Password Authentication

Jeremy L. Rasmussen, Sypris Electronics

Introduction

Types of Identification/Authentication

History of Passwords in Modern Computing

Password Security—Background

Information Theory

Cryptographic Protection of Passwords

Hashing

Password Cracking Tools

Password Cracking Approaches

Rainbow Tables

Password Retrieving Approaches

Password Sniffing

Bypassing Password Security

Types of Password Cracking Tools

Password Security Issues and Effective Management

Enforcing Password Guidelines

Guidelines for Selecting a Strong Password

Password Aging and Reuse

Social Engineering

Single Sign-on and Password Synchronization

UNIX/Linux Specific Password Issues

Microsoft Specific Password Issues

How Long Should Your Password Be?

Password Length and Human Memory

An Argument for Simplified Passwords

Conclusion

Glossary

Cross References

References

Software Tool Reference

Further Reading

INTRODUCTION

The ancient folk tale of “Ali Baba and the Forty Thieves” mentions the use of a password. In this story, Ali Baba finds that the phrase “open sesame” magically opens the entrance to a cave where the thieves have hidden their treasure. Similarly, modern computer systems use passwords to authenticate users and allow them entrance to system resources and data shares on an automated basis. The use of passwords in computer systems can be traced to the earliest time sharing and dial-up networks. There is no evidence that passwords were used before this in purely batch systems.

The security ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.