One of the earlier applications of cryptographic hash functions was the storage of passwords for user authentication in computer systems. With this method, a password is hashed after its input and is compared to the stored (hashed) reference password. People realized early that it is sufficient to only store the hashed versions of the password
1. Assume you are a hacker and you got access to the hashed password list. Of course, you would like to recover the passwords from the list in order to impersonate some of the users. Discuss which of the three attacks below allow this. Exactly describe the
Attack B: You can find second preimages for h.
Attack C: You can find collisions for h.
2. Why is this technique of storing hashed passwords often extended by the use of a so-called salt? (A salt is a random value appended to the password before hashing. Together with the hash, the value of the salt is stored in the list of hashed passwords.) Are the attacks above affected by this technique?
3. Is a hash function with an output length of 80 bit sufficient for this application?