Cryptography Reference
In-Depth Information
to the password file (including perhaps the system administrator) cannot recover
the passwords themselves. In this application a hash function is used to provide
an unusual type of confidentiality for stored data. The unusual aspect is that
the data itself (the password) never needs to be recovered. As a result, this type
of confidentiality can be provided by a cryptographic primitive that does not
use a key.
In advance of a logon attempt, a user's identity
I
is stored in the password file,
next to the result of passing the user's password
P
through a hash function
h
.In
other words, the password file consists of a table of pairs of the form (
I
,
h
(
P
)).
Note that the passwords themselves are not stored in the password table.
The password-based logon process, which we discuss at greater length in
Section 8.4, for a user attempting to access resources on a device is depicted
in Figure 6.2 and operates as follows:
1. The user enters their identity
I
when prompted by the logon screen.
2. The user enters their password
P
when prompted by the logon screen.
3. The authentication application running on the device inputs the password
P
to
the hash function and computes
h
(
P
).
4. The authentication application running on the device looks up the table entry
in the password file corresponding to identity
I
and compares the stored
value of the hashed password with the value
h
(
P
) that it has just calculated in
step 3. If the entries match then the user is authenticated. Otherwise the user is
rejected.
To appreciate the security property that this application requires of the hash
function, we need to consider an attacker's perspective. The role of the hash
User
Device
Identity
I
1
Table containing
entries
I
,
h
(
P
)
Password
P
2
3
h
4
h
(
P
)
= ?
Decision
Figure 6.2.
Use of a hash function to protect stored passwords
