Information needs to be kept secure in our computing system.
- We need to control access of this information.
- We can use authentication, authorization or encryption to defend against cyber attacks.
- Hackers tend to prefer easily accessible data.
Web protocols such as SSL and TLS can be used to ensure the security.
- These are client-server applications, which happen between the application and transport layers.
- A handshake is the exchange of setup information before exchanging real data.
The handshake step.
The use of authentication is to establish a person's identity.
- The OS can secure the password file with a hash function, which is a one-way encryption.
- A one-way encryption means you cannot get back to the original password from the hash function.
- A salt prevents duplicates and increases the difficulty of offline dictionary attacks.
- The password creation time can be added to the password before hashing, as the salt.
Authentication methods include: