Access Control-Passwords

Question 1

What is user authentication?

Answer 1

Used to determine the identity of an individual accessing the system.

Question 2

What are the three approaches for user authentication?

Answer 2

1. Knowledge-based
2. Token-based
3. Biometric

Question 3

What is knowledge-based authentication?

Answer 3

Users prove their identity through something they know, e.g. a shared secret, password.

Question 4

What is token-based authentication?

Answer 4

Users prove their identity through something they possess. E.g. passport

Question 5

What is biometric authentication?

Answer 5

Users prove their identity through a unique physiological characteristic e.g. fingerprint

Question 6

What are the advantages of passwords?

Answer 6

• Easy to use
• Require no special equipment
• Offer an adequate degree of security in many environments.

Question 7

What are the disadvantages of passwords?

Answer 7

• Users tend to choose passwords that are easy to guess.
• Many password-cracking tools are available.

Question 8

How do we protect password tables?

Answer 8

Store the hashed password as opposed to the original password.

Question 9

What are password tables prone to?

Answer 9

Dictionary attacks.

Question 10

What is a dictionary attack?

Answer 10

Attacker compiles a dictionary of several thousand common words and computes hash for each one. Uses the dictionary to look for matches between the dictionary and the password table.

Question 11

What is a better solution to ordinary password tables?

Answer 11

Add salt.

Question 12

What is salting?

Answer 12

Where password tables append the salt to the password and hashes the result and stores it.

Question 13

What are rainbow tables?

Answer 13

They involve computing chains. Chains start with some plaintext, and then is hashed and reduced repeatedly. The beginning and the end of the chain is stored.