More on Passwords Flashcards

1
Q

Describe the 4 presented solutions for cracking passwords, their advantages and drawbacks

A

Solution 1:
List all passwords, for each password calculate hash on the fly, compare to target hash
Pros: simple, no space needed
Cons: high computational effort, same computation for every new hash
Solution 2:
- List all passwords, for each passwords calculate hash, store in db, sort
- for given h(x), look up the hash in db
Pros: lookup simple, small lookup time
Cons: huge db
Solution 3:
- define reduce function f which trims hash, hash function h
- password is hashed with h, reduced with f, hashed with h, … n times
- only store first and last column
-> multiple pw are ‘merged’ to same hash column
Pros: more computation than lookup, less than on-the-fly, more space than on-the-fly, less than lookup, feasible and efficient
Cons: Probability of merging chains is very likely with only one reduction function
Solution 4:
Same as solution 3 but using different reduction functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name 4 alternatives to passwords

A
  • biometric authentication
  • user certificates (hardware and software based)
  • use existing auth infrastructure (nPA)
  • SSO
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Name 2 problems with SSO

A
  • privacy: service knows which other services I’m using

- los access to SSO -> lose all related services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly