Lectures up to 9/2 Flashcards

1
Q

What are ways of identifying people?

A

Passwords
Things you have (driving licence, passport)
Token devices or apps (phone based, dongles)
Official docs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are hashes for?

A

Determining if a file has changed
Digests
Indexing
Parts of other systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How are passwords stored?

A
  • First, a salt is added to them
  • The entire thing is hashed
  • The salted hashed password and the salt itself are stored, along with the username
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What do developers need to think about?

A
  • Risks of a local password leak
  • Risks of easily broken passwords (people are dumb)
  • Risks to system of password re-use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the process of cracking passwords?

A
  • Guess hash function (HD5, SHA1)
  • Guess password, apply hash
  • See if these match

^ only works for badly stored passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is password entropy?

A

How many times it would take to guess a password, if it took an exhaustive search

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the formula for password entropy?

A

E = log(2)(R^L)

Where R = pool of unique chars, L = number of chars

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the ‘easy way’ of storing passwords?

A

Login with google, facebook, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can the admin of a system allow for harder to crack passwords?

A

Force the passwords to be of a certain length

Force the passwords to contain certain sets of characters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Kerckhoff’s principle?

A

A cryptosystem should be secure even if everything, except the key, is public

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the principle of security by obscurity?

A

If people don’t know something is there, they won’t find it (FLAWED)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a code?

A

A way of mapping one character to another, usually to make transmission easier. Examples like ASCII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a cipher?

A

A mechanical or algorithmic means of manipulating symbols, sored via algorithms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly