HW Problem
Problem 7.6 This problem deals with storing passwords in a file.
- Why is it a good idea to hash passwords that are stored in a file? Answer. This prevents an unauthorized person who manages to acquire a password file from immediately getting everyone's password.
- Why is it a much better idea to hash passwords stored in a file than to encrypt the password file? Answer. Encrypting the password file would require the file be decrypted for password checking. This might be both computationally expensive and result in a plaintext file appearing as an intermediate file which could be copied.
- What is a salt and why should a salt be used whenever passwords are hash? Answer. A salt is a string concatenated to the password before hashing. In the password file we store the hashed result together which the plaintext salt. This prevents the attacker from using hashes of a password dictionary for more than one forward attack.