Lecture 10: Hierarchical Key Management + Password Hashing

• Slides
• Playlist (length: 49:03)

Drawbacks of Trusted Directory

(True/False) The main downside of TDs are that they don't scale well and are a central point of attack/trust/availability

True.

Digital Certificates

(True/False) Digital certificates remove the problem of a central point of attack that existed with TDs

False. They remove the central point of availability since anyone can store and provide certificates

Certificate Hierarchies

(True/False) If I am given Verisign's public key, I can verify a certificate for David

False. This relationship doesn’t form a certificate chain - you need the UC President’s public key as well

Revocation

(True/False) The main problem with revocation lists is that they take up a lot of space

False. The list would be fairly small (just certificates that happened to be corrupted and still valid). The problem is that browsers may not be properly downloading lists often enough.

Password Hashing

Which property of hash functions make them suitable for password management? Why is this property important?

One-wayness. This way an attacker who gains access to the hashes can’t easily find the passwords themselves.

Salted Hashes

(True/False) A slow hash function is a secure replacement for using password salts

False. A slow hash function helps, but doesn’t change the fact that an attacker can precompute the passwords before even leaking the database.