What are Password credentials? Authentication -

About

Password credentials are credentials composed of

  • a password
  • and another identifier (such as an email or a name).

It is something you know and is, therefore, a group identifier.

Strip Le Mot D Epasse Du Noob

Het kostte me deze keer slechts 37 pogingen voor ik een wachtwoord bedacht dan aan alle regels voldeed.

How to send an 'E mail' - 1984

Password vs Cryptographic Key

Password Cryptographic Key
multi-factor authentication context something you know something you have
Input manual automated (not meant to input manually)
Data Type text binary data
Complexity Low High
Memorization Easy Hard

Passwords were created to be memorized by human beings (low-entropy) where a key were created to be use in automated process by computer. They are too complex and random to be memorized.

Passwords are text whereas cryptographic keys are binary data (even if serialized and deserialized as text via for instance base64) and are generally not meant to input manually.

In a multi-factor authentication context,

  • passwords are something you know
  • cryptographic keys are something you have.

Strategy

Password Guidance: Simplifying Your Approach - Gov UK

Ncsc Password Security

Pdf: ncsc_password_security.pdf

Password Storage

Any computer system that requires password authentication must contain a database of passwords, either hashed or in plaintext.

Because the tables are vulnerable to theft, storing the plaintext password is dangerous.

Most databases, therefore, store a cryptographic hash (ciphertext) of a user's password in the database 1)

In such a system, no one, including the authentication and admin system, can determine what a user's password is by merely looking at the value stored in the database.

Instead, when a user enters his or her password for authentication, it is encrypted (hashed), and that output is compared to the stored entry for that user (which was hashed before being saved). If the two hashes match, access is granted.

Two-way function

An encrypted copy of the password encrypted and unencrypted to plaintext for use with authentication methods such as Digest authentication.

The passwords are stored in encrypted form and they can only be decrypted by the application to provide access in authorized circumstances.

These protections, however, cannot prevent a malicious user with application access level from illicitly extracting them in the same manner that the application would do for legitimate use.

One-way hash function

When you just need to compare two passwords for authentication, you would use a one way hash function such as bcrypt.

These hashing functions are designed to always produce the same result from the same password input and to minimize collisions where two different passwords can produce the same result. This hash is always the same length and cannot be directly decrypted to reveal the plaintext password.

To protect against brute-force attacks, users who authenticate with passwords should set strong passwords or passphrases that include characters from multiple sets and are as long as the user can easily remember. See Password Technical Overview

Attack

To key

If you want to transform a password into an algorithmic key, you should use a KDF function.

Guided Navigation

Lib

  • Java from console. If an application needs to read a password or other secure data, it should use readPassword() or readPassword(String, Object…) and manually zero the returned character array after processing to minimize the lifetime of sensitive data in memory.
 Console cons;
 char[] passwd;
 if ((cons = System.console()) != null &&
     (passwd = cons.readPassword("[%s]", "Password:")) != null) {
     ...
     java.util.Arrays.fill(passwd, ' ');
 }

History

The MIT's Time-Sharing Computer is considered to be the first computer system to use passwords. https://www.wired.com/2012/01/computer-password/

Password Expiration

Time for Password Expiration to Die by Lance Spitzner

Standard

rfc8018 PKCS #5: Password-Based Cryptography Specification

Documentation / Reference





Discover More
Card Puncher Data Processing
Ansible - Password

in Ansible Lookup password - Create a random password and store it in a file See
Authentication - HTTP Digest Access Authentication

Digest access authentication is an http authentication method based on authorization entry. It is intended (as a security trade-off) to replace unencrypted HTTP basic access authentication. It is not,...
Authentication - Method / Protocol / Scheme

The authentication methods / construct / protocol validates the identity of a user (ie validates who you are). The method is implemented by a (identify|authentication) provider. In the traditional...
Authentication Ways - something the person knows, has or is

Basically, there are three ways to authenticate an individual: by something the person knows, by something the person has, and by something the person is. All these ways have been used from...
Bash Liste Des Attaques Ovh
Bash - Password

password in bash Snippet to test the complexity of the password with: regexp and the and && operator
Cryptography - Key

A key is a parameter used in a cipher algorithm that determines: the encryption operation (forward) and the decryption operation (backward). It's the only secret parameter that protect the anonymity...
Cryptography - Salt (init vector)

A salt is a text added to the password to make difficult an attack. See also: The salt value is public (not secret) and should be generated at random for each new encryption stored with the password...
Consistent Hashing
Hash function - MD4

MD4 is a cryptographic hash (one-way function) that produces a mathematical representation of a password. The NT hash of the password is calculated by using an unsalted MD4 hash algorithm.
Http - Authorization Header (authentication entries)

authorization is a header that contains credentials to authenticate a user known also as Authentication entry. In the request, you would see the following [header|header]] The basic authentication...
Card Puncher Data Processing
Linear Algebra - Authentication Challenge

Password Authentication challenge Password is an n-vector over GF(2) Send: Computer sends random n-vector a Response: Human sends back . Repeated until Computer is convinced that Human knowns...



Share this page:
Follow us:
Task Runner