5 over a 365 day period what is minimum password

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview:   Prevents aCacker from knowing if guess succeeded •  Example: preven'ng any logins to an account from a network –  Prevents knowing results of verifica'on func'on or accessing verifica'on func'on. 21 Sal'ng •  Have a set of n hash func'ons –  Randomly select one func'on when registering new authen'ca'on info –  Store ID of func'on with registered info •  ACacker must try all n func'ons to see if his guess matches any password •  When does this help? When does it not? 22 Examples •  Vanilla UNIX method –  Use DES to encipher 0 message with password as key; iterate 25 'mes –  Perturb E table in DES in one of 4096 ways •  12 bit salt flips entries 0–11 with entries 24–35 •  E Table is per round expansion table •  Alternate methods –  Use salt as first part of input to hash func'on Take- home message - - - use n extra bits independent of password to increase work needed by brute- force aCach by 2^n 23 Rainbow Tables •  Technique used to aid in the cracking of hashed passwords –  Looks for a balance between storage and computa'on •  Rather than keeping dic'onary list, could pre- compute the hashes of the dic'onary values –  For large dic'onaries, s'll a lot of space –  Par'cularly if using a smart lookup table •  Trade off space for 'me with hash chain –  p1- >H(p1)- >R(H(p1))- >H(R(H(p1))) –  aaaaaa –h- > 281DAF40 –r- > sgfnyd –h- > 920ECF10 –  Reduc'on func'on, r, picks another plaintext from the hash. It is not the inverse hash –  Only store start and end of hash –  Given hash to break, look for it in the end of the chains. –  Apply reduc'on and hash if not found –  Con'nue un'l found Rainbow tables •  Very effec've against Lan Manager Hashes –  Calculated by XP and up to Windows 2008 by default for “backwards compa'bility” –  Can download...
View Full Document

This note was uploaded on 02/03/2014 for the course ECE 422 taught by Professor Nicol during the Fall '08 term at University of Illinois, Urbana Champaign.

Ask a homework question - tutors are online