Outline
It’s broken down into topic-specific info and a sample quiz, so it's best to just focus on one only!
3.2 Password Based Authentication
- User Authentication in Multiuser Systems: Users must provide a name (ID) and password for authentication. The ID authorizes access and privileges.
- Countermeasures: Include password policies, account lockouts, hashing, intrusion detection, and using salts with passwords.
- Password Vulnerabilities:
- Offline Dictionary Attacks: Hackers access password files and compare password hashes to common passwords.

- Specific Account Attacks: Guessing passwords for a specific account, mitigated by account lockout.
- Popular Password Attacks: Using common passwords across many accounts.
- Password Guessing: Exploiting personal/user information.
- Workstation Hijacking: Accessing unattended logged-in systems.
- User Mistakes: Writing down or sharing passwords, preconfigured passwords.
- Multiple Password Use: Using the same password across multiple systems.
- Electronic Monitoring: Eavesdropping on passwords during transmission.
- Hashed Passwords and Salt:
- Used in UNIX and other systems to enhance security. Salt increases complexity by ensuring that even identical passwords have different hashes.
- Prevents dictionary attacks and identical passwords across systems.
- Modern Implementations: Use slow hashing algorithms (e.g., MD5, Bcrypt) to deter cracking, increasing password security through cost variables and random salts.
- Password Security in UNIX: Early DES-based password schemes are vulnerable, but newer ones (MD5, Bcrypt) offer stronger protection.
UNIX password schemes, like crypt(3) using DES, are outdated and vulnerable to modern attacks. MD5 crypt improves security but remains at risk. Bcrypt, used in OpenBSD, is the most secure, with long password support, a 128-bit salt, and adjustable hashing time.
Password cracking uses dictionary, brute-force, and precomputed hash attacks (rainbow tables). Modern methods, aided by GPUs and algorithms like Markov models, make cracking faster. Weak user-chosen passwords are the biggest vulnerability. Strong, random passwords with large salts and secure hashing methods like Bcrypt are recommended to improve security.
Password File Access Control
To protect password files: