a. During an off-line dictionary attack, suppose the attacker has complied a dictionary of 10,000 entries, and he/she found that the password file contains 100 users with 50 different salt values. If the attacker’s goal is to get as many passwords as possible, how many hash values would he/she compute in the worst case?
b. Following above (a), how many comparisons between hash values are needed in the worst case?
c. Suppose the server is using Lamport’s one-time password scheme, and an attacker somehow possesses the value h^40(m). Now he observes that a legitimate user sends h^60(m) to the server and is granted access. At most how many times can the attacker login (be precise with your answer)?