February-11-authentication

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: If password file compromised, all passwords revealed •  Encipher file –  Need to have decipherment, encipherment keys in memory –  Reduces to previous problem •  Store one- way hash of password –  If file read, aCacker must s'll guess passwords or invert the hash 18 Unix Password Hash Example •  Original UNIX system standard hash func'on –  Hashes password into 13 char string –  As authen'ca'on system: –  Authen'ca'on informa'on is strings of 8 characters or fewer –  System stores hash with user’s iden'ty in password file –  Hash is complementa'on informa'on –  Verifica'on func'on is hash on password and comparison with stored hash 19 Dic'onary ACacks •  Trial- and- error from a list of poten'al passwords –  Off- line (type 1): know func'ons and registered informa'on, and repeatedly try different guesses g ∈ A un'l the list is done or passwords guessed •  Examples: crack, john- the- ripper –  On- line (type 2): have access to verifica'on func'ons. Try guesses un'l one succeeds. –  Examples: trying to log in by guessing a password –  True story : early authen'ca'on system, checked password character- by- character, flagged error immediately with 1st character not in password 20 Preven'ng ACacks •  How to prevent this: –  Hide informa'on so that either authen'ca'on input, authen'ca'on func'ons, or stored verifica'on informa'on cannot be found. Prevents obvious aCack from above •  Example: UNIX/Linux shadow password files –  Hides hashed passwords where only root has access –  Block access to all verifica'on methods •...
View Full Document

This note was uploaded on 02/03/2014 for the course ECE 422 taught by Professor Nicol during the Fall '08 term at University of Illinois, Urbana Champaign.

Ask a homework question - tutors are online