Outline for November 27, 2006

Reading: §12.1–12.2.2

1. Greetings and felicitations!
   1. Puzzle of the day
   2. Office hours changed today to 4–5 PM
2. Basis: what you know/have/are, where you are
3. Passwords
   1. Problem: common passwords
   2. May be pass phrases: goal is to make search space as large as possible, distribution as uniform as possible
   3. Other ways to force good password selection: random, pronounceable, computer-aided selection
4. Password Storage
   1. In the clear; Multics story
   2. Enciphered; key must be kept available
   3. Hashed; show UNIX versions, including salt
5. Attacks
   1. Exhaustive search: password is 1 to 8 chars, say 96 possibles; it's about 7×10¹⁶
   2. Inspired guessing: think of what people would like (see above)
   3. Random guessing: can't defend against it; bad login messages aid it
   4. Scavenging: passwords often typed where they might be recorded as login name, in other contexts, etc.
   5. Ask the user: very common with some public access services