Mercurial Mercurial > hg > sen-material / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
handouts/ho01.tex
changeset 183 6ed7c9b8b291
parent 182 681e35f6b0e4
child 184 55968b3205cc
equal deleted inserted replaced
182:681e35f6b0e4 183:6ed7c9b8b291 
   482 includes rules that cover cases like \pcode{passwordpassword}
 
   482 includes rules that cover cases like \pcode{passwordpassword}
 
   483 or \pcode{drowssap} (password reversed). Historically,
 
   483 or \pcode{drowssap} (password reversed). Historically,
 
   484 compiling a list for a dictionary attack is not as simple as
 
   484 compiling a list for a dictionary attack is not as simple as
 
   485 it might seem. At the beginning only ``real'' dictionaries
 
   485 it might seem. At the beginning only ``real'' dictionaries
 
   486 were available (like the Oxford English Dictionary), but such
 
   486 were available (like the Oxford English Dictionary), but such
 
   487 dictionary are not ``optimised'' for the purpose of passwords.
 
   487 dictionaries are not ``optimised'' for the purpose of passwords.
 
   488 The first real hard date was obtained when a company called
 
   488 The first real hard date was obtained when a company called
 
   489 RockYou ``lost'' 32 Million plain-text password. With this
 
   489 RockYou ``lost'' 32 Million plain-text password. With this
 
   490 data of real-life passwords, dictionary attacks took off.
 
   490 data of real-life passwords, dictionary attacks took off.
 
   491 
   491 
   492 These dictionary attacks can be prevented by using salts.
 
   492 These dictionary attacks can be prevented by using salts.
 
   534 previous section was only secure when the salt was secret. In
 
   534 previous section was only secure when the salt was secret. In
 
   535 the password case, this is not needed. The salt can be public
 
   535 the password case, this is not needed. The salt can be public
 
   536 as shown above and is actually stored as part of the password
 
   536 as shown above and is actually stored as part of the password
 
   537 entry. Knowing the salt does not give the attacker any
 
   537 entry. Knowing the salt does not give the attacker any
 
   538 advantage, but prevents that dictionaries can be precompiled.
 
   538 advantage, but prevents that dictionaries can be precompiled.
 
   539 
   539 The moral is that you should never store passwords in plain 
       
   540 text. Never ever.
 
   540 
   541 
   541 \end{document}
 
   542 \end{document}
 
   542 
   543 
   543 %%% Local Variables: 
   544 %%% Local Variables: 
   544 %%% mode: latex
 
   545 %%% mode: latex
sen-material