IIT Indore © Neminah Hubballi

Slides:



Advertisements
Similar presentations
Lecture 5: Cryptographic Hashes
Advertisements

Password Cracking Lesson 10. Why crack passwords?
Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol 6 Mar Amit Golander.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Operating System Security
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
Chapter 4 System Hacking: Password Cracking, Escalating Privileges, & Hiding Files.
CIS 450 – Network Security Chapter 8 – Password Security.
10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Lesson 1-Logging On to the System. Overview Importance of UNIX/Linux. Logging on to the system.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.
ARP Spoofing Attacks Dr. Neminath Hubballi IIT Indore © Neminath Hubballi.
Cpr E 308 Spring 2004 Security Unix Passwords Security across a network Cryptography – encryption and decryption.
GPU ASSISTED LM HASH CRACKING WILLIAM GROESBECK UNIVERSITY OF NEVADA, RENO – SPRING 2013 (Psst, the 90’s called - they want their hashing algorithm back)
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
1 CHAPTER 5 DIFFING. 2 What is Diffing? Practice of comparing two sets of data, before and after a changed has occurred Practice of comparing two sets.
Protecting Your Password
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
CNIT 124: Advanced Ethical Hacking Ch 9: Password Attacks.
Lecture 5 User Authentication modified from slides of Lawrie Brown.
ICMP Spoofing Attacks Dr. Neminath Hubballi IIT Indore © Neminath Hubballi.
Password cracking Patrick Sparrow, Matt Prestifillipo, Bill Kazmierski.
Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.
Cryptography.
Project: Simulated Encrypted File System (SEFS) Omar Chowdhury Fall 2015CS526: Information Security1.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
4 Securing Secure the hardware –Lock the server room and other ways to get access to the hardware. –Password protect the BIOS-setup Secure the NOS.
Zac Fenigshtien  Introduction: 3 Tier Architecture  SQL Injection ◦ Parameter Sandboxing ◦ Blacklisting, Whitelisting.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
McGraw-Hill/Irwin The I-Series © 2002 The McGraw-Hill Companies, Inc. All rights reserved. Windows XP Security Chapter 9 - Objectives.
Understanding Passwords ● Jonathan Schipp ● Dubois County Linux User Group ● Nov 7 th 2010 ● jonschipp (at) gmail.com.
DEVRY COMP 122 L AB 7 L AB R EPORT AND S OURCE C ODE C HECK THIS A+ TUTORIAL GUIDELINE AT HTTP :// WWW. ASSIGNMENTCLOUD. COM / COMP -122/ COMP LAB.
Module X (Unix/Linux Password Security)
Authentication and Account Management
I have edited and added material.
Password Cracking Lesson 10.
One-way Encryption Ideal Properties
- Stream Cipher and Block Cipher - Confusion & Diffusion
Using Tweak to Study Ccrypt
Operating System Security
CS 465 PasswordS Last Updated: Nov 7, 2017.
One-way Encryption Properties
Adding New Users, Storage, File System
Security.
ATTACKS ON WINZIP ENCRYPTION
Web Systems Development (CSC-215)
PHP: Security issues FdSc Module 109 Server side scripting and
SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET
PART VII Security.
Fun with Cryptography The Science of Secrecy.
Homework #1 Chap. 1, 3, 4 J. H. Wang Oct. 2, 2018.
Year 10 & 11 Programming Similar, But Different!
Exercise: Hashing, Password security, And File Integrity
CS5220 Advanced Topics in Web Programming Secure REST API
Computer Security Authentication
Computer Security Protection in general purpose Operating Systems
STEP 2: 1. SELECT ‘TEXT’ FROM THE DROP DOWN
Presentation transcript:

IIT Indore © Neminah Hubballi Password Management Dr. Neminath Hubballi IIT Indore © Neminah Hubballi

Why Password is Required ? User authentication Access control IIT Indore © Neminah Hubballi

Password Management Strategies Store the password in a file and encrypt the file containing passwords Encrypt the passwords and store it in a file containing encrypted passwords Hash the passwords IIT Indore © Neminah Hubballi

Password Management in Unix/Linux Maintains hashed passwords Procedure User enters the password and original Unix implementations truncated it to 8 bytes, converted into 56 bits ignoring msb use it as key Use 12 bit salt value Used crypt() algorithm to decrypt all zeros of IIT Indore © Neminah Hubballi

Where is Hashed Password Stored ? Username Password UID GID User info Home Shell Username Encrypted Password Elapsed time Validity Due date Warning date Expiry date Disabled time Reserved IIT Indore © Neminah Hubballi

Where is Hashed Password Stored ? Password has 3 components First part – hashing algorithm Second part – plain text salt value Third part – actual hash value generated IIT Indore © Neminah Hubballi

IIT Indore © Neminah Hubballi LAN Manager in Windows Pad the password with zeros to make it 14 characters long Convert any lower case letters in password to uppercase letter Divide the password into 7 characters 56 bits of each part is used as key to encrypt magic string KGS!@#$% Concatenate the two hash values to get final hash IIT Indore © Neminah Hubballi

IIT Indore © Neminah Hubballi NT LAN Manager IIT Indore © Neminah Hubballi

IIT Indore © Neminah Hubballi Breaking Passwords Dictionary attack Bruteforce method Rainbow table Pass-the-hash attack IIT Indore © Neminah Hubballi

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.