CS551: Security and Privacy on the Internet, Fall 2000 |
Manifest: Wednesday 4 October 2000
Assignments Due 4 October Full Project Proposal 11 October Problem Set 3
Readings
Before 9 October:
Before 11 October: None (you have a problem set to do)
- Stallings, 5.4.
- John Kelsey, Bruce Schneier, and Niels Ferguson. Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator, August 1999.
- (Optional, but fun) Brad Arkin, et. al., How we Learned to Cheat in Online Poker: A Study in Software Security, September 1999.
Links:
- Password Security: A Case History, Robert Morris and Ken Thompson, Communications of the ACM, 1979. This paper describes UNIX passwords circa 1979. They claim, "The use of encrypted passwords appears reasonably secure in the absence of serious attention of experts in the field." Later in the course we'll read about the Morris Worm, created by Robert Morris Sr.'s son, Robert Morris, Jr.
- UNIX Password Security - Ten Years Later, David Feldmeier and Philip Karn, Crypto '89. An update to the Morris-Thompson paper.
- L0phtcrack
- SSH home page
- The Case for Strong Authentication, RSA Security White Paper.
Questions
- How should passwords be stored?
- How effective are brute force and dictionary password attacks? What can be done to make them less effective?
- How does SSH work?
- What are the vulnerabilities of SSH?
- What are the advantages and disadvantages of one-time passwords?
THIS SOFTWARE IS NOT DESIGNED OR LICENSED FOR USE IN ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS SUCH AS OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR CONTROL, OR LIFE-CRITICAL APPLICATIONS. SSH EXPRESSLY DISCLAIMS ANY LIABILITY RESULTING FROM USE OF THE SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS AND ACCEPTS NO LIABILITY IN RESPECT OF ANY ACTIONS OR CLAIMS BASED ON THE USE OF THE SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS BY YOU. FOR PURPOSES OF THIS PARAGRAPH, THE TERM "LIFE-CRITICAL APPLICATION" MEANS AN APPLICATION IN WHICH THE FUNCTIONING OR MALFUNCTIONING OF THE SOFTWARE MAY RESULT DIRECTLY OR INDIRECTLY IN PHYSICAL INJURY OR LOSS OF HUMAN LIFE.
From License agreement for SSH Secure Shell, SSH Communications Security Corp
University of Virginia Department of Computer Science CS 551: Security and Privacy on the Internet |
David Evans evans@virginia.edu |