HomeworkLib
Question

Write a network program where a client will prove to the server that it knows a...

Write a network program where a client will prove to the server that it knows a secret key without revealing the secret key. Implement the Zero Knowledge Proof technique that we have discussed in the class to achieve this. The secret could be a large number or hash code of a password. Hint: Use Big Integer API in Java for handling Big Integer.

engineering   Computer-Science   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

The next most clever thing Bob can do is to hash the passwords before storing them. The simplest approach is for Bob to record SHA256(PASSWORD) instead of the raw PASSWORD. Now Ida can't get the password directly. But she can run through a dictionary of likely passwords, hash each one, and compare it, and if she gets a match, now she knows the password too. Because every password is hashed the same way, she can do this in parallel for every entry in the table. Worst of all, she can do this ahead of time, once, and spend hardly any time at all doing the lookup (for certain situations, there is an efficient time/space tradeoff called a "Rainbow Table" that fits onto a DVD-ROM and can deduce the password in a few seconds).

The work it takes to guess a password is the number of passwords that need to be guessed (on average, you'll have to search half the dictionary before you find the word), multiplied by the time it takes to check each guess. Thanks to Bitcoin, modern parallelized GPUs can perform a nearly a billion SHA256 hashes per second, so we'll define Tsearch as 1ns.

Code:

Setup: Bob stores verifiers[ALICE] = sha256(PASSWORD) Alice: send PASSWORD to Bob Bob: grant access if sha256(PASSWORD) == verifiers[ALICE]

Work Needed To Recover Password:

Bob: 0 Eve: 0 Ida: Tsearch(=1ns) * len(dictionary) / num_users

or less with precomputation

Salted Hashed Passwords

To prevent parallel attacks, Bob can hash each password slightly differently, by using a "salt". Anyone who knows the stored hash can still do a dictionary attack, but they have to do a different search for each one.

Code:

Setup: Bob picks 256-bit random SALT, stores in salts[ALICE]

Bob stores verifiers[ALICE]=HMAC_sha256(SALT, PASSWORD)

Alice: send PASSWORD to Bob Bob: look up SALT=salts[ALICE]

grant access if HMAC_sha256(SALT, PASSWORD) == verifiers[ALICE]

Work Needed To Recover Password:

Bob: 0 Eve: 0 Ida: Tsearch * len(dictionary)

0 0
Add a comment
Know the answer?
Add Answer to:
Write a network program where a client will prove to the server that it knows a...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • Write a network program where a client will prove to the server that it knows a secret key withou...

    Write a network program where a client will prove to the server that it knows a secret key without revealing the secret key. Implement the Zero Knowledge Proof technique that we have discussed in the class to achieve this. The secret could be a large number or hash code of a password. Hint: Use Big Integer API in Java for handling Big Integer.

  • Cryptographic hash functions are very commonly used in password verification. For example, when you use any...

    Cryptographic hash functions are very commonly used in password verification. For example, when you use any online website which requires a user login, you enter your E-mail and password to authenticate that the account you are trying to use belongs to you. When the password is entered, a hash of the password is computed which is then sent to the server for verification of the password. The passwords stored on the server are actually computed hash values of the original...

  • Write two C programs that run a server program and a client program concurrently. Server program:...

    Write two C programs that run a server program and a client program concurrently. Server program: The server program provides a simple search for a specific value in an array sent to it from a client. If the value appears in the array, the server indicates the index of the first occurrence of that value in the array. The server sends the client search value and its array position. If the value does not occur in the array, only the...

  • I have to modify a server program and chat program to work as the following instructions...

    I have to modify a server program and chat program to work as the following instructions but I am completely clueless as to where to start. I'd appreciate any help on how to atleast get started. This must be done in java. Diffie-Hellman Two parties use a key agreement protocol to generate identical secret keys for encryption without ever having to transmit the secret key. The protocol works by both parties agreeing on a set of values (a) and (q)....

  • 1 Overview For this assignment you are required to write a Java program that plays (n,...

    1 Overview For this assignment you are required to write a Java program that plays (n, k)-tic-tac-toe; (n, k)-tic- tac-toe is played on a board of size n x n and to win the game a player needs to put k symbols on adjacent positions of the same row, column, or diagonal. The program will play against a human opponent. You will be given code for displaying the gameboard on the screen. 2 The Algorithm for Playing (n, k)-Tic-Tac-Toe The...

  • This project will allow you to write a program to get more practice with the stack...

    This project will allow you to write a program to get more practice with the stack and queue data structures, as well as more practice with object-oriented ideas that we explored in the previous projects. In this assignment you will be writing a simulation of an order-fulfillment system for a company like Amazon.com. These companies take orders for products and ship them to customers based on what they have in inventory. For this assignment you will be performing a scaled-back...

  • 1) Echo the input: First, you should make sure you can write a program and have...

    1) Echo the input: First, you should make sure you can write a program and have it compile and run, take input and give output. So to start you should just echo the input. This means you should prompt the user for the plaintext, read it in and then print it back out, with a message such as "this is the plaintext you entered:". [4 points, for writing a working program, echoing the input and submitting the program on the...

  • Summary Write a program that demonstrates the skills you’ve learned throughout this quarter. This type of...

    Summary Write a program that demonstrates the skills you’ve learned throughout this quarter. This type of project offers only a few guidelines and requirements, allowing you to invest as much time, effort and imagination as you want.  Submit your java programs (*.java) and any other I/O (*.txt) via Canvas  You’ve worked quite hard to make it this far, so have a bit of fun with this project! Design Brief: Use Case Scenario You are hired to develop a...

  • This interactive program focuses on if/else statements, Scanner, and returning values. Turn in a file named...

    This interactive program focuses on if/else statements, Scanner, and returning values. Turn in a file named Budgeter.java. To use a Scanner for console input, you must import java.util.*; in your code. This program prompts a person for income and expense amounts, then calculates their net monthly income. Below are two example logs of execution from the program. This program’s behavior is dependent on the user input (user input is bold and underlined below to make it stand out and differentiate...

  • Read this article. Then write a 250 word response on two of the programs you like...

    Read this article. Then write a 250 word response on two of the programs you like the most. Open source business intelligence software 1. BIRT BIRT is an open source BI program that CloudTweaks says is often viewed as the industry standard. BIRT boasts “over 12 million downloads and over 2.5 million developers across 157 countries.” Its users include heavyweights such as Cisco, S1, and IBM (which is also a BIRT sponsor). They also have maturity going for them, as...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT