Notes for January 22, 1997

  1. Hello
    1. Project comments will be out by Friday
    2. Want to post a 1-line description of projects being done; please use handin to hand it in (or I will summarize what you sent, and may get it wrong!)
  2. Puzzle of the day
    1. Key point: real problem, no really good answer; a good project would be to analyze the options thoroughly, esp. with regard to ethics and practicality.
  3. Authentication
    1. validating client (user) identity
    2. validating server (system) identity
    3. both ("mutual authentication")
  4. Basis
    1. What you know
    2. What you have
    3. What you are
    4. (proposed) Where you are
  5. Passwords
      How UNIX does selection
    1. Problem: common passwords
    2. May be pass phrases, etc.; goal is to make search space as large as possible and password distribution as uniform as possible
    3. Go through Morris and Thompson study; augment with Klein, mine, etc.
    4. Other ways to force good password selection: random, pronounceable, computer-aided selection
    5. Go through problems, approaches to each, esp. proactive
  6. Password Storage
    1. In the clear (MULTICS story)
    2. Enciphered (key must be on line somewhere; get it and it's all over)
    3. Hashed; present idea of one-way functions using identity and sum
    4. Show UNIX version
  7. Attack Schemes Directed to the Passwords
    1. Exhaustive search: UNIX is 1-8 chars, say 96 possibles; it's about 7e16
    2. Inspired guessing: think of what people would like (see above)

You can also see this document as a Binhex Framemaker version 5 document, Postscript document, or a plain ASCII text document.
Send email to

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 1/22/97