Showing papers on "Rainbow table published in 1996"

Secure software registration and integrity assessment in a computer system

Abstract: A method for providing secure registration and integrity assessment of software in a computer system is disclosed. A secure hash table is created containing a list of secure programs that the user wants to validate prior to execution. The table contains a secure hash value (i.e., a value generated by modification detection code) for each of these programs as originally installed on the computer system. This hash table is stored in protected memory that can only be accessed when the computer system is in system management mode. Following an attempt to execute a secured program, a system management interrupt is generated. An SMI handler then generates a current hash value for the program to be executed. In the event that the current hash value matches the stored hash value, the integrity of the program is guaranteed and it is loaded into memory and executed. If the two values do not match, the user is alerted to the discrepancy and may be given the option to update or override the stored hash value by entering an administrative password.

Method for changing passwords on a remote computer

Abstract: A method for changing an account password stored at a physically remote location is provided. After initiating a password change sequence, a user submits both an old and a new password to its client machine. Thereafter, the client computes two message values to be transmitted to the server. The first message is computed by encrypting at least the new password using a one-way hash of the old password as an encryption key. The second message is computed by encrypting the one-way hash of the old password using a one-way hash of the new clear text password as the encryption key. The server receives both messages and computes a first decrypted value by decrypting the first message using the one-way hash of the old password, previously stored at the server, as the decryption key. The server computes a second decrypted value by decrypting the second message using a one-way hash of the first decrypted value as the decryption key. The server compares the decrypted one-way hashed value, transmitted in encrypted form in the second message, to the pre-stored hashed old password. If the two values are equal, then the server replaces the old password by the new password.

Re-initialization of an iterated hash function secure password system over an insecure network connection

Abstract: Methods and apparatus are disclosed for re-initializing a secure password series based on an iterated hash function. User login information is communicated over an insecure network connection or other transmission medium between a client and a server. The server provides an indication that a first login series based on a first password has reached a predetermined minimum number of remaining hash function iterations. This indication could also be generated by the client. In either case, the client responds to the indication by generating an initialization signal which relates the first login series based on the first password to a second login series based on a second password. The initialization signal may be generated as the exclusive-or of the results of applying a first number of hash function iterations to the first password and a second number of hash function iterations to the second password. The client transmits the initialization signal to the server, which stores it along with an encrypted password transmitted in a previous valid first series login by the same user. The server then compares a function of the stored initialization signal and an initial second series login to the previously-stored first series login to determine if the initial second series login is valid. The second password may be generated by the client using a pass phrase portion of the first password and a new seed portion which does not require additional user input. The password re-initialization process can thus be performed automatically without any need to notify the user.

User presence verification with single password across applications

Abstract: A technique verifies the presence of a user to applications stored on a distributed network system using a single password. The technique generally comprises computing a one-way hash value of the password that is initially provided by the user to a workstation during a login procedure. This initial hash value is stored by the workstation so that it may be readily accessible for authenticating the user to other applications of the system. These other applications query the user as to its identity by issuing an operating system application programming interface (API) call that specifies, e.g., "quiz user for password". The API call invokes a routine that requests the user's password and, in response to that password, hashes it and compares the resulting hash value with the stored hash value. If the values match, the user is reliably authenticated.

Information processor with protection function of software

Abstract: PROBLEM TO BE SOLVED: To provide high password intensity without depending on the managing method of the memory of a system. SOLUTION: When data being the object of encoding is inputted, a password key generation means 1 generates a password key 1a in accordance with the attribute of data being the object of encoding. A encoding means 3 encodes data being the object of encoding by using the password key 1a and password data 4a is stored in a storage means 4. When the processing request of password data 4a is given, a decoding key generation means 2 generates a decoding key 2a in accordance with the attribute of password data 4a. A decoding means 5 decodes password data 4a by using the decoding key 2a. Decoded data is processed by a processing means 6. A control means 7 outputs data processed by the processing means 6 to the encoding means 3 as data being the object of encoding. Thus, key different for the respective attributes are used and password intensity can be improved without depending on the memory managing method.

On password-based authenticated key exchange using collisionful hash functions

Abstract: This paper presents an attack on Anderson and Lomas's proposed password-based authenticated key exchange protocol that uses collisionful hash functions The weaknesses of the protocol when an old session key is compromised are studied and alternative solutions are given

Radio unit, system and method for storing information regarding an illegal access to the radio unit

Abstract: The present invention comprises a ROM 5 for storing a password, a password check section 9, a RAM 10 for storing a number of password mismatch occurrences, a radio section 1, and a central processing unit 12 for controlling the memory, radio and checking sections. When a password for rewriting individual information is input from an external terminal 50, the central processing unit 12 requests the password check section 9 to check the password with a password stored in the ROM 5. When the both passwords don't match, a password can be repeatedly re-input until the password matches and the number of password mismatch occurrences is stored in the RAM 10.