Lectures up to 9/2 Flashcards
What are ways of identifying people?
Passwords
Things you have (driving licence, passport)
Token devices or apps (phone based, dongles)
Official docs
What are hashes for?
Determining if a file has changed
Digests
Indexing
Parts of other systems
How are passwords stored?
- First, a salt is added to them
- The entire thing is hashed
- The salted hashed password and the salt itself are stored, along with the username
What do developers need to think about?
- Risks of a local password leak
- Risks of easily broken passwords (people are dumb)
- Risks to system of password re-use
What is the process of cracking passwords?
- Guess hash function (HD5, SHA1)
- Guess password, apply hash
- See if these match
^ only works for badly stored passwords
What is password entropy?
How many times it would take to guess a password, if it took an exhaustive search
What is the formula for password entropy?
E = log(2)(R^L)
Where R = pool of unique chars, L = number of chars
What is the ‘easy way’ of storing passwords?
Login with google, facebook, etc.
How can the admin of a system allow for harder to crack passwords?
Force the passwords to be of a certain length
Force the passwords to contain certain sets of characters
What is Kerckhoff’s principle?
A cryptosystem should be secure even if everything, except the key, is public
What is the principle of security by obscurity?
If people don’t know something is there, they won’t find it (FLAWED)
What is a code?
A way of mapping one character to another, usually to make transmission easier. Examples like ASCII
What is a cipher?
A mechanical or algorithmic means of manipulating symbols, sored via algorithms