I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken...
-
Upload
hortense-carson -
Category
Documents
-
view
212 -
download
0
Transcript of I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken...
![Page 1: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/1.jpg)
IMPROVING YOUR PASSWORD WITH SALT
Tayler Angevine
Bachelor of Arts in Computer Science
Dr. Ken Blaha (Advisor)
May 03, 2014
![Page 2: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/2.jpg)
INTRODUCTION
Why did I choose this project? Design of original project
How my project turned into what it is now Two-way Symmetric Encryption Key Generation and Storage Salting How does a hashing algorithm work: SHA-256 Why is SHA-256 widely used Demonstration Conclusion Questions
![Page 3: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/3.jpg)
“Hardly a week goes by without a major password breach at one website or another—in one week, nearly 500,000 Yahoo passwords were exposed, Formspring's server hack gave up nearly as many passwords, and Nvidia's developer zone was breached. And that's just some of the hacks we heard about...”
• Neil J. Rubenking (pcmag)
![Page 4: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/4.jpg)
ORIGINAL PROJECT
Password Management Application Desktop Application Use a password to log in (a username was not
required) A central place to store all of your usernames
and passwords “a place to keep all of your keys”
Why was this useful? Emphasis on security caused me to keep
forgetting passwords. Tired of resetting password and calling customer
service
![Page 5: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/5.jpg)
REQUIREMENTS
100% reliable Should be able to open the program and retrieve
information whenever needed.
Completely Secure
Trust is a reoccurring theme when it comes to password management applications.
How does one safely store passwords? Incorrect and Correct Techniques Creating a safe environment for your information
![Page 6: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/6.jpg)
WHAT IS CRYPTOGRAPHY?
Secret writing
The computerized encoding and decoding of information Symmetric-key cryptography Hashing
![Page 7: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/7.jpg)
COMPROMISED DATABASES
“Hardly a week goes by without a major password breach at one website or another—in one week, nearly 500,000 Yahoo passwords were exposed…”
Focal point of my project
Everything should be encrypted in the database
Which algorithms can encrypt and decrypt information? Information needed to be encrypted, but returned to
plaintext
![Page 8: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/8.jpg)
ADVANCED ENCRYPTION STANDARD (AES)
Two-way symmetric encryption algorithm.
![Page 9: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/9.jpg)
WHAT IS THE KEY USED FOR?
A key is a string that is used to shift each letter by a number of places or something much more complicated. Operations: XOR, bit shifts, etc.
![Page 10: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/10.jpg)
KEY DERIVATION Key must be a certain length
128, 192, 256 bits Bigger the key means more key rounds.
10, 12, 14 Key rounds refer to repetitions of AES operations (shift rows, mix
columns, add round key)
If you use a password as a key you must take some precautionary steps Passwords tend to be weak Key should be hashed first using sha 256 Ciphered using AES with a randomly generated Key. (Key
used should be stored) Ensure “randomness”
Hashed again using sha 256. Key size
Prevent from Dictionary Attacks
![Page 11: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/11.jpg)
KEY DERIVATION CONTINUED…
Plenty of Libraries for creating secret keys Java’s
SecretKeyFactory SecretKey
![Page 12: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/12.jpg)
STORING THE KEY
Key must be stored in order to encrypt and decrypt data. Problem that’s been around for years
![Page 13: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/13.jpg)
STORING KEY IN DATABASE
Common Solution
Risky
![Page 14: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/14.jpg)
STORING KEY IN SEPARATE FILE
Common Solution
Risky Anything done in code can be undone. Humans are predictable
Split the key.
Change file permissions.
![Page 15: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/15.jpg)
STORE KEY ON EXTERNAL STORAGE DEVICE
Key is stored on USB or External Hard Drive
Attack must be executed locally or attacker must try every possible key to see if your database decrypts (brute force)
Requires user to provide key at start up. Unreasonable. USB is lost or damaged
My favorite solution
![Page 16: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/16.jpg)
DO NOT STORE THE KEY AT ALL
Most interesting
Relies on password strength
When the user attempts to log in, take the user’s password, do the hash cipher hash steps, see if it decrypts the database
![Page 17: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/17.jpg)
HASHING
Irreversible function.
Used to mainly store passwords
How to log in Hash the password given by the user Check to see if the hash given by the user equals the
hash stored in the database. Do they match?
Must be cautious when hashing Susceptible to
Look-up tables Brute-force and dictionary attacks
![Page 18: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/18.jpg)
TYPES OF ATTACKS
Look-up table
Brute Force and Dictionary Attacks
![Page 19: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/19.jpg)
LOOK UP TABLES
Pre-computed table for reversing hash functions. Takes the hashes of commonly used passwords
and matches them to the hashes stored in the database
Hash matching game
Used to crack multiple passwords at a time
Work because each password is hashed the exact same way. Hash of “dog” will result in the same hash every
time. As long as you are using the same algorithm.
Hash of “dog” using md5 != hash of “dog” using SHA
![Page 20: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/20.jpg)
HOW TO DEFEND YOUR HASH…
Look Up tables
Salt the Master Password using Cryptographically Secure Pseudo-Random Number Generator hash(“password" + “RxFLuENMsoeD") =
9c22122442a125612s62310219e025218129210 USING SHA-256
Avoids collision
This is done N amount of times
The salt and hash are stored in the database Works because it takes a lot of time to rework a
table.
![Page 21: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/21.jpg)
EXAMPLE
![Page 22: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/22.jpg)
SALTING THE CORRECT WAY
do not do this Hash( hash( hash( password+salt ) ) )
Hashing the same value does not increase security Hash( hash( password ) + hash( salt ) ) These are argued by others
Access to source code
Use a Cryptographically Secure Pseudo Random Number Generator (CSPRNG) A Random Number Generator was not made to
be used for cryptography. Use a large enough CSPRNG
![Page 23: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/23.jpg)
PIGEON HOLE PRINCIPLE
• If there are more balls than boxes, then some box must contain more than one wall.
![Page 24: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/24.jpg)
SALT SIZE
Do not want to reuse salts Chances of collision become non-negligible at
2^n/2 salts
Byte[] salt = new Byte[8] 8 bytes * 8 bits per byte = 64 2^64 possible salts
It is better to be safer than sorry Use a 16 byte array 2^128 possible salts.
![Page 25: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/25.jpg)
THERE ARE OTHER METHODS TO HASH COLLISION
Concatenating the salt with other variables User name, session id, curser location, etc…
![Page 26: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/26.jpg)
BRUTE FORCE AND DICTIONARY ATTACKS
Brute Force Try every possible combination to a fixed length.
Dictionary Attack Can be used to crack individual passwords. List of words (dictionary) or commonly used
passwords.
![Page 27: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/27.jpg)
SLOWING BRUTE FORCE ATTACKS
SHA-256 is designed to be fast Can’t use wait statements
PBKDF2 Has multiple parameters
Value that will be hashed Salt Work factor
Has tons of algorithms that it can be used with SHA-256 SHA-1 AES BlowFish Etc.
![Page 28: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/28.jpg)
NONE OF THIS REALLY MATTERS IF
Law #5: None of this matters if it’s a weak password.
• Technet.microsoft.com
![Page 29: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/29.jpg)
PASSWORD LENGTH
Suppose there are 95 ASCII characters Lower Case Letters = 26 Upper Case Letters = 26 Digits = 10 Special Characters = 33 TOTAL = 95
![Page 30: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/30.jpg)
HOW DOES HASHING WORK?
![Page 31: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/31.jpg)
INTRODUCTION
Review the hash function SHA-256
Goal: understand how SHA-256 computes it’s hash.
Why have I decided to focus on Sha-256 algorithms? Battle tested Considered to be some of the “safest” algorithms
Bitcoin is based around SHA-256.
The way the algorithm is implemented using MessageDigest left a lot of unknowns. Was under the impression that I would need to code the
algorithm.
![Page 32: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/32.jpg)
MORE INTRO
Named after it’s digest length.
Will not focus on SHA-1 because it has been “broken”
Would rather focus on today’s standard rather than the past.
SHA-384 and SHA-512 because they are essentially the same.
Why go over the code? I believe it is necessary to understand the code
of an algorithm in order to comprehend how hashing works.
![Page 33: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/33.jpg)
WHAT IS A HASH?
Hash function takes a string of any length, and generates fixed-length output data.
It is not reversible. Because a lot of data is discarded during the
hash process.
If you have lost information about the original input, then it is nearly impossible to reverse the hash.
![Page 34: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/34.jpg)
WHAT MAKES A GOOD HASH?
Same input will always lead to the same output.
Avoids collision attacks What is a collision attack?
Find two input strings that produce the same hash. “abc” “aiieagnea;[sagjeiao;iaeohgao;ejagea”
Hash functions can have infinite input length, but a fixed output.
Sha 256 is more safe from collision attacks than other algorithms.
MD5 = 128 byte output, 64 bits of security SHA-1 = 160 byte output, 80 bits of security. SHA 256 = 256 byte output, 128 bits of security
![Page 35: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/35.jpg)
HOW DOES IT WORK?
Padding aka Preprocessing
Block decomposition
Hash Algorithm
![Page 36: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/36.jpg)
PREPROCESSING
Message (M) is l bits long. Append message with a 1 Followed by n zero bits. N is smallest, non-
negative solution to the equation. L + 1 + n = 448 mod 512
This leaves enough room to append what we have so far with a 64-bit block that equals our message represented in binary. Message = “abc” 24 + 1 + N = 448 N = 423 zero bits
![Page 37: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/37.jpg)
NOTATION
Algorithm uses AND, XOR, OR, Circular Right Shift, and Logical Right Shifts in order to compute the hash.
![Page 38: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/38.jpg)
AND JAVA SYMBOL: &
p q p AND q
1 1 1
1 0 0
0 1 0
0 0 0
Produces 1 if both p and q are 1’s.
![Page 39: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/39.jpg)
OR JAVA SYMBOL: |
p q p OR q
1 1 1
1 0 1
0 1 1
0 0 0
Produces 1 if p or q are 1
![Page 40: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/40.jpg)
XOR JAVA: ^
p q p XOR q
1 1 0
1 0 1
0 1 1
0 0 0
Produces 1 if p or q is 1, but not both.
![Page 41: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/41.jpg)
CIRCULAR SHIFT RIGHT SHR(VARIABLE, NUMBER)
>> signed right shift
![Page 42: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/42.jpg)
LOGICAL RIGHT SHIFTROTR(VARIABLE, NUMBER)
>>> unsigned right shift
![Page 43: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/43.jpg)
EQUATIONS
![Page 44: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/44.jpg)
WHERE IT STARTS TO GET COMPLICATED.
Generally H1 – H8 are set to the first 32 bits of the fractional parts of the square roots of the first eight primes.
![Page 45: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/45.jpg)
EXAMPLE
Square root of 2 = 1.414213562373095048801
Fractional part = 0.41421356237309504.
Hexadecimal = 6A09E667.
![Page 46: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/46.jpg)
WHERE DOES OUR PASSWORD COME INTO PLAY?
Or original password was padded to 512 bits. Which is 16, 32 bit components.
A 64 component array is created we will refer to as W
W0 – W15 are initialized to our padded password.
The rest (W16 – W63) are set to a value determined by this function J is just the counter in a for loop.
![Page 47: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/47.jpg)
ALGORITHM COMPUTATION(EXECUTED 64 TIMES)
![Page 48: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/48.jpg)
A – H are initialized with H1 – H8
![Page 49: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/49.jpg)
LAST STEP
Take your original and H1 – H8 add a – h to them.
![Page 50: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/50.jpg)
DEMONSTRATION
![Page 51: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/51.jpg)
ISSUES WITH RESEARCH
Putting together a puzzle Some things are difficult to find answers to.
![Page 52: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/52.jpg)
CONCLUSION
There are a lot of factors when it comes to storing information
Encrypt your database Spend some time on creating a random
secure key Salt your hashes Slow down your hashing algorithm Nothing matters if you are hashing a weak
password Sha-256 is an interesting algorithm
![Page 53: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/53.jpg)
QUESTIONS?
![Page 54: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/54.jpg)
SOURCES
Algorithm http://
csrc.nist.gov/groups/STM/cavp/documents/shs/sha256-384-512.pdf
http://www-ma2.upc.es/~cripto/Q2-06-07/SHA256english.pdf
Actual Implementation http://www.cs.mcgill.ca/~
zcao7/mutls/release/llvm-gcc-4.2-2.9.source/libjava/classpath/gnu/java/security/hash/Sha256.java
http://www.vipan.com/htdocs/bitwisehelp.html
Various Information wikipedia.org/ http://www.makeuseof.com/tag/md5-hash-stuff-means-
technology-explained/
![Page 55: I MPROVING Y OUR P ASSWORD WITH S ALT Tayler Angevine Bachelor of Arts in Computer Science Dr. Ken Blaha (Advisor) May 03, 2014.](https://reader035.fdocuments.in/reader035/viewer/2022070415/5697bf8f1a28abf838c8d3cb/html5/thumbnails/55.jpg)
MORE SOURCES Various Information
http://crypto.stackexchange.com/questions/8636/what-does-message-schedule-mean-in-sha-256
http://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html
http://technet.microsoft.com/ Crackstation.net Stackexchange & stackoverflow keepass,.info/help/base/security.html Blog.agilebits.com
Converting bytes to a string http://www.mkyong.com/java/how-do-convert-byte-array-to-string-in
-java/
Hash Calculator http://www.xorbin.com/tools/sha256-hash-calculator