Because of the known risks of the UNIX password system, the SunOS-4.0 documentation recommends that the password file be removed and replaced with a publicly readable file called /etc/publickey. An entry in the file for user A consists of a user’s identifier IDA, the user’s public key, PUa, and the corresponding private key PRa. This private key is encrypted using DES with a key derived from the user’s login password Pa. When A logs in, the system decrypts E(Pa, PRa) to obtain PRa.
a. The system then verifies that Pa was correctly supplied. How?
b. How can an opponent attack this system?