Lectures up to 9/2

Question 1

What are ways of identifying people?

Answer 1

Passwords
Things you have (driving licence, passport)
Token devices or apps (phone based, dongles)
Official docs

Question 2

What are hashes for?

Answer 2

Determining if a file has changed
Digests
Indexing
Parts of other systems

Question 3

How are passwords stored?

Answer 3

• First, a salt is added to them
• The entire thing is hashed
• The salted hashed password and the salt itself are stored, along with the username

Question 4

What do developers need to think about?

Answer 4

• Risks of a local password leak
• Risks of easily broken passwords (people are dumb)
• Risks to system of password re-use

Question 5

What is the process of cracking passwords?

Answer 5

• Guess hash function (HD5, SHA1)
• Guess password, apply hash
• See if these match

^ only works for badly stored passwords

Question 6

What is password entropy?

Answer 6

How many times it would take to guess a password, if it took an exhaustive search

Question 7

What is the formula for password entropy?

Answer 7

E = log(2)(R^L)

Where R = pool of unique chars, L = number of chars

Question 8

What is the ‘easy way’ of storing passwords?

Answer 8

Login with google, facebook, etc.

Question 9

How can the admin of a system allow for harder to crack passwords?

Answer 9

Force the passwords to be of a certain length

Force the passwords to contain certain sets of characters

Question 10

What is Kerckhoff’s principle?

Answer 10

A cryptosystem should be secure even if everything, except the key, is public

Question 11

What is the principle of security by obscurity?

Answer 11

If people don’t know something is there, they won’t find it (FLAWED)

Question 12

What is a code?

Answer 12

A way of mapping one character to another, usually to make transmission easier. Examples like ASCII

Question 13

What is a cipher?

Answer 13

A mechanical or algorithmic means of manipulating symbols, sored via algorithms