Professional Documents
Culture Documents
CSE 3118Y Week 02 Lab Password Selection Practical
CSE 3118Y Week 02 Lab Password Selection Practical
3. Learn about the downfall and common mistakes when using passwords
Historically Passwords have been an easy target for cyber attacks. Because users are responsible for their
own passwords, most security experts consider this to be the single most insecure aspect of a well-planned
network. Security professionals typically establish guidelines and policies that will limit the number of user
account compromises on a network.
Windows and UNIX System do not actually store the password at all. Instead, a unique obscured
representation of the password is stored. The OS uses the password as a parameter in an irreversible
mathematical function that calculates a hash value. This value is stored in the system password database.
When a logon attempt is made, the system uses the password supplied by the user, performs the
mathematical function, and then compares the hash value with the value stored in the password database.
If the has values are equal, then the passwords used to generate the hash values must also be equal.
The most powerful password-cracking method is called the "Brute force Method". Although this method can
take a long time, it usually takes far less time than most password policies specify for password changing.
Brute force randomly generates passwords and their associated hashes. Theoretically all passwords are
"crackable" from a brute force attack given enough time and processing power.
Task 1
Read and study the paper entitled “About Passwords” by András Keszthelyi. Summarize the main points.
(1) Discuss why it is important for an organization, such as University of Mauritius, to ensure that the
passwords are strong and follow best practices.
(2) Draft a list of the key components of a good password policy that can be adopted for UoM student
email account. Include specifications such as password length, aging etc.
Analyse and compare the features of three popular password cracking tools (available freeware) for
windows or Linux.
1
Task 3 (Take home lab)
1. Log on as admin
B. Password Complexity
(i) What are the minimum and maximum password age on this computer? Why are they important?
(ii) What is the difference between Local Polices and Account Policies?
(iii) How complex is the password complexity? Can you modify the complexity? What should be included?
(iv) What is the purpose of setting a lockout policy?
(v) What is a reasonable set of minimum password requirements?
(vi) How do these minimum requirements fit with the ease-of-use for the users?