Time Estimation for brute-force search attack

Estimation of time required for brute-force search attack on the password-based encryption

(To use the attached program, do not use your own program,please)

This assignment asks you to estimate the time required for successful brute-force search attack on password-based encryption using JCA in Java. It assumes that you have done Lab 1, Lab2, Lab3 (see attachment).

  1. Make a list of passwords, mentioned in item 3 of Section 1.2 of Lab 1 instructions (page 2)
  2. For password-based DES encryption implementation in JCA (Lab 2 and Lab 3) fix some salt and iteration count and record an average time required for encryption/decryption (done in Lab 3);
  3. For each of the passwords above estimate the time required for successful brute-force search attack, assuming that an attacker knows:

• the predefined plaintext;

• the ciphertext produced;

• the salt;

• the iteration count;

• but no password.

  1. Investigate how the time required for the attack depends on the iteration count;
  2. Consider a variant of the attack, in which an attacker knows everything as above, except the iteration count, and estimate the time required to recover the passwords;
  3. Compare your estimated time with the estimated time returned for the same passwords by online services (Lab 1, page 2) and propose plausible explanation of any observed differences.
  4. Write a report on the above, providing an evidence for your arguments (e.g. snippets of code used to estimate time required for one encryption).

Sample Solution