Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

1 2

advertisement 
SI110 Homework Alpha: ________ Name: ___________________ Page 1 of 2
Collaboration Policy: Default
MIDN Last, F.
choose one: □ None □ XS110 □ EI with:
(or more)
□ MGSP
□ Discussed with: ______________________
Homework: /SI110/Cyber Security Tools/Hashing & Passwords
1. [ 15 / 10 / 5 / 0 ] Discuss the difference in the security of a web site that stores hashes of users’
passwords with a web site that stores users’ passwords in plaintext.
2. [ 15 / 10 / 5 / 0 ] What three things should a web site do to protect the passwords of its users?
3. [ 20 / 15 / 10 / 0 ] Put an X in each box where the column's protective measure helps protect
against the attack type. Note: Read the student notes before you answer.
Protective
Measure /
Attack Type
Choosing a
Strong
Password
Two-Factor
Authentication
Password
Throttling &
Account
Lockout
Hashing &
Salting
Password
Stretching
Key Logger
Physical Torture
Offline Attack
Online Attack
4. Regarding password strength.
a. [ 5 / 3 / 0 ] Make up a strong password. DO NOT enter a password you otherwise use.
b. [ 5 / 3 / 0 ] What properties should a strong password have?
SI110 Homework
Alpha: ________
Name: ___________________
Page 2 of 2
5. [ 10 / 8 / 5 / 0 ] Match the description on the right to the protective measure or attack type.
Answer Measure / Attack
Description
Throttling
A. Server stores the 10,000th hash of a password.
Offline Attack
B. Server is slower to respond to incorrect password entries.
Password Stretching
C. Authenticate a user by multiple more than just a password.
Hashing & Salting
Key Logger
Two-Factor
Authentication
Online Attack
D. Used to mitigate a Rainbow Table attack.
E. Attacker is using password-cracking tools against a stolen
password file.
F. A script is entering username and password information,
trying all possible passwords of length n.
G. User entered data is captured from the user's local system
and sent to the attacker.
6. Suppose Mall is a bad guy with an account at bigbuystores.com, which hashes passwords,
but does not use salt. Mall steals the password file from bigbuystores.com and starts looking
through it. Mall’s username is cypher, and notices that the hash value for user penelope1 is the
same as his hash value.
a. [ 5 / 3 / 0 ] What does that mean?
b. [ 5 / 3 / 0 ] Why is it a lucky break for Mall, the bad guy?
c. [ 5 / 3 / 0 ] Why wouldn't this happen if bigbuystores.com used salt?
7. [ 15 / 10 / 5 / 0 ] Explain why that even if a web site used hashing and salting, its users'
passwords would still be in danger if the web site used HTTP instead of HTTPS for the login
pages? Note: "because HTTP is insecure" is insufficient, specifically explain the insecurity.
Related documents
QUICK SIGN ON CHECKLIST
QUICK SIGN ON CHECKLIST
How to start Whitepins - AMAS-Team
How to start Whitepins - AMAS-Team
Slide 1
Slide 1
TPR O-chem Chapter 2
TPR O-chem Chapter 2
Download
advertisement