CS 2550 Foundations of Cybersecurity: Passwords and Authentication

These flashcards cover key vocabulary and concepts related to the foundations of cybersecurity, specifically focusing on passwords and authentication. They include definitions, examples, and essential terms that help in understanding the material for the CS 2550 course.

Authentication

The process of verifying an actor’s identity.

Username

The unique identifier for a user in a system.

Secret

A piece of information used to confirm an actor's identity, typically a password.

What are the three classes of secrets in authentication?

1. Something you know (e.g., a password), 2. Something you have (e.g., a smart card), 3. Something you are (e.g., a fingerprint).

Hashing

A method of transforming input data into a fixed-size string of characters, typically for security purposes.

Salting

Adding random data to passwords before hashing to ensure that identical passwords have different hashes.

Key Stretching

The technique of making the hashing process slower to mitigate brute-force attacks.

Honeywords

Fictitious passwords stored alongside the real password to detect unauthorized access.

Dictionary Attack

An attack that uses a prearranged list of likely passwords to gain unauthorized access.

What should passwords never be stored as?

Plain text.

Collision Resistance

A property of cryptographic hash functions that ensures it's difficult to find two different inputs that produce the same hash.

Entropy

A measure of randomness or unpredictability in a password.

Password Recovery

The process of resetting a password for a user who has forgotten it.

Knowledge Based Authentication (KBA)

A method of resetting passwords that relies on answering personal knowledge questions.

Account-based Reset

A method of password recovery that sends a verification code to the user's contact address.

Brute-force Attack

An attack method that involves systematically trying every possible password combination.

What is a common issue with knowledge-based authentication (KBA)?

The information required is often publicly available or easily obtainable.

Pluggable Authentication Modules (PAM)

A framework used by Unix-based systems for user authentication.

What is the function of a Ticket Granting Server (TGS) in Kerberos?

To issue tickets for user authentication to services on the network.

What is a significant vulnerability of SMS-based two-factor authentication?

It's susceptible to social engineering attacks.

Cryptographic Hash Function Examples

MD5, SHA1, SHA256, SHA512.

What is the purpose of a hardware token in two-factor authentication?

To securely store cryptographic keys and provide a second authentication factor.

UGly GPrevious बसन अनल एक

The theoretical attack where cryptographic systems may be broken.

What is recommended for password management?

Use a password manager to keep track of different passwords securely.

Time-based One-time Password (TOTP)

A temporary password that changes after a specific time interval.

Universal 2nd Factor (U2F)

A security protocol that uses a physical hardware device to provide two-factor authentication.

Factors for password strength

Length, complexity, and unpredictability of the password.

NIS (Network Information Service)

A protocol that provides a centralized directory service for user information.

Replay Attack

An attack where an adversary captures a valid data transmission and retransmits it.

What is the role of a centralized authentication server in a distributed authentication system?

To manage and authenticate user credentials across multiple services.

Should passwords be shared across different services?

No, password reuse can lead to compromised security if one service is breached.

What is the principle behind honeywords?

To alert system administrators if an incorrect password variant is used during login.

Biometrics

Authentication methods based on physical or behavioral characteristics of the user.