Notes for January 24, 1997
-
Hello
-
Project comments will be out by Friday
-
Want to post a 1-line description of projects being done; please use
handin to hand it in (or I will summarize what you sent, and may get it
wrong!)
-
Puzzle of the day
-
Key point: real problem, no really good answer; a good project would be
to analyze the options thoroughly, esp. with regard to ethics and
practicality.
-
Password Storage
-
Hashed; present idea of one-way functions using identity and sum
-
Show UNIX version
-
Attack Schemes Directed to the Passwords
-
Exhaustive search: UNIX is 1-8 chars, say 96 possibles; it's about 7e16
-
Inspired guessing: think of what people would like (see above)
-
Random guessing: can't defend against it; bad login messages aid it
-
Scavenging: passwords often typed where they might be recorded (as
login name, in other contexts, etc.)
-
Ask the user: very common with some public access services
-
Expected time to guess; Anderson's formula here
-
Password aging
-
Pick age so when password is guessed, it's no longer valid
-
Implementation: track previous passwords vs. upper, lower time bounds
-
Ultimate in aging: One-Time Pads
-
Password is valid for only one use
-
May work from list, or new password may be generated from old by a function
You can also see this document as a
Binhex Framemaker version 5 document,
Postscript document,
or a
plain ASCII text document.
Send email to
[email protected].
Department of Computer Science
University of California at Davis
Davis, CA 95616-8562
Page last modified on 1/28/97