Presentation is loading. Please wait.

Presentation is loading. Please wait.

Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication."— Presentation transcript:

1 Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication

2 Apr 4, 2003Mårten Trolin2 Today’s program – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation –PKCS#5

3 Apr 4, 2003Mårten Trolin3 Passwords for authentication Simple way to achieve authentication. –Does not require any special hardware. Users tend to choose simple passwords. –Counter-measures exist. Storing passwords requires extended security measures. –Security breach in password database has major consequences.

4 Apr 4, 2003Mårten Trolin4 Password authentication – different approaches Password sent in plain and stored in clear in the database Password hashed by client and sent to the server. Password hash stored in database. Password sent in plain to the server. Password hashed by server. Hash compared to hash in database.

5 Apr 4, 2003Mårten Trolin5 Password stored in clear User Server User enters password p p Server compares p with the value stored in its database. If the values match, user is allowed.

6 Apr 4, 2003Mårten Trolin6 Password stored in clear If Oscar captures the password database, he can log in as any user.

7 Apr 4, 2003Mårten Trolin7 Password sent as hash User Server User enters password p User computes the hash H(p) H(p) Server compares H(p) with the value stored in its database. If the values match, user is allowed.

8 Apr 4, 2003Mårten Trolin8 Password sent as hash If Oscar captures the database with the hashed passwords, he can log on as any user. –Since only the hash is stored, Oscar will not know the passwords. –Because only the hash is needed to log on, Oscar can log on anyway.

9 Apr 4, 2003Mårten Trolin9 Password hashed by server User Server User enters password p p Server computes the hash H(p) and compares the value with the database. If the values match, user is allowed.

10 Apr 4, 2003Mårten Trolin10 Password hashed by server If Oscar captures the database with the hashed passwords, it gives him little information. –Since only the hash is stored, Oscar will not know the passwords (provided a good hash is used). –Without the passwords, Oscar cannot log on.

11 Apr 4, 2003Mårten Trolin11 Capturing the password database What happens if Oscar captures the password database with hashed passwords? Since he only has the hashes, he cannot retrieve the passwords. If the users of the systems chooses bad passwords, Oscar can try to hash common words until he finds a hit. –To speed up the attack, Oscar can even store a list of commonly used passwords, and compare the password database to his list. –This is called a dictionary attack.

12 Apr 4, 2003Mårten Trolin12 Password authentication over unsecure lines All the methods discussed require the server to be authenticated and the communication to be secure. If this is not the case – the only common information is the password – other methods must be used. Such methods exist, but are outside the scope of this course...

13 Apr 4, 2003Mårten Trolin13 Salt To slow down a dictionary attack, instead of storing H(p) in the database, we H(p | s), the hash of the password concatenated with a string s. The string s is called the salt. The salt can be stored in clear in the database. Its purpose is to prevent the use of precalculated lists. –Since. in general, H(p | s 1 ) ≠ H(p | s 2 ), Oscar would need one precalculated list per salt. With a salt that is long enough,this becomes infeasible. –Also, the use of salt prevents the detection of a user having the same password on several systems.

14 Apr 4, 2003Mårten Trolin14 Avoiding bad passwords Users choosing weak passwords pose a security risk. Several counter-measures exist: –Education. –Automatic password checking Compare with lists of known passwords. Demand that passwords are of a certain length. Tip: Using the term pass phrase may give the user an idea that the password should be long enough. –Minimizing the loss in case of security breach Forcing the users to change passwords regularly means Oscar can only use the password he has found a certain time.

15 Apr 4, 2003Mårten Trolin15 Passwords for key generation It is quite common to use a password for generation of a symmetric key. –Password protection of a private key. –Encryption of backups. We want a key generation function that takes as input a password p and outputs a key k.

16 Apr 4, 2003Mårten Trolin16 Password generated keys – problems and solutions Password generated keys suffer from the same general problem as passwords for authentication. –Number of passwords is relatively small – possible to create a list with all possible passwords and corresponding keys. Use a salt to avoid dictionary attacks. Make key generation “slow”, to make brute-force attacks more time consuming.

17 Apr 4, 2003Mårten Trolin17 Iterations In order to make brute-force attacks harder for the opponent, we want the key generation not to be too fast. –If key generation takes.5 seconds, this is not a problem for the legitimate user. –However, for the opponent, who needs to try a large number of keys, this makes his work considerably harder. Key generation from passwords should include a some kind of loop, and the number of iterations should be possible to configure. –Parallelizing the loop should not be possible.

18 Apr 4, 2003Mårten Trolin18 PKCS#5 The RSA standard PKCS#5 specifies a method to derive key material from passwords. –Produces key material of arbitrary length. PKCS#5 uses a salt and a configurable number of iterations. –A minimum of 1000 iterations is recommended. Implemented in many cryptography library.

Download ppt "Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication."

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Interlock Protocol - Akanksha Srivastava 2002A7PS589.

Interlock Protocol - Akanksha Srivastava 2002A7PS589.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Feb 12, 2002Mårten Trolin1 Applied Cryptography Main goal –Give some practical experience on cryptographic technics used today. –Show how to use existing.

Feb 12, 2002Mårten Trolin1 Applied Cryptography Main goal –Give some practical experience on cryptographic technics used today. –Show how to use existing.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Feb 18, 2003Mårten Trolin1 Previous lecture Block ciphers Modes of operations First assignment Hash functions.

Feb 18, 2003Mårten Trolin1 Previous lecture Block ciphers Modes of operations First assignment Hash functions.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.

Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.

Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 25, 2003Mårten Trolin1 Previous lecture – smart-cards Card-terminal authentication Card-issuer authentication.

Mar 25, 2003Mårten Trolin1 Previous lecture – smart-cards Card-terminal authentication Card-issuer authentication.

Similar presentations

Ads by Google