L2: Password model
Materials
Use the raw slides (pdf) before lecture to take notes, and refer to the annotated slides for notes.
Password authentication
- Passwords are one of the most basic security problems we face.
- Two parties, human, machine, human-to-human, etc., need to authenticate one another.
- How to model, Alice, Bob, first establish a pwd, and then later, Alice wants to prove her identity to Bob.
- Several basic methods fall into 3 or rather 1 major category.
- Lets first try to understand how computers authenticate.
- make file readable only from root
- users picked bad passwords
- Repeated lesson: users pick bad passwords, many of us have the same great ideas
- But it is a general problem for society
- flaws in implementation exacerbate the problem
- storing the plaintext passwords can be devastatingly bad
- leaked pwds give attackers a dictionary to attack other systems
- Best practice to store passwords
- is using a hash/owf good enough?
- what is hashing ? what is slow hashing?
- how can you detect breaches?