Lecture6

Lecture6 - Lecture 6 Authentication CNT 5412 Network...

Info iconThis preview shows pages 1–7. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Lecture 6 Authentication CNT 5412 Network Security
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Authentication: who and how User (human) can be authenticated – logging into a workstation – using resources of a system – issues: humans find it difficult to remember arbitrary strings Computer can be authenticated – computer providing one function wants to authenticate another computer providing a different function – issues: computers need to store any authentication information someplace How is authentication done – password based – address based – cryptographic algorithms based – combinations of the above
Background image of page 2
3 Address-based authentication • a machine keeps a list of network addresses of equivalent machines – unix keeps this information in /etc/hosts.equiv • a machine keeps a list of remote users allowed to access an account on the local machine – unix has a file .rhosts (in the home directory) that a user can set. Suppose .rhosts in your home directory had a line: gryphon.csi.cam.ac.uk bob Then bob from gryphon could rlogin without a password • These are becoming legacy approaches as they are not very secure
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Password authentication • User authenticates by entering a password -- this is checked against the server’s database – Pros: • Supported by almost every system • Users familiar with the process – Cons: • Good password management is crucial • Storing passwords securely can be a problem
Background image of page 4
5 • ASCII is a 7 bit character set (0-127) – fits into a byte, remaining bit could be set to 0 or used as a parity bit – 95 printable characters, 33 non-printing • Some printable encodings – quoted-printable encoding (QP encoding) • printable characters as is • non printable characters represented as =hex 1 hex 2 – base64 encoding (used in Privacy Enhanced Mail) • use character set of 2 6 = 64 (A-Z, a-z, 0-9, +, /) • = is used as a special suffice for termination condition • 3 bytes are converted into 4 sets of 6 bit characters • the 6 bit value of each set indexes into the character set • note that 3 bytes encoded as 4 bytes • result (due to termination rules) is output that is a multiple of 4 bytes Read about utf-8 and unicode
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Unix Password System The hash algorithm varies. In early systems, the bit-string for the password is treated as a key for (a variant of) DES. The salt is used to indicate which DES variant to use (a salt all of its bits 0 results in DES being selected). In modern systems, the hash is either based on the hash function MD5, or on the Blowfish block cipher. User-entered passwords are
Background image of page 6
Image of page 7
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/20/2012 for the course CNT 5412 taught by Professor Sudhir during the Spring '12 term at FSU.

Page1 / 29

Lecture6 - Lecture 6 Authentication CNT 5412 Network...

This preview shows document pages 1 - 7. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online