WEAK AUTHENTICATION (PASSWORD BASED AUTHENTICATION)
Comments
Content
PASSWORD BASED
AUTHENTICATION
Simple and oldest method of Entity Authentication
A password is used to login(accessing a system to use its resources)
For each user : u-id [public]
password[private]
Authentication Schemes : 1.Fixed Password
2. One-time Password
FIRST APPROACH
User Id and Password File
ATTACKS ON FIRST APPROACH
Eavesdropping
Stealing a password
Accessing a password file
Guessing
SECOND APPROACH
Hashing the Password
ATTACKS ON SECOND APPROACH
Dictionary Attack
THIRD APPROACH
Salting the Password
ATTACKS ON THIRD APPROACH
Dictionary Attack (more difficult)
FOURTH APPROACH
Combination of two Identification techniques
Ex. ATM(Something possessed) + PIN(Something known)
PIN is a password that enhances security of Card
ATTACKS ON FOURTH APPROACH
PIN is short so vulnerable to Guessing Attack