Materials

Use the raw slides (pdf) before lecture to take notes.

Password authentication

• Passwords are one of the most basic security problems we face.
• Two parties, human, machine, human-to-human, etc., need to authenticate one another.
• How to model, Alice, Bob, first establish a pwd, and then later, Alice wants to prove her identity to Bob.
• Several basic methods fall into 3 or rather 1 major category.
• Lets first try to understand how computers authenticate.
  • make file readable only from root
  • users picked bad passwords
• Repeated lesson: users pick bad passwords, many of us have the same great ideas
• But it is a general problem for society
• flaws in implementation exacerbate the problem
  • storing the plaintext passwords can be devastatingly bad
  • leaked pwds give attackers a dictionary to attack other systems
• Best practice to store passwords
• is using a hash/owf good enough?
• what is hashing ? what is slow hashing?
• how can you detect breaches?