6. One mechanism for resisting repl

6. One mechanism for resisting replay attacks in password authentication is to use one-time passwords: A list of passwords is prepared, and once password[N] has been accepted the server decrements N and prompts for password[N −1] next time. At N = 0 a new list is needed. Outline a mechanism by which the user and server need only remember one master password mp and have available locally a way to compute password[N] = f(mp,N). Hint: Let g be an appropriate one-way function (e.g.,MD5) and let password[N] = gN(mp) = g applied N times to mp.Explain why knowing password[N] doesn’t help reveal password[N −1].
7. Suppose a user employs one-time passwords as above (or, for that matter, reusable passwords), but that the password is transmitted sufficiently slowly.(a) Show that an eavesdropper can gain access to the remote server with a relatively modest number of guesses. (Hint: The eavesdropper starts guessing after the original user has typed all but one character of the password.)(b) To what other attacks might a user of one-time passwords be subject?
8. The Diffie–Hellman key exchange protocol is vulnerable to a “man-in-the-middle” attack as shown in Section 8.3.4 and
Figure 8.12. Outline how Diffie–Hellman can be extended to protect against this possibility.
9. Suppose we have a very short secret s (e.g., a single bit or even a Social Security number), and we wish to send someone else a messagemnow that will not reveal s but that can be used later to verify that we did know s. Explain whym = MD5(s) orm = E(s) with RSA encryption would not be secure choices, and suggest a better choice.
10. Suppose two people want to play poker over the network. To deal the cards they need a mechanism for fairly hoosing a random number x between them; each party stands to lose if the other party can unfairly influence the choice of x. Describe such a mechanism. Hint: You may assume that if either of two bit strings x1 and x2 are random, then the exclusive-OR x = x1 ⊕x2 is random.