Cryptography Reference
In-Depth Information
passphrases can improve this situation by significantly increasing the password
space, however, many of the other problems with passwords remain.
Repeatability
. For the lifetime of a password, each time that it is used it is exactly
the same. This means that if an attacker can obtain the password then there is
an (often significant) period of time within which the password can be used
to fraudulently claim the identity of the original owner. One measure that can
be taken to restrict this threat is to regularly force password change. However,
this again raises a usability issue since regular password change is confusing
for humans and can lead to insecure password storage practices.
Vulnerability
. We have just noted that the consequences of 'stealing' a password
can be serious. However, passwords are relatively easy for an attacker to
obtain:
• they are most vulnerable at point of entry, when they can be viewed by
an attacker watching the password holder (a technique often referred to as
shoulder surfing
);
• they can be extracted by attackers during social engineering activities, where a
password holder is fooled into revealing a password to an attacker who makes
claims, for example, to be a system administrator (an attack that is sometimes
known as
phishing
);
• they can be obtained by an attacker observing network traffic or by an attacker
who compromises a password database.
For the latter reason, passwords should be cryptographically protected at all
times, as we will discuss in just a moment.
It is best to regard passwords as a rather fragile means of providing identity
information. In particular, the problem of repeatability means that passwords on
their own do not really provide entity authentication as we defined it, since there is
no strong notion of freshness. In applications where strong entity authentication
is required then passwords are best employed in conjunction with other entity
authentication techniques, if at all. However, the advantages of passwords mean
that they will probably always find use in applications where security is a relatively
low priority.
8.4.2
Cryptographic password protection
Consider a large organisation that wishes to authenticate many users onto its
internal system using passwords. One obvious way of implementing this is to
use a system that compares offered passwords with those stored on a centralised
password database. This presents the password database as a highly attractive
target for attackers, since this database potentially contains a complete list of
account names and passwords. Even if this database is managed carefully, the
administrators of the system potentially have access to this list, which may not be
desirable.
