Outline

It’s broken down into topic-specific info and a sample quiz, so it's best to just focus on one only!


3.2 Password Based Authentication

  1. User Authentication in Multiuser Systems: Users must provide a name (ID) and password for authentication. The ID authorizes access and privileges.
  2. Countermeasures: Include password policies, account lockouts, hashing, intrusion detection, and using salts with passwords.
  3. Password Vulnerabilities:

WhatsApp Image 2024-10-21 at 16.36.26_3c14a4a9.jpg

  1. Hashed Passwords and Salt:
  2. Password Security in UNIX: Early DES-based password schemes are vulnerable, but newer ones (MD5, Bcrypt) offer stronger protection.

UNIX password schemes, like crypt(3) using DES, are outdated and vulnerable to modern attacks. MD5 crypt improves security but remains at risk. Bcrypt, used in OpenBSD, is the most secure, with long password support, a 128-bit salt, and adjustable hashing time.

Password cracking uses dictionary, brute-force, and precomputed hash attacks (rainbow tables). Modern methods, aided by GPUs and algorithms like Markov models, make cracking faster. Weak user-chosen passwords are the biggest vulnerability. Strong, random passwords with large salts and secure hashing methods like Bcrypt are recommended to improve security.

Password File Access Control

To protect password files: