Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cpr E 308 Spring 2004 Security Unix Passwords Security across a network Cryptography – encryption and decryption.

Published byWilfrid Snow Modified over 8 years ago

Similar presentations

Presentation on theme: "Cpr E 308 Spring 2004 Security Unix Passwords Security across a network Cryptography – encryption and decryption."— Presentation transcript:

1 Cpr E 308 Spring 2004 Security Unix Passwords Security across a network Cryptography – encryption and decryption

2 Cpr E 308 Spring 2004 Passwords in UNIX Login: snt Password: cpre308 How does the system check if the password is correct? One solution: –Password file has (username, password) pairs –Store [snt, cpre308] in /etc/passwd –Password file readable only by privileged user Privileged users can get your password –Why is this a problem?

3 Cpr E 308 Spring 2004 Solution: One-Way Functions f(x) is easy to compute f -1 (x) is extremely difficult, if not impossible, to compute Password file can now be world-readable –Unix password file contains image of each password »/etc/passwd contains snt:y »snt logs in, supplies x »if f(x) == y, then ok Copyright © 2002 Thomas W. Doeppner. All rights reserved.

4 Cpr E 308 Spring 2004 Dictionary Attack (Morris and Thompson) For all words in dictionary, compute f(word) Find word such that f(word) == y Many users use simple passwords Copyright © 2002 Thomas W. Doeppner. All rights reserved.

5 Cpr E 308 Spring 2004 Counterattack Salting –for each password, create random “salt” value –Password file contains (f(append(word, salt)), salt) –12-bit salt values in Unix –attacker must do dictionary attack 4096 times, for each salt value »Not secure enough.. »Feldmeier and Karn produced list of 732,000 most common passwords concatenated with each of 4096 salt values covers ~30% of all passwords Copyright © 2002 Thomas W. Doeppner. All rights reserved. For additional security: systems make password file unreadable

6 Cpr E 308 Spring 2004 Networks Copyright © 2002 Thomas W. Doeppner. All rights reserved.

7 Cpr E 308 Spring 2004 “Trust Me” ACDE Copyright © 2002 Thomas W. Doeppner. All rights reserved. B

8 Cpr E 308 Spring 2004 “Trust Everyone”: The Internet Email usually unauthenticated and unencrypted Passwords are (sometimes) passed unencrypted – telnet Copyright © 2002 Thomas W. Doeppner. All rights reserved.

Download ppt "Cpr E 308 Spring 2004 Security Unix Passwords Security across a network Cryptography – encryption and decryption."

Similar presentations

User Registration. Click on ‘Sign Up’ button. Enter Registration details and click on submit button.

User Registration. Click on ‘Sign Up’ button. Enter Registration details and click on submit button.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
CSUF Chapter 3.2 1. CSUF Operating Systems Security 2.

CSUF Chapter CSUF Operating Systems Security 2.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
CSE331: Introduction to Networks and Security Lecture 23 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 23 Fall 2002.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Chapter 1 Computer Networks and the Internet. Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 1-2.

Chapter 1 Computer Networks and the Internet. Copyright © 2005 Pearson Addison-Wesley. All rights reserved. 1-2.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.

1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.

Similar presentations

Ads by Google