07 Password Authentication

20 pages

Please download to get full document.

View again

of 20
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
  Password Authentication J. Mitchell CS 259    Password fileUser exrygbzyfkgnosfixggjoklbsz …   …  kiwifruithash function  Basic password authentication  Setup ã User chooses password ã Hash of password stored in password file  Authentication ã User logs into system, supplies password ã System computes hash, compares to file  Attacks ã Online dictionary attack – Guess passwords and try to log in ã Offline dictionary attack – Steal password file, try to find p with hash(p) in file  Dictionary Attack – some numbers  Typical password dictionary ã 1,000,000 entries of common passwords – people's names, common pet names, and ordinary words. ã Suppose you generate and analyze 10 guesses per second – This may be reasonable for a web site; offline is much  faster ã Dictionary attack in at most 100,000 seconds = 28 hours,or 14 hours on average  If passwords were random ã Assume six-character password – Upper- and lowercase letters, digits, 32 punctuationcharacters – 689,869,781,056 password combinations. – Exhaustive search requires 1,093 years on average
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks