equal
deleted
inserted
replaced
539 every password should get their own salt. This salt is |
539 every password should get their own salt. This salt is |
540 generated at the time when the password is first set. |
540 generated at the time when the password is first set. |
541 If you look at a Unix password file you will find entries like |
541 If you look at a Unix password file you will find entries like |
542 |
542 |
543 \begin{center} |
543 \begin{center} |
544 \pcode{urbanc:$6$3WWbKfr1$4vblknvGr6FcDeF92R5xFn3mskfdnEn...:...} |
544 \pcode{urbanc:$6$3WWbKfr1$4vblknvGr6FcDeF92R5xFn3mskfdnEn...$...} |
545 \end{center} |
545 \end{center} |
546 |
546 |
547 \noindent where the first part is the login-name, followed by |
547 \noindent where the first part is the login-name, followed by |
548 a field \pcode{$6$} which specifies which hash-function is |
548 a field \pcode{$6$} which specifies which hash-function is |
549 used. After that follows the salt \pcode{3WWbKfr1} and after |
549 used. After that follows the salt \pcode{3WWbKfr1} and after |
579 moral is that you should never store passwords in plain text. |
579 moral is that you should never store passwords in plain text. |
580 Never ever. |
580 Never ever. |
581 |
581 |
582 \subsubsection*{Further Reading} |
582 \subsubsection*{Further Reading} |
583 |
583 |
584 If you want to know more about passwords I recommend viewing |
584 Some midday humor about passwords: |
|
585 |
|
586 \begin{center} |
|
587 http://xkcd.com/538/ |
|
588 \end{center} |
|
589 |
|
590 \noindent |
|
591 If you want to know more about passwords, I recommend viewing |
585 some youtube videos from the PasswordCon(ference) which takes |
592 some youtube videos from the PasswordCon(ference) which takes |
586 place each year. The book by Bruce Schneier about Applied |
593 place each year. The book by Bruce Schneier about Applied |
587 Cryptography is also recommendable, though quite expensive. |
594 Cryptography is also recommendable, though quite expensive. |
588 There is also another expensive book about penetration |
595 There is also another expensive book about penetration |
589 testing, but the readable chapter about password attacks |
596 testing, but the readable chapter about password attacks |
596 \noindent Clearly, passwords are a technology that comes to |
603 \noindent Clearly, passwords are a technology that comes to |
597 the end of its usefulness, because brute force attacks become |
604 the end of its usefulness, because brute force attacks become |
598 more and more powerful and it is unlikely that humans get any |
605 more and more powerful and it is unlikely that humans get any |
599 better in remembering (securely) longer and longer passwords. |
606 better in remembering (securely) longer and longer passwords. |
600 The big question is which technology can replace |
607 The big question is which technology can replace |
601 passwords\ldots \end{document} |
608 passwords\ldots |
|
609 |
|
610 \end{document} |
|
611 %%% |
|
612 |
|
613 |
602 |
614 |
603 %%% Local Variables: |
615 %%% Local Variables: |
604 %%% mode: latex |
616 %%% mode: latex |
605 %%% TeX-master: t |
617 %%% TeX-master: t |
606 %%% End: |
618 %%% End: |