CSE 115 Introduction to Computer Science I
FINAL EXAM Tuesday, December 11, 2018 7:15 PM - 10:15 PM SOUTH CAMPUS (Factor in travel time!!)
CONFLICT? E-mail documentation to: alphonce@buffalo.edu Subject: CSE115 FINAL EXAM CONFLICT no later than 5:00 PM Friday November 30
CONFLICT? Alternate date/time Friday December 14 11:45 AM - 2:45 PM room TBA
Accessibility Resources Schedule exam to overlap with alternate exam time Friday December 14 11:45 AM - 2:45 PM room TBA
EXAM RULES Bring your UB Card No arrivals after the first 30 minutes No departures in first 30 minutes
EXAM RULES Room assignments: published on last day of classes No electronics (phones, laptops, calculators, earbuds, etc) Closed books . Closed notes . Closed neighbors
Road map ▶︎ Week overview ◀ Encryption Hashing
Week overview M: What are encryption & hashing W: encryption & hashing in practice F: cookies and authentication
Road map Week overview ▶︎ Encryption ◀ Hashing
Encryption A and B want to communicate A B A has a message to send to B
Encryption A and B want to communicate A B A sends message to B in plaintext
Encryption A and B want to communicate A B Because message was sent in plaintext B can read it
Encryption A and B want to communicate A C B Because the message was sent in plaintext anyone can read it, including unknown party C
Encryption A and B want to communicate privately A B A has a message to send to B
Encryption A and B want to communicate privately A B A encrypts the message with a secret key and sends the encrypted message to B
Encryption A and B want to communicate privately A B B cannot read the encrypted message
Encryption A and B want to communicate privately A B B decrypts the message with the (shared) secret key B can now read the message
Encryption A and B want to communicate privately A B C cannot read the message without the secret key
Encryption A and B want to communicate privately A B QUESTION: How can we distribute the shared key securely?
Encryption A and B want to communicate privately A B What if different keys were used to encrypt and decrypt?
Encryption A and B want to communicate privately In public key encryption A B each party has a public key and a private key
Encryption A and B want to communicate privately A B A's private key A's public key B sends a message to A encrypting it with A's public key A decrypts the message with their private key
Encryption A and B want to communicate privately A B B's public key B's private key A sends a message to B encrypting it with B's public key B decrypts the message with their private key
Encryption Pairwise private communication S 0 S 1 S N … R Public keys are available to anyone Private keys are known only to their owners Each S i can message R privately
Road map Week overview Encryption ▶︎ Hashing ◀
Hashing Hashing data is akin to fingerprinting. You are not your fingerprint, but your fingerprint uniquely identifies you.
Hashing communicating without revealing A B password password password We shouldn't send the password in the clear…
Hashing communicating without revealing A C B password password password Ooops, anyone can see the password!
Hashing communicating without revealing A B password password password Let's encrypt the password before sending it to prevent eavesdropping.
Hashing communicating without revealing A B password password If B stores the password, what happens if B is hacked? Passwords are revealed!
Hashing communicating without revealing A hash function is a one-way function: if cannot* be undone. *probably
Hashing communicating without revealing A hash function is a one-way function: if cannot be undone. "The hashing process is like a meat grinder: there is no key, everybody can operate it, but there is no way to get your cow back in full moo-ing state." https://security.blogoverflow.com/2011/11/why-passwords-should-be-hashed/
Hashing communicating without revealing password hash function Mincer icon made by Creaticca Creative Agency from www.flaticon.com is licensed by CC 3.0 BY
Hashing communicating without revealing A B password password The password encrypted during transmission, then hashed by B. The password hash is stored, not the password.
Hashing communicating without revealing A B password password A stoled hash is less useful than a stolen password: it can't use used to directly access the account.
Hashing communicating without revealing If two users have the same password, A they will end up with the same hash abc123 B abc123 Mincer icon made by Creaticca Creative Agency from www.flaticon.com is licensed by CC 3.0 BY
Hashing communicating without revealing Adding salt (random data) to each password A ensures each will hash to a different value. abc123 B abc123 Mincer icon made by Creaticca Creative Agency from www.flaticon.com is licensed by CC 3.0 BY
Encrypt the plain text password in transmission, store salted hash A B password password The password encrypted during transmission, then hashed by B. The password hash is stored together with its salt.
Hashing Brute Force Attack If the hash matches your hash, Attacker knows your salt and hash that string was your password == C for every string: hash string + salt Mincer icon made by Creaticca Creative Agency from www.flaticon.com is licensed by CC 3.0 BY
Hashing Brute Force Attack Prevention As a user: Use strong passwords! Attacker has too many strings to check As a developer: Protect your database Attacker needs stored salt and hash to perform the attack
WEDNESDAY How to encrypt How to hash
FRIDAY Cookies Authentication
Recommend
More recommend