Notes for January 24, 1997

1. Hello
   1. Project comments will be out by Friday
   2. Want to post a 1-line description of projects being done; please use handin to hand it in (or I will summarize what you sent, and may get it wrong!)
2. Puzzle of the day
   1. Key point: real problem, no really good answer; a good project would be to analyze the options thoroughly, esp. with regard to ethics and practicality.
3. Password Storage
   1. Hashed; present idea of one-way functions using identity and sum
   2. Show UNIX version
4. Attack Schemes Directed to the Passwords
   1. Exhaustive search: UNIX is 1-8 chars, say 96 possibles; it's about 7e16
   2. Inspired guessing: think of what people would like (see above)
   3. Random guessing: can't defend against it; bad login messages aid it
   4. Scavenging: passwords often typed where they might be recorded (as login name, in other contexts, etc.)
   5. Ask the user: very common with some public access services
   6. Expected time to guess; Anderson's formula here
5. Password aging
   1. Pick age so when password is guessed, it's no longer valid
   2. Implementation: track previous passwords vs. upper, lower time bounds
6. Ultimate in aging: One-Time Pads
   1. Password is valid for only one use
   2. May work from list, or new password may be generated from old by a function