Notes for January 24, 1997

  1. Hello
    1. Project comments will be out by Friday
    2. Want to post a 1-line description of projects being done; please use handin to hand it in (or I will summarize what you sent, and may get it wrong!)
  2. Puzzle of the day
    1. Key point: real problem, no really good answer; a good project would be to analyze the options thoroughly, esp. with regard to ethics and practicality.
  3. Password Storage
    1. Hashed; present idea of one-way functions using identity and sum
    2. Show UNIX version
  4. Attack Schemes Directed to the Passwords
    1. Exhaustive search: UNIX is 1-8 chars, say 96 possibles; it's about 7e16
    2. Inspired guessing: think of what people would like (see above)
    3. Random guessing: can't defend against it; bad login messages aid it
    4. Scavenging: passwords often typed where they might be recorded (as login name, in other contexts, etc.)
    5. Ask the user: very common with some public access services
    6. Expected time to guess; Anderson's formula here
  5. Password aging
    1. Pick age so when password is guessed, it's no longer valid
    2. Implementation: track previous passwords vs. upper, lower time bounds
  6. Ultimate in aging: One-Time Pads
    1. Password is valid for only one use
    2. May work from list, or new password may be generated from old by a function

You can also see this document as a Binhex Framemaker version 5 document, Postscript document, or a plain ASCII text document.
Send email to

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562

Page last modified on 1/28/97