Outline for October 27, 2025

Reading: text, §13.1–13.4
Assignments: Homework 3, due November 5; Project selection, due November 7

  1. Greetings and Felicitations!

  2. Authentication
    1. Validating client (user) identity
    2. Validating server (system) identity
    3. Validating both (mutual authentication)
    4. Basis: what you know/have/are, where you are

  3. Passwords
    1. Problem: common passwords, easy to guess passwords
    2. Best: use passphrases: goal is to make search space as large as possible, distribution as uniform as possible

  4. Attacks
    1. Exhaustive search
    2. Guessing
    3. Scavenging: passwords often typed where they might be recorded as login name, in other contexts, etc.
    4. Ask the user: very common with some public access services

  5. Defenses
    1. For thwarting dictionary attacks: salting
UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 235A, Computer and Information Security
Version of October 26, 2025 at 1:07AM

 You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh