CS338 Computer Security
Monday, 3 November 2025

+ The rest of the term
- Your project (Nov 10)
- A takehome exam
    - Definitely some stuff due Nov 19
    - Maybe some stuff due Nov 24
- Labs
- Topics
    - Authentication (esp. passwords) & authorization
    - Pen-testing overview & more techniques
    - Secure coding principles
    - ??? what do you want to learn about ???
        - Lab on SQL injection
        - Lab on ARP cache poisoning (one AITM technique)
        - Defensive security software; including firewalls
        - More cryptography
        - Famous hacks
            - interaction between the tech stuff and the culture stuff
        - Dark web; Tor
        - Reverse engineering
        - How do they do crazy hacking and not get caught
        - Forensics
        - Attribution
        - Hardware security (Spectre, Meltdown, Rowhammer,...)
            console modding; Flipper Zero
        - Personal security--what can I do?
        - OAuth
        - FIDO and passkeys
        - Realistic hacking
        - Game hacking, anti-cheat techniques
            kernel anti-cheat

+ Password lab
- password hashes are stored in /etc/shadow
- salt: what is it?
    instead of saving H("mypassword123")
    generate random salt, and then save
        salt $ H(salt || "mypassword123")

What has to happen to attack unsalted password hashes?
- somebody needs to get read access to /etc/shadow (or wherever hashes are stored)
- understand and be able to replicate password hash creation
- try guessing - ..

    for each common password
        hash the common password
        for each hash in the shadow file
            compare

Try that, but with salt: harder by a factor of the number of users you're trying to crack

    for each common password
        for each hash in the shadow file
            hash the common password with salt
            compare

Try precomputing hashes and then use that database on new shadow files
    by what factor is this harder with salt than without?