abhi shelat

L2: Password model

Materials

Use the raw slides (pdf) before lecture to take notes, and refer to the annotated slides for notes.

Password authentication

  • Passwords are one of the most basic security problems we face.
  • Two parties, human, machine, human-to-human, etc., need to authenticate one another.
  • How to model, Alice, Bob, first establish a pwd, and then later, Alice wants to prove her identity to Bob.
  • Several basic methods fall into 3 or rather 1 major category.
  • Lets first try to understand how computers authenticate.
    • make file readable only from root
    • users picked bad passwords
  • Repeated lesson: users pick bad passwords, many of us have the same great ideas
  • But it is a general problem for society
  • flaws in implementation exacerbate the problem
    • storing the plaintext passwords can be devastatingly bad
    • leaked pwds give attackers a dictionary to attack other systems
  • Best practice to store passwords
  • is using a hash/owf good enough?
  • what is hashing ? what is slow hashing?
  • how can you detect breaches?