CSE 115. Introduction to Computer Science I

Size: px

Start display at page:

Download "CSE 115. Introduction to Computer Science I"

Tabitha Robbins
5 years ago
Views:

1 CSE 115 Introduction to Computer Science I

2 FINL EXM Tuesday, December 11, :15 PM - 10:15 PM SOUTH CMPUS (Factor in travel time!!)

3 CONFLICT? documentation to: Subject: CSE115 FINL EXM CONFLICT no later than 5:00 PM Friday November 30

4 CONFLICT? lternate date/time Friday December 14 11:45 M - 2:45 PM room T

5 ccessibility Resources Schedule exam to overlap with alternate exam time Friday December 14 11:45 M - 2:45 PM room T

6 EXM RULES ring your U Card No arrivals after the first 30 minutes No departures in first 30 minutes

7 EXM RULES Room assignments: published on last day of classes No electronics (phones, laptops, calculators, earbuds, etc) Closed books. Closed notes. Closed neighbors

8 Road map Week overview Encryption Hashing

9 Week overview M: What are encryption & hashing W: encryption & hashing in practice F: cookies and authentication

10 Road map Week overview Encryption Hashing

11 Encryption and want to communicate has a message to send to

12 Encryption and want to communicate sends message to in plaintext

13 Encryption and want to communicate ecause message was sent in plaintext can read it

14 Encryption and want to communicate C ecause the message was sent in plaintext anyone can read it, including unknown party C

15 Encryption and want to communicate privately has a message to send to

16 Encryption and want to communicate privately encrypts the message with a secret key and sends the encrypted message to

17 Encryption and want to communicate privately cannot read the encrypted message

18 Encryption and want to communicate privately decrypts the message with the (shared) secret key can now read the message

19 Encryption and want to communicate privately C cannot read the message without the secret key

20 Encryption and want to communicate privately QUESTION: How can we distribute the shared key securely?

21 Encryption and want to communicate privately What if different keys were used to encrypt and decrypt?

22 Encryption and want to communicate privately In public key encryption each party has a public key and a private key

23 Encryption and want to communicate privately 's private key 's public key sends a message to encrypting it with 's public key decrypts the message with their private key

24 Encryption and want to communicate privately 's public key 's private key sends a message to encrypting it with 's public key decrypts the message with their private key

25 Encryption Pairwise private communication S0 S1 SN R Public keys are available to anyone Private keys are known only to their owners Each Si can message R privately

26 Road map Week overview Encryption Hashing

27 Hashing Hashing data is akin to fingerprinting. You are not your fingerprint, but your fingerprint uniquely identifies you.

28 Hashing communicating without revealing password password password We shouldn't send the password in the clear

29 Hashing communicating without revealing C password password password Ooops, anyone can see the password!

30 Hashing communicating without revealing password password password Let's encrypt the password before sending it to prevent eavesdropping.

31 Hashing communicating without revealing password password If stores the password, what happens if is hacked? Passwords are revealed!

32 Hashing communicating without revealing hash function is a one-way function: if cannot* be undone. *probably

33 Hashing communicating without revealing hash function is a one-way function: if cannot be undone. "The hashing process is like a meat grinder: there is no key, everybody can operate it, but there is no way to get your cow back in full moo-ing state."

34 Hashing communicating without revealing password hash function Mincer icon made by Creaticca Creative gency from is licensed by CC 3.0 Y

35 Hashing communicating without revealing password password The password encrypted during transmission, then hashed by. The password hash is stored, not the password.

36 Hashing communicating without revealing password password stoled hash is less useful than a stolen password: it can't use used to directly access the account.

37 Hashing communicating without revealing If two users have the same password, they will end up with the same hash abc123 abc123 Mincer icon made by Creaticca Creative gency from is licensed by CC 3.0 Y

38 Hashing communicating without revealing dding salt (random data) to each password ensures each will hash to a different value. abc123 abc123 Mincer icon made by Creaticca Creative gency from is licensed by CC 3.0 Y

39 Encrypt the plain text password in transmission, store salted hash password password The password encrypted during transmission, then hashed by. The password hash is stored together with its salt.

40 Hashing rute Force ttack ttacker knows your salt and hash If the hash matches your hash, that string was your password C == for every string: hash string + salt Mincer icon made by Creaticca Creative gency from is licensed by CC 3.0 Y

41 Hashing rute Force ttack Prevention s a user: Use strong passwords! ttacker has too many strings to check s a developer: Protect your database ttacker needs stored salt and hash to perform the attack

42 WEDNESDY How to encrypt How to hash

43 FRIDY Cookies uthentication

CSC 474/574 Information Systems Security

CSC 474/574 Information Systems Security Topic 2.1 Introduction to Cryptography CSC 474/574 By Dr. Peng Ning 1 Cryptography Cryptography Original meaning: The art of secret writing Becoming a science that