1 / 15

PIS Unit 5- Password management

PIS Unit 5- Password management. Sanjay Rawat Sanjay_r@vnrvjiet.in. Based on: Lecture slides by Lawrie Brown. Password Management. front-line defense against intruders users supply both: login – determines privileges of that user password – to identify them

imala
Download Presentation

PIS Unit 5- Password management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PISUnit 5- Password management Sanjay Rawat Sanjay_r@vnrvjiet.in Based on: Lecture slides by Lawrie Brown

  2. Password Management • front-line defense against intruders • users supply both: • login – determines privileges of that user • password – to identify them • passwords often stored encrypted • Unix uses multiple DES (variant with salt) • more recent systems use crypto hash function • should protect password file on system

  3. Unix password system • Each user selects a password of up to eight printable characters (56-bits DES key). • Uses a variant of DES called crypt(3) with 12-bit salt (time of generation). • Crypt encryption with 64-bits of zeros asd 25 rounds! • 64-bits output is expanded to 11 chars and hashed of it is stores.

  4. generating password

  5. Checking password

  6. Password Selection Strategies • User education • Computer-generated passwords • Reactive password checking • Proactive password checking

  7. Managing Passwords - Education • can use policies and good user education • educate on importance of good passwords • give guidelines for good passwords • minimum length (>6) • require a mix of upper & lower case letters, numbers, punctuation • not dictionary words • but likely to be ignored by many users

  8. Computer Generated • let computer create passwords • if random likely not memorisable, so will be written down (sticky label syndrome) • even pronounceable not remembered • have history of poor user acceptance • FIPS PUB 181 one of best generators • has both description & sample code • generates words from concatenating random pronounceable syllables

  9. Reactive Checking • reactively run password guessing tools • note that good dictionaries exist for almost any language/interest group • cracked passwords are disabled • but is resource intensive • bad passwords are vulnerable till found

  10. Proactive Checking • most promising approach to improving password security • allow users to select own password • but have system verify it is acceptable • simple rule enforcement • compare against dictionary of bad passwords • use algorithmic (markov model or bloom filter) to detect poor choices

  11. Markov model based password • M = {3, <a,b,c>, T, 1} • T= abbcabac  abbcbaabb 

  12. Bloom filter (BF) based password • BF of order k consists of k hash functions His.t. each produces a hash between 0 and N-1 • Hi(Xj) = y s.t. 0<i ≤k; 0<j ≤D; 0 ≤ y ≤N-1 • Xj= jth word in password dictionary • D = number of words in password dictionary • The procedure is to create a table for each password and check it against new password.

  13. Bloom…. • A hash table of N-bits is defined, with all bits initially set to 0. • For each password, its k hash values are calculated, and the corresponding bits in the hash table are set to 1. • When a new password is presented to the checker, its k hash values are calculated. • If all the corresponding bits of the hash table are equal to 1, then the password is rejected

  14. Bloom… • There could be false positives i.e. a new password can be reject if it has similar hash values. • Prob of false positive • ;

  15. Some math • From N objects, select ordered r-set • Nr (repetitions) • no repetitions • Binomial coefficient • Bayes’ Theorem

More Related