1.Suppose we are using Lamport's hash, and Bob's system crashes before receiving Alice's reply to a message. Further suppose an intruder, Trudy, can eavesdrop and detect that Bob crashed (maybe Trudy can even cause Bob to crash). This would create a situation where Trudy has Alice's reply (which Bob did not receive) and which Trudy can use to impersonate Alice, assuming Trudy logs in before Alice attempts to log into Bob again. How can we modify Bob's behaviour to prevent this threat, and exactly when would we overwrite Bob's database, and with what?
Lamport's hash implements a one-time password protecting against eavesdropping and password file theft.
The server stores for each user
1. the user name,
2. an integer n,
3. the n-fold hash of the password: hashn(password).
If the user wants to log on, the user types in the password. Her machine sends a request to the server, which answers with a prompt for n. The user's machine calculates hashn-1(password) and sends this to the server. The server calculates hash(hashn-1(password)) = hashn(password). If this value matches the one ...
Network crashes are hypothesized.