If you have any trouble accessing any of these materials, please post a note on Piazza and we'll help.
- Slides: all animations, limited animations
- Outline
- Recording
- Supplemental Reading: Textbook §11.2
- Explain the basic properties of hash functions, and connect them to the various password-storing schemes (e.g., how does the collision-resistance of hash functions help us when it comes to storing passwords?)
- You do not need to understand the math behind hash functions; in 6.033, we are interested in using them as a cryptographic primitive from which we can build more secure systems. However, if you want to read more details about a particular hash functions, here is a popular one.
- Explain how an attacker can use a rainbow table to determine users' passwords even when the system stores hashed passwords; given a rainbow table, determine as many user passwords as possible.
- Explain the benefit of "slow" hash functions
- Explain how an attacker can use a rainbow table to determine (some) users' passwords even when the system stores slow-hashed passwords; given a rainbow table, determine as many passwords as possible.
- Explain how salted hashes mitigate rainbow-table attacks.
- Given any of the above password-storing schemes, authenticate users (i.e., implement a check_password function)
- Explain the problems that cookies and challenge-response protocols solve.
Exam questions about passwords tend to look more mathematical than most 6.033 exam questions, because they typically involve hash functions. It's worth checking out a few of the practice problems below just to get a feel of how these questions are written/formatted.
Practice problems