More on Passwords Flashcards
Describe the 4 presented solutions for cracking passwords, their advantages and drawbacks
Solution 1:
List all passwords, for each password calculate hash on the fly, compare to target hash
Pros: simple, no space needed
Cons: high computational effort, same computation for every new hash
Solution 2:
- List all passwords, for each passwords calculate hash, store in db, sort
- for given h(x), look up the hash in db
Pros: lookup simple, small lookup time
Cons: huge db
Solution 3:
- define reduce function f which trims hash, hash function h
- password is hashed with h, reduced with f, hashed with h, … n times
- only store first and last column
-> multiple pw are ‘merged’ to same hash column
Pros: more computation than lookup, less than on-the-fly, more space than on-the-fly, less than lookup, feasible and efficient
Cons: Probability of merging chains is very likely with only one reduction function
Solution 4:
Same as solution 3 but using different reduction functions
Name 4 alternatives to passwords
- biometric authentication
- user certificates (hardware and software based)
- use existing auth infrastructure (nPA)
- SSO
Name 2 problems with SSO
- privacy: service knows which other services I’m using
- los access to SSO -> lose all related services