Estimation of time required for brute-force search attack on the password-based encryption
(To use the attached program, do not use your own program,please)
This assignment asks you to estimate the time required for successful brute-force search attack on password-based encryption using JCA in Java. It assumes that you have done Lab 1, Lab2, Lab3 (see attachment).
- Make a list of passwords, mentioned in item 3 of Section 1.2 of Lab 1 instructions (page 2)
- For password-based DES encryption implementation in JCA (Lab 2 and Lab 3) fix some salt and iteration count and record an average time required for encryption/decryption (done in Lab 3);
- For each of the passwords above estimate the time required for successful brute-force search attack, assuming that an attacker knows:
• the predefined plaintext;
• the ciphertext produced;
• the salt;
• the iteration count;
• but no password.
- Investigate how the time required for the attack depends on the iteration count;
- Consider a variant of the attack, in which an attacker knows everything as above, except the iteration count, and estimate the time required to recover the passwords;
- Compare your estimated time with the estimated time returned for the same passwords by online services (Lab 1, page 2) and propose plausible explanation of any observed differences.
- Write a report on the above, providing an evidence for your arguments (e.g. snippets of code used to estimate time required for one encryption).
Sample Solution
