Authentication and passwords and stuff (week 4)

Question 1

what are the problems with hashing passwords?

Answer 1

1. password space is small; skewed distribution towards common pwds chosen by many users
2. hashing is fast. the helps the adversary. a laptop can do about 2M SHA256 operations per second
3. with reasonable password, adversary can figure out the password of one accound/password per second

Question 2

what is the technique for slowing down hashing?

Answer 2

slow key-derivation functions

PBKDF2 and BCrypt

slow to compute (good for us!)

have an adjustable cost: make it arbitrarily slow (1 has can cost 1 second – 1000X slower that SHA256

internally these functions rely on performing repeated hashes

Question 3

how do attacker’s get around the slow hasing?

Answer 3

rainbow tables

table of passwords-to-hash mappings

expensive to compute, but helps efficiently invert hashes afterwards

only needs to be built once for dictionary of common passwords

afterwards, can quickly crack common passwords in any database

Question 4

what is salting a password? how does it slow down an attacker?

Answer 4

salting: input additional randomness into password hash

the server generates the salt when users register

this prevents the attacker from computing the hash, but attacker can still brute force passwords if they get access to the DB

Question 5

two things we need to do to send a password over a network:

Answer 5

1. send it through an encrypted connection (https)

2. use challenge response protocol

Question 6

what is the challenge response protocol?

Answer 6

goals:
we want to stop intercepters from learning the password or a hash of the password
we want to prevent the service from learning a password we have for another service that we enter by mistake

how it works:
service knows password
service sends us a random challenge
we send back the random challenge and password
H(R || password)

Question 7

What is entry?

Answer 7

A measure of how much effort it takes to brute force the password
Defined as a function set of possible characters (S) and length (L)
H = log_2(|S|^L)

only true if passwords are sampled uniformly form the set of characters

this is NOT the case. users often have bias towards certain passwords

so the formula is really just an upperbound

Question 8

do format requirements always translate into higher entropy?

Answer 8

no.

defeat only simplest dictionary attacks
side effect: complicates password generation

Question 9

how do biometrics compare to passwords in terms of usability?

Answer 9

not that much better in terms of entropy, but here’s some usability info: