Basic password authentication Setup -User chooses password -Hash of password stored in password file ■Authentication -User logs into system,supplies password 一 System computes hash,compares with the hash in password file Attacks -Online dictionary attack Guess passwords and try to log in -Offline dictionary attack Steal password file,try to find p with hash(p)in file CSE825 33 Basic Password Authentication Setup ─ User chooses password ─ Hash of password stored in password file Authentication ─ User logs into system, supplies password ─ System computes hash, compares with the hash in password file Attacks ─ Online dictionary attack ● Guess passwords and try to log in ─ Offline dictionary attack ● Steal password file, try to find p with hash(p) in file CSE825