Professional Documents
Culture Documents
Password Authentication
J. Mitchell
User
kiwifruit
Password file
exrygbzyf kgnosfix ggjoklbsz
hash function
Authentication Attacks
Salt
Unix password line
walt:fURfuu4.4hY0U:129:129:Belgers:/home/walt:/bin/csh
Compare
Input
Constant
Plaintext
Salt
Key
25x DES
Ciphertext
Advantages of salt
Without salt
Same hash functions on all machines
Compute hash of all common strings once Compare hash file with all known password files
With salt
One password hashed 212 different ways
Precompute hash file?
Need much larger file to cover all common strings
Web Authentication
Browser password cookie
Server
Problems
pwdA
pwdA
Fake Site
User cannot reliably identify fake sites Captured password can be used at target site
pwdA pwdB
=
pwdA
Site B
pwdA
pwdB
Site B
Defense: SpyBlock
Defense: SpyBlock
SpyBlock protection
password in trusted client environment better password-based authentication protocols trusted environment confirms site transactions server support required
Simple approach
Send hashed passwords
Browser hash(pwd|0) hash(pwd|1)
Server
k = Ba mod p
Mb
Ma
If H(1,k,P) Ma Abort
[M Scott]
SRP protocol
(Set-up Phase)
Carol chooses password P Steve chooses s, computes x = H(s, P) and v = gx
C s A B,u M1 M2
Bob looks up s, v
password?