Presentation is loading. Please wait.

Presentation is loading. Please wait.

IIT Indore © Neminah Hubballi

Published byJulius Brooks Modified over 6 years ago

Similar presentations

Presentation on theme: "IIT Indore © Neminah Hubballi"— Presentation transcript:

1 IIT Indore © Neminah Hubballi
Password Management Dr. Neminath Hubballi IIT Indore © Neminah Hubballi

2 Why Password is Required ?
User authentication Access control IIT Indore © Neminah Hubballi

3 Password Management Strategies
Store the password in a file and encrypt the file containing passwords Encrypt the passwords and store it in a file containing encrypted passwords Hash the passwords IIT Indore © Neminah Hubballi

4 Password Management in Unix/Linux
Maintains hashed passwords Procedure User enters the password and original Unix implementations truncated it to 8 bytes, converted into 56 bits ignoring msb use it as key Use 12 bit salt value Used crypt() algorithm to decrypt all zeros of IIT Indore © Neminah Hubballi

5 Where is Hashed Password Stored ?
Username Password UID GID User info Home Shell Username Encrypted Password Elapsed time Validity Due date Warning date Expiry date Disabled time Reserved IIT Indore © Neminah Hubballi

6 Where is Hashed Password Stored ?
Password has 3 components First part – hashing algorithm Second part – plain text salt value Third part – actual hash value generated IIT Indore © Neminah Hubballi

7 IIT Indore © Neminah Hubballi
LAN Manager in Windows Pad the password with zeros to make it 14 characters long Convert any lower case letters in password to uppercase letter Divide the password into 7 characters 56 bits of each part is used as key to encrypt magic string Concatenate the two hash values to get final hash IIT Indore © Neminah Hubballi

8 IIT Indore © Neminah Hubballi
NT LAN Manager IIT Indore © Neminah Hubballi

9 IIT Indore © Neminah Hubballi
Breaking Passwords Dictionary attack Bruteforce method Rainbow table Pass-the-hash attack IIT Indore © Neminah Hubballi

Download ppt "IIT Indore © Neminah Hubballi"

Similar presentations

Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Password CrackingSECURITY INNOVATION ©2003 1 Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.

Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.

Race Condition Zutao Zhu 10/09/09. Outline Race Condition –Some functions –File format of /etc/passwd and /etc/shadow –Input Redirection Format-string.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol 6 Mar. 2007 Amit Golander.

Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol 6 Mar Amit Golander.
CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Operating System Security

Operating System Security
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
Chapter 4 System Hacking: Password Cracking, Escalating Privileges, & Hiding Files.

Chapter 4 System Hacking: Password Cracking, Escalating Privileges, & Hiding Files.
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.
10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.

10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.

Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.

Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Lesson 1-Logging On to the System. Overview Importance of UNIX/Linux. Logging on to the system.

Lesson 1-Logging On to the System. Overview Importance of UNIX/Linux. Logging on to the system.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Similar presentations

Ads by Google