Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
5Activity

Table Of Contents

1 INTRODUCTION
2 PASSWORD BASICS
2.1 GENERAL
2.2 SECURITY STRATEGIES OR POLICY
2.3 AUTHENTICATION SYSTEMS
2.4 PASSWORD DESIGN PATTERNS
3 PASSWORD SYSTEMS
4 PASSWORD SELECTION
4.1 STATISTICAL PROPERTIES OF NATURAL LANGUAGE
4.2 SELECTION BIAS
4.3 PASSWORD ENTROPY
4.4 PASSWORD REGISTRATION PROCESS
4.5 PASSWORD AUDITING
4.6 AUTOMATIC PASSWORD GENERATION
4.7 PROACTIVE PASSWORD CHECKING
5 PASSWORD STORAGE
5.1 SYSTEM STORAGE
5.1.1 Cleartext
5.1.2 Password Hashing
5.1.3 Password Encryption
5.2 USER STORAGE
5.3 PASSWORD RECOVERY
6 PASSWORD LIFETIME
6.1 DOD ANALYSIS
6.2 TRUST MODEL
6.3 PASSWORD EXPIRATION
6.4 PASSWORD REPLACEMENT
7 DIRECT RECOVERY ATTACKS
7.1 EXPLICIT PASSWORD FILES
7.2 DEFAULT PASSWORDS
7.3 AUDIT LOGS
7.4 READING KEYBOARD BUFFERS
7.5 TROJAN LOGIN
7.6 OS SUBSTITUTION
7.7 VAN ECK SNIFFING
8 ONLINE ATTACKS
8.1 LOGON ATTEMPT ATTACKS
8.1.1 Notes
9 OFFLINE ATTACKS
9.1 DICTIONARY ATTACKS
9.2 NETWORK PASSWORD ATTACKS
10 UNIX PASSWORD SECURITY
11 WINDOWS NT
11.1 INTRODUCTION
11.2 PRE-NT
11.3 THE NT SECURITY SUBSYSTEM
11.4 SAM PASSWORD HASHING METHODS
11.4.1LanManager Hashing
11.4.2NTLM Hashing
11.5 SAM OBFUSCATION OF PASSWORD HASHES
11.6 SAM STORAGE LOCATIONS
11.6.1Standard Backups
11.6.2Repair Tools
11.6.3Cached Credentials
11.7 SAM ENCRYPTION WITH SYSTEM KEY
11.7.1Encryption using the System Key
11.7.2Storage of the System Key
11.7.3A Vulnerability with System Key
11.8 EXTRACTING PASSWORD HASHES
11.8.1Alternate OS boot
11.8.2PWDUMP
11.9 EXTRACTING PASSWORD HASHES FROM THE NETWORK
11.9.1LanManager Authentication Protocol
11.9.2The SMB Protocol
11.9.3Protection of Anonymous Connections
11.10CRACKING NT PASSWORD HASHES
11.11PASSWORD EQUIVALENCE
11.12LSA PASSWORDS
11.13THE VALUE OF PASSWORDS
12 WINDOWS 2000
13 WINDOWS XP
13.1 ALERTS AND INCIDENTS
13.1.1System Recovery Threat
14 PASSWORD POLICIES AND GUIDELINES
14.1 DOD GUIDELINES
14.2 AUDITING SYSTEM GUIDELINES
15 USABILITY AND HUMAN FACTORS
15.1 PASSWORD COMPLEXITY
16 PASSWORD THREATS
17 PASSWORD DEFENCES
18 REFERENCES
19 GLOSSARY
20 ABBREVIATIONS
21 DOCUMENT HISTORY
0 of .
Results for:
No results containing your search query
P. 1
Outline of a book on Passwords

Outline of a book on Passwords

Ratings: (0)|Views: 199 |Likes:
Published by Luke O'Connor
Here is an outline of a book I started to write in 2003 on passwords. At the time I had a few months away from work and I decided to return to some basics in security, and I started with passwords in Windows. I was surprised at how complex, or at least detailed, this topic turned out to be. I was somewhat inspired by also reading Richard Smith’s nice book Authentication: from Passwords to Public keys. You will find many references to his book in my draft.

My draft does have some good references, a list of passwords threats and a nice glossary. Looking at the TOC you get some idea of how much there is to cover.

I am not sure I will get back to completing the book, though I would surely like to. I make regular posts on passwords and they are certainly one of my pet security topics. However time has eluded me (so far) and perhaps you can use the material.
Here is an outline of a book I started to write in 2003 on passwords. At the time I had a few months away from work and I decided to return to some basics in security, and I started with passwords in Windows. I was surprised at how complex, or at least detailed, this topic turned out to be. I was somewhat inspired by also reading Richard Smith’s nice book Authentication: from Passwords to Public keys. You will find many references to his book in my draft.

My draft does have some good references, a list of passwords threats and a nice glossary. Looking at the TOC you get some idea of how much there is to cover.

I am not sure I will get back to completing the book, though I would surely like to. I make regular posts on passwords and they are certainly one of my pet security topics. However time has eluded me (so far) and perhaps you can use the material.

More info:

Published by: Luke O'Connor on Nov 09, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

10/21/2011

pdf

text

original

You're Reading a Free Preview
Pages 6 to 52 are not shown in this preview.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->