Scribd
Upload
58 views16 pages

Password Based Authentication: Bhavesh Shah (0101IT171015) - Mahendra Marko (0101IT171027)

This document discusses password-based authentication and its vulnerabilities. It describes how passwords are commonly stored in clear text formats, leaving them vulnerable to cracking. To improve security, messages digests and encryption can be applied to passwords before storage. One-way encryption methods like salted SHA-1 and SHA-1 are recommended to securely store passwords. The document also outlines different encryption algorithms and formats that can be used, such as symmetric key, public key, hashed, and salted passwords to enhance security of password authentication.

Uploaded by

Rony Roy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
58 views16 pages

Password Based Authentication: Bhavesh Shah (0101IT171015) - Mahendra Marko (0101IT171027)

This document discusses password-based authentication and its vulnerabilities. It describes how passwords are commonly stored in clear text formats, leaving them vulnerable to cracking. To improve security, messages digests and encryption can be applied to passwords before storage. One-way encryption methods like salted SHA-1 and SHA-1 are recommended to securely store passwords. The document also outlines different encryption algorithms and formats that can be used, such as symmetric key, public key, hashed, and salted passwords to enhance security of password authentication.

Uploaded by

Rony Roy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 16

PASSWORD BASED

AUTHENTICATION

Bhavesh Shah (0101IT171015).


Mahendra Marko (0101IT171027).
What is Authentication ?
•Authentication is an act of proving an assertion, such as the identity of a
computer system user.
•Authentication can be implemented using any combination of credentials
(generally composed of user id and password. Other ways for authentication
are Smart cards, Authentication Server or Public key infrastructure.
General ways for Authentication:
Passwords or Secret Keys
Biometrics
Secure Tokens
Smart Cards (ATM cards, ID card ).
Passwords based authentication:
 A password is a combination of alphabets, numbers and
special characters that is only known to the user who is
being authenticated.
 Password based authentication – simplest way: Clear
Text Passwords –
1. Prompt for user ID and password
2. User enters user ID and password
3. User ID and password validation
4. Authentication Result
5. Inform User Accordingly
Clear Text Password System

User id and passwords travels through network to


the server and validates through the database in
server side.
Clear Text Password: Vulnerabilities
 Since databases stores passwords in simple text format,
attacker can easily see the passwords by cracking into
the database of the server.
 If the attacker breaks into the communication network ,
since clear text passwords travels in a simple text format
in the network, then also he can have the access to this
sensitive data.
Message Digests of Passwords:
 Calculate the message digest of password and then store
in the user database.
 Perform user authentication where the user’s computer
calculates the message digest of password and sends
both user ID and password to the server for
authentication.
Replay Attack:
If someone copies the user id and message digest of the
password and submit them after sometime to the same
server as a part of new login request, it is known as
Replay attack.
Message Digest
Message Digest: Adding Randomness
Adding Randomness: When the server
receives a login request, it first checks
whether the user ID is valid or not. if not
it sends an error screen and if the user ID
is valid then it creates the random
challenge and sends back to the user.
Password Encryption:
Encryption is a technique in which the
message content is converted into a
unique configuration of strings of variable
length in an unreadable formate.
Encryption types:
 Symmetric key: Your system has a key for encryption/
decryption. Move your password through this key to scramble
it, and push it back through the key to make it readable once
more.
 Public key: Two keys play a role in altering your password.
One, a public key, is available for anyone to use. The other, a
private key, is available only to a select few. Use one to encode
a message, and the recipient needs the other to make sense of it.
 Hashed: A computer algorithm transforms your password into a
random series of numbers and letters.
 Salted: A few random numbers or letters are appended to the
beginning or end of your password before it moves through the
hashing process.
Passwords Encryption Formats:
One-way encrypting formats are:
1. Salted SHA-1
2. SHA-1
3. MD5
4. crypt
Two-way encrypting formats are:
1. None.
2. AES.
One-way Encryption Format:
 SHA-1: Passwords are encrypted by the SHA-1
encrypting algorithm before they are stored in the
directory.
 Salted SHA-1: Passwords are encrypted by the Salted
SHA-1 encrypting algorithm before they are stored in
the directory.
 Crypt: passwords are encrypted by the UNIX crypt
encrypting algorithm before they are stored in the
directory. When crypt is used, only the 1st 8 characters
of a password are used. Passwords longer than 8
characters are truncated.
Two-way Encryption Format:
 None Passwords are stored two-way encrypted in a
validation list and are retrieved as part of an entry in the
original clear text format. The QRETSVRSEC system
value must be set to 1 to use this setting.
 AES: Passwords are encrypted by the AES algorithm
before they are stored in the directory and are retrieved
as part of an entry in the original clear format.
Refrences:
 Password Encryption (
https://www.ibm.com/docs/en/sdse/6.4.0?topic=security
-password-encryption
)
 Password Authentication (
https://www.educba.com/password-authentication/)
 Vulnerabilities in Password Authentication
(https://portswigger.net/web-
security/authentication/password-based)
 Password Authentication : Wikipedia
Thank you.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy