and perform the searches. Add code to the DictionaryTable read() method to: read pairs of lines (English word is on the first...

  • Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...

    Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...

  • First, read the article on "The Delphi Method for Graduate Research." ------ Article is posted below...

    First, read the article on "The Delphi Method for Graduate Research." ------ Article is posted below Include each of the following in your answer (if applicable – explain in a paragraph) Research problem: what do you want to solve using Delphi? Sample: who will participate and why? (answer in 5 -10 sentences) Round one questionnaire: include 5 hypothetical questions you would like to ask Discuss: what are possible outcomes of the findings from your study? Hint: this is the conclusion....

  • Please read the article and answer about questions. You and the Law Business and law are...

    Please read the article and answer about questions. You and the Law Business and law are inseparable. For B-Money, the two predictably merged when he was negotiat- ing a deal for his tracks. At other times, the merger is unpredictable, like when your business faces an unexpected auto accident, product recall, or government regulation change. In either type of situation, when business owners know the law, they can better protect themselves and sometimes even avoid the problems completely. This chapter...

  • I have this case study to solve. i want to ask which type of case study...

    I have this case study to solve. i want to ask which type of case study in this like problem, evaluation or decision? if its decision then what are the criterias and all? Stardust Petroleum Sendirian Berhad: how to inculcate the pro-active safety culture? Farzana Quoquab, Nomahaza Mahadi, Taram Satiraksa Wan Abdullah and Jihad Mohammad Coming together is a beginning; keeping together is progress; working together is success. - Henry Ford The beginning Stardust was established in 2013 as a...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT