This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Authentication and Security Central to the idea of protection systems is the idea of an authentication system. An authentication system proves the identities of elements with which a computer system interacts. This can include users and other systems. In distributed systems, authentication should be 2-way: The user should authenticate to the machine, and the machine to the user. Generally authentication is accomplished by means of the exchange of a shared secret. The most common shared secret is a password. Passwords A password is a string of characters that the user and computer system agree will establish the user’s identity to the system. The analogy is to physical passwords, where people who wanted access to a military facility had to recite such an unusual phrase to establish their identity to those inside the fort. Computer passwords are often the weakest part of a computer security system, especially if the pass- words can be guessed off-line - that is without alerting the system under attack that it is under attack. Pass- words can be stolen (physically or electronically) or guessed. There are several good rules for choosing a computer password: • C hoose a long one. Most systems allow eight or ten letters - use ’em all. There are only 140,608 3-letter (cap and lower case) passwords; there are more than 50 trillion 8-letter combi- nations. Guessing 1 in 50 trillion is a literally half a billion times harder than 1 in 140,000. • D on’t use a common phrase or name. A seminal work in computer security ran a cracking pro- gram on a couple hundred donated password files that tested common English words and the top 100 (or so) female names and had an ungodly (better than 50%) hit rate. Hopefully educa- tion has gotten better. Note that “common phrase” means anything available in the system dic- tionary, at least. In my opinion you’re better off not using any English, and non-English words fare little better. No science fiction or fantasy words, either. • I nclude some non-letters, e.g., *&$ˆ@. See above. • D on’t write it down. You’ve changed a difficult puzzle into a physical search....
View Full Document
- Spring '05