Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

CS 433

advertisement 
CPSC 333 Homework #5
Daniel Jordan
daniel_jordan@csu.fullerton.edu
R-3.4
What is the advantage of booting from the BIOS instead of booting the operating system directly?
Booting from the BIOS adds an additional layer of security. By booting straight to the OS, a machine could
be booting malicious code. Booting from a BIOS allows you to password protect access to the bootloader.
R-3.7
Why would it be bad to mix the stack and heap segments of memory in the same segment.
The heap and stack should always be separate. The stack contains software instructions, and the heap
contains dynamically allocated memory that can be altered by the user during execution of the process. By
mixing the two, an attacker could use a buffer overflow to potentially overwrite memory in the stack,
modifying the behavior of the process.
R-3.11
What is the purpose of salting passwords.
Salting passwords adds an element of uniqueness to storing passwords. Without salt, a user’s password is
passed through a hash function, and stored in a database. This means users with the same password will have
identical hashes. An attacker could use a precompiled table of common passwords and their hash values, in
an attempt to recover hashed passwords. By using a unique salt value (a user ID for instance), duplicate
passwords will still contain a unique hash. This means that even if an attacker were to break the salt and hash
for a particular password, they would only have that single user’s password, and not the users using the same
password.
R-3.13
Eve has just discovered and decrypted the file that associates each userid with its 32-bit random salt value, and she
has also discovered and decrypted the password file, which contains the salted-and-hashed passwords for the 100
people in her building. If she has a dictionary of 500,000 words and she is confident all 100 people have passwords
from this dictionary, what is the size of her search space for performing a dictionary attack on their passwords?
2^32*500,00 = 2,147,483,648,000,000
R-3.20
Dr. Blahbah claims that buffer overflow attacks via stack smashing are made possible by the fact that stacks grow
downwards (towards smaller addresses) on most popular modern architectures. Therefore, future architectures
should ensure that the stack grows upwards; this would provide a good defense against buffer overflow. Do you
agree or disagree? Why?
This would protect against some attacks, but you will still be vulnerable to stack smashing. Overflowing
function returns would still be possible with an upward growing stack.
Related documents
CPSC 333 Homework #5 Sample Solution R
CPSC 333 Homework #5 Sample Solution R
Password_security_terminology_research_task_brenna
Password_security_terminology_research_task_brenna
The Great Book Stack Challenge
The Great Book Stack Challenge
Password-Based Football
Password-Based Football
password - Department of Computer Science
password - Department of Computer Science
NID Password Change Frequency
NID Password Change Frequency
Homework 3 Solutions
Homework 3 Solutions
Learning to Live with an Advanced Persistent Threat PPT Only
Learning to Live with an Advanced Persistent Threat PPT Only
Open_Source_InfoSec - Open Source Club at Ohio State
Open_Source_InfoSec - Open Source Club at Ohio State
Chapter 4 Outline
Chapter 4 Outline
(PIQ) Entry Form
(PIQ) Entry Form
Download
advertisement