Both encryption algorithms and hash algorithms transform messages, but why do encryption algorithms always require a key while hash algorithms do not? (10 points)

 

Please propose one method that uses a clock to generate one-time passwords. Please explain your method with sufficient details. (12 points)

 

 

Time-synchronized authentication can handle which of the following threats. Please choose ALL the threats that time-synchronized authentication can handle:

 

In challenge-response authentication, both the User ID (i.e., message 1) and the Challenge (i.e., message 2) are in cleartext, but why is challenge-response authentication still a secure authentication method that can defeat replay attacks? Please explain your reason with sufficient details

 

6. Assume Alice uses S/Key and a seed x to generate 200 one-time passwords for her to login into the EBay server. Please answer the following questions (6.1-6.3):

6.1: What is the 106th password that will be used for Alice to login into the EBay server? Please justify your answer with sufficient details. (15 points)

 

 

6.2: When Alice logins into the server the 6th time (i.e., when the 6th password used to login is used by Alice), what is stored in the EBay server’s password file? Please justify your answer with sufficient details. (15 points)

 

6.3: After the 22nd password used to login into the server is used by Alice, John, the bad guy, steals her 87th password. Among the 200-22=178 passwords left for Alice to use, how many can still be used by Alice without worrying about attacks? Please justify your answer with sufficient details. (15 points)