CYBR 555 – Assignment 02: User Authentication, Access ControlDr. G. Dimitoglou
Question 1
(16 pts) Password strength is an important aspect of user authentication. Given the following passwords, and the
multiple types of password attacks discussed in the chapter, explain why each one of these passwords may be good
(strong, hard to crack) or bad (weak, easily crack-able) and by what type of attack. Present your answer as a table
using the structure below. You must use full sentences/paragraphs to receive credit, no bullets or scattered words.
a.
b.
c.
d.
Password
KHG 1971
ArmStrong89
iLoToWaSo (I love to watch soccer)
PhiladelphiaCity2021
Explain Password Strength
Possible Attack Type
Question 2
(14 pts) The ASCII character table contains 127 characters. However, 33 are non-printable so they can’t be used in
passwords, leaving 95 printable characters. Assume that passwords on a server must be exactly 10 characters long.
a. Given these constraints, how many possible passwords can be generated?
b. You have a password cracker that can crack 50 million passwords per second. How long will it take to test all
possible passwords from the previous answer (a)?
You must show and explain your work and calculations to receive credit.
Question 3
(14 pts) Consider a system with three users: Alice, Jin and Priya. Each owns files alicerc, jinrc and priyarc
correspondingly. Jin and Priya can read alicerc, Priya can read and write jinrc, Alice can read jinrc. Only Alice
can read and write alicerc, the file she owns. Assume that each file can be executed by its owner.
a. Create the access control matrix that describes the system.
b. Create access control lists for all three files.
Question 4
(6 pts) Using a directed graph to represent each subject and each object by a node, depict the protection state
shown in the discretionary access control (DAC) model described in the textbook1 . An entity which is both subject
and object is represented by a single node. A directed line from a subject to object indicates an access right. A
label on that link defines the type of access right. Draw a directed graph that corresponds to the access matrix of
Fig. A (see next page).
Submission Requirements
Use the Assignment Formatting and Submission Guidelines provided under the Assignments section on Blackboard.
1 See Section 4.3.
1
Figure A
2