Outline for November 27, 2006

Reading: §12.1–12.2.2

  1. Greetings and felicitations!
    1. Puzzle of the day
    2. Office hours changed today to 4–5 PM
  2. Basis: what you know/have/are, where you are
  3. Passwords
    1. Problem: common passwords
    2. May be pass phrases: goal is to make search space as large as possible, distribution as uniform as possible
    3. Other ways to force good password selection: random, pronounceable, computer-aided selection
  4. Password Storage
    1. In the clear; Multics story
    2. Enciphered; key must be kept available
    3. Hashed; show UNIX versions, including salt
  5. Attacks
    1. Exhaustive search: password is 1 to 8 chars, say 96 possibles; it's about 7×1016
    2. Inspired guessing: think of what people would like (see above)
    3. Random guessing: can't defend against it; bad login messages aid it
    4. Scavenging: passwords often typed where they might be recorded as login name, in other contexts, etc.
    5. Ask the user: very common with some public access services

You can also obtain a PDF version of this. Version of November 28, 2006 at 11:34 AM