Tutorial Week 13

Questions

Q1: A password may become known to other users in a variety of ways. Is there a simple method for helping users detect that such an event has occurred? Explain your answer.

Q2: The traditional UNIX password protection scheme uses a salt (a random n-bit number) to make it more difficult for an intruder to discover the password by encrypting common strings in advance. Does this scheme also offer increased protection against a valid user trying to crack the super-user password on a machine? Assume the password file containing the encrypted passwords is readable.

Q3: Lamport's one-time password scheme uses the passwords in reverse order. Would it not be simpler to use f(x) the first time, f(f(x)) the second time, and so on?


Q4: Describe a buffer overrun attack. What is the usual programmer omission in such attacks?


Q5: What is the principle of least privilege? Why is the setuid root facility in UNIX generally a violation of the principle? Give an illustrative example of that violation.