LectureNote21-Password

LectureNote21-Password - I DENTIFICATION AND AUTHENTICATION...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
P ASSWORD B ASED A UTHENTICATION I DENTIFICATION AND A UTHENTICATION P ASSWORD B ASED A UTHENTICATION O NE T IME P ASSWORDS K ERBEROS O THER M UTUAL A UTHENTICATION P ROTOCOLS CS 556 - Computer Security - c c 2009 Colorado State University – 17 / 98
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Passwords I DENTIFICATION AND A UTHENTICATION P ASSWORD B ASED A UTHENTICATION O NE T IME P ASSWORDS K ERBEROS O THER M UTUAL A UTHENTICATION P ROTOCOLS CS 556 - Computer Security - c c 2009 Colorado State University – 18 / 98 Commonly used method For each user, system stores in a password file < User name , F ( password ) > , where F is some transformation F(password) is easy to compute From F(password), password is difficult (ideally) to compute When a user enters the password, system computes F(password); A match provides proof of identity
Background image of page 2
Choice of Passwords I DENTIFICATION AND A UTHENTICATION P ASSWORD B ASED A UTHENTICATION O NE T IME P ASSWORDS K ERBEROS O THER M UTUAL A UTHENTICATION P ROTOCOLS CS 556 - Computer Security - c c 2009 Colorado State University – 19 / 98 Suppose passwords can be from 1 to 8 characters in length Possible choices for passwords = 26 1 + 26 2 + ... + 26 8 = 1.5 × 10 12 At the rate of 1 password per millisecond, it will take about 150 years to test all passwords But we don’t need to try all possible passwords – only many probable passwords
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Probable Passwords I DENTIFICATION AND A UTHENTICATION P ASSWORD B ASED A UTHENTICATION O NE T IME P ASSWORDS K ERBEROS O THER M UTUAL A UTHENTICATION P ROTOCOLS CS 556 - Computer Security - c c 2009 Colorado State University – 20 / 98 passwords were examined 15 single ASCII characters, 72 two ASCII characters, 464 three ASCII characters, 477 four alphanumeric character, 706 five letters (all lower or all upper case), 605 six letters all lower case, 492 weak passwords (dictionary words spelled backwords, first names, last names etc.) Summary: 2831 passwords (86%) were weak, that is they were too easily predictable, or were too short
Background image of page 4
Dictionary Attacks on Passwords I DENTIFICATION AND A UTHENTICATION P ASSWORD B ASED A UTHENTICATION O NE T IME P ASSWORDS K ERBEROS O THER M UTUAL A UTHENTICATION P ROTOCOLS CS 556 - Computer Security - c c 2009 Colorado State University – 21 / 98 The statistics haven’t changed much in later studies To improve upon the expected probability of success of an exhaustive search, an attacker may search the space of all possible passwords in order of decreasing probability Note that these attacks work only with strong passwords
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Dictionary Attack on Passwords I DENTIFICATION AND A UTHENTICATION P ASSWORD B ASED A UTHENTICATION O NE T IME P ASSWORDS K ERBEROS O THER M UTUAL A UTHENTICATION P ROTOCOLS CS 556 - Computer Security - c c 2009 Colorado State University – 22 / 98 Attack 1:
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 05/29/2010 for the course CS 556 taught by Professor Staff during the Spring '08 term at Colorado State.

Page1 / 24

LectureNote21-Password - I DENTIFICATION AND AUTHENTICATION...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online