Salting and Biometrics

. Passwords are stored in a single, hashed and salted file called a password file

Hashing:

(mathematical formula that performs a one-way encryption)

Plaintext → hash function → hash text

Password file cracking:

Brute force → hash and compare random phrases to the stored passwords

. takes a long time

Dictionary attack → encrypt non-random phrases like a dictionary (a list of common passwords)

Rainbow table attack → store-pre- computed, encrypted passwords and run the sam eattacks

Salting:

Random word (salt) is added to the plaintext and combined with your password. This is then hashed together.

Authenticating Authorised Users:

. PIN, password (Something you know)

. (Something you have) physical device smartphone or hardware token

And then we have…

Biometrics:

. Something of yourself

e.g. fingerprints, face, voice etc.

Issues with fingerprint biometric:

• if you damaged your finger: burns, cuts etc

Issues with facial recognition:

• It is temporamental

Issues with retina scans:

• Retina is very expensive to set up and keep up, however it is very acurrate

Issues with voice recognition:

• Loud environments can cause issues recognising voice

Issues as a whole with biometrics:

• Identifier, not a secret (the secret is just you)

• Password resets are not possible

• It is far reaching, once you obtian a persons biometrics, all of their accounts become comprimised

Two-factor authentication →

• Two different forms of authentication to verify a user’s identity

Bug bounties = finding exploits within a system and notifying company of the expoit