Unix Password Hashing and Security
12 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of using a salt in a hash function?

  • To reduce the length of the hash value
  • To make the hash function more complex
  • To increase the speed of the hash function
  • To make it more difficult for attackers to use precomputed tables (correct)
  • What type of attack involves systematically trying all possible words or combinations from a pre-existing list?

  • Rainbow table attack
  • Dictionary attack (correct)
  • Hash collision attack
  • Brute-force attack
  • How can an organization defend against rainbow table attacks?

  • By not using a salt value at all
  • By using a shorter salt value
  • By using a weaker hash function
  • By using a sufficiently large salt value and a sufficiently large hash length (correct)
  • What is the name of the open-source password cracker that uses a combination of brute-force and dictionary techniques?

    <p>John the Ripper</p> Signup and view all the answers

    What is the primary weakness that password crackers exploit?

    <p>Poorly chosen passwords</p> Signup and view all the answers

    What is the name of the hash function recommended for Unix systems?

    <p>Bcrypt</p> Signup and view all the answers

    What is the main reason why shorter password lengths are easier to crack?

    <p>Because they have fewer possible combinations</p> Signup and view all the answers

    What is the primary goal of a complex password policy?

    <p>To eliminate guessable passwords while allowing users to select a memorable password</p> Signup and view all the answers

    What is the purpose of a shadow password file?

    <p>To store encrypted passwords that can be accessed by privileged users only</p> Signup and view all the answers

    What is the primary advantage of proactive password checking?

    <p>It reduces the risk of password guessing attacks</p> Signup and view all the answers

    What is the main advantage of using token-based authentication?

    <p>It provides an additional layer of security for user authentication</p> Signup and view all the answers

    What is the primary purpose of a bloom filter in password checking?

    <p>To build a table based on hash values to check desired passwords</p> Signup and view all the answers

    Study Notes

    Unix Password Hashing

    • MD5-based hash function is recommended for Unix
    • Salt of up to 48-bits is used to create a 128-bit hash
    • Password length is unlimited
    • 1000 iterations of an inner loop are used to achieve slowdown

    Bcrypt Hash Algorithm

    • Used by OpenBSD
    • Based on Blowfish block cipher
    • Uses 128-bit salt to create 192-bit hash value
    • Most secure version of Unix hash/salt scheme

    Password Attacks

    • Dictionary attacks: use a large dictionary of possible passwords to try against the password file
    • Rainbow table attacks: pre-compute tables of hash values for all salts
    • Can be countered by using a sufficiently large salt value and a sufficiently large hash length

    Password Crackers

    • John the Ripper: open-source password cracker that uses a combination of brute-force and dictionary techniques
    • Exploits the fact that people choose easily guessable passwords

    Defending Against Password Attacks

    • Use sufficiently large and unique salt values for each user's password
    • Use complex password policies to force users to pick stronger passwords

    Password Selection Strategies

    • User education: inform users about the importance of using hard-to-guess passwords
    • Computer-generated passwords: can be difficult for users to remember
    • Reactive password checking: system periodically runs its own password cracker to find guessable passwords
    • Complex password policy: system checks to ensure the password is allowable

    Proactive Password Checking

    • Rule enforcement: specific rules that passwords must adhere to
    • Password checker: compile a large dictionary of passwords not to use
    • Bloom filter: used to build a table based on hash values

    Token-Based Authentication

    • Card-based tokens: hardware tokens
    • Two primary ways to authenticate using mobile phones: SMS messages and software apps

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz covers the security features of Unix password hashing, including hash functions, salt schemes, and protection against dictionary attacks.

    More Like This

    Password Hashing Techniques
    13 questions

    Password Hashing Techniques

    MagnanimousCloisonnism avatar
    MagnanimousCloisonnism
    Use Quizgecko on...
    Browser
    Browser