Alice has a picture-based password system, where she has each user pick a set of their 20 favorite pictures, say, of cats, dogs, cars, etc. To login, a user is shown a series of pictures in pairs—one on the left and one on the right. In each pair, the user has to pick the one that is in his set of favorites. If the user picks the correct 20 out of the 40 he is shown (as 20 pairs), then the
system logs him in. Analyze the security of this system, including the size of the search space. Is it more secure than a standard password system?
What will be an ideal response?
There are two pictures for each choice, one on the left and one on the right.
Thus, with 20 pairs, there is a search space of 220, which is roughly 1,000,000. This is roughly
as secure than a standard password, for which there are dictionaries with 500,000 passwords
that can be used in dictionary attacks. If the number of picture pairs is increased to 40,
however, then the security is much higher. Of course, even picking one of 20 picture pairs
requires 20 mouse clicks, which would take longer than typing in a traditional password.
You might also like to view...
Which of the following definitions is the best description of an orphan?
A) The last word of a paragraph split across a line break B) The location of a file preceding the filename C) The last line split from the paragraph across a page break D) The amount of white space around the edge of each page
The Security tab of a template's Permissions dialog box enables you to configure the template's ACL and define the security rights for enrollment and use of certificates. Which permission specifically enables autoenrollment of user and computer certificates?
a. Read b. Write c. Enroll d. None of the above.