CPSC 333 Homework #5 Daniel Jordan daniel_jordan@csu.fullerton.edu R-3.4 What is the advantage of booting from the BIOS instead of booting the operating system directly? Booting from the BIOS adds an additional layer of security. By booting straight to the OS, a machine could be booting malicious code. Booting from a BIOS allows you to password protect access to the bootloader. R-3.7 Why would it be bad to mix the stack and heap segments of memory in the same segment. The heap and stack should always be separate. The stack contains software instructions, and the heap contains dynamically allocated memory that can be altered by the user during execution of the process. By mixing the two, an attacker could use a buffer overflow to potentially overwrite memory in the stack, modifying the behavior of the process. R-3.11 What is the purpose of salting passwords. Salting passwords adds an element of uniqueness to storing passwords. Without salt, a user’s password is passed through a hash function, and stored in a database. This means users with the same password will have identical hashes. An attacker could use a precompiled table of common passwords and their hash values, in an attempt to recover hashed passwords. By using a unique salt value (a user ID for instance), duplicate passwords will still contain a unique hash. This means that even if an attacker were to break the salt and hash for a particular password, they would only have that single user’s password, and not the users using the same password. R-3.13 Eve has just discovered and decrypted the file that associates each userid with its 32-bit random salt value, and she has also discovered and decrypted the password file, which contains the salted-and-hashed passwords for the 100 people in her building. If she has a dictionary of 500,000 words and she is confident all 100 people have passwords from this dictionary, what is the size of her search space for performing a dictionary attack on their passwords? 2^32*500,00 = 2,147,483,648,000,000 R-3.20 Dr. Blahbah claims that buffer overflow attacks via stack smashing are made possible by the fact that stacks grow downwards (towards smaller addresses) on most popular modern architectures. Therefore, future architectures should ensure that the stack grows upwards; this would provide a good defense against buffer overflow. Do you agree or disagree? Why? This would protect against some attacks, but you will still be vulnerable to stack smashing. Overflowing function returns would still be possible with an upward growing stack.