UIUC CS 461 Final Exam Questions
With 100% Verified Answers
What are the steps in authentication? -
correct answer ✅Identification
Verification (binds entity and identity)
You are who you say you are.
What are verification methods? -
correct answer ✅Something you know - e.g. Passwords
Something you have - e.g. token based
Something you are - e.g. biometric
List password attacks. -
correct answer ✅*Steal from user - Install a keylogger (hardware
or software)
- Find it written down
- Social engineering/Phishing
- Intercept the password over network
- Use a side channel
* Steal from service
,UIUC CS 461 Final Exam Questions
With 100% Verified Answers
* Steal from a third party (password reuse)
Location of passwords on UNIX -
correct answer ✅/etc/shadow
Simply storing hashes of passwords is not enough to ensure
security of the password database. What are the other mechanisms
that are combined with hashing? -
correct answer ✅Salt (a random number / nonce) - does not have
to be secret - simply unique
Pepper - must be secret and stored separately from the password
database - such as in a configuration file - added to plaintext prior
to hashing
Advantages of salting password databases. -
correct answer ✅* Makes rainbow tables worthless - prohibitively
large
* Protect commonly used / reused passwords (each password must
be cracked individually)
Specific trait of Blowfish -
correct answer ✅* Block cipher
, UIUC CS 461 Final Exam Questions
With 100% Verified Answers
* Long preprocessing setup for each key
* Processes about 4 kB of data, key scheduling to prepare
substitution boxes
Algorithms / Hash functions with special features? -
correct answer ✅* bcrypt - applies blowfish repeatedly - designed
to take a lot of (configurable) time
* scrypt - must generate large random bit vector which must be
randomly accessed during computation
- Designed to take a lot of memory to compute
- Also used as proof of work hash for Litecoin and Dogecoin
Algorithm with configurable time + memory + parallelism required
to compute -
correct answer ✅Argon2, which won password hashing
competition in 2015
What does a smart card protect against, over a static memory card,
for token-based authentication? -
With 100% Verified Answers
What are the steps in authentication? -
correct answer ✅Identification
Verification (binds entity and identity)
You are who you say you are.
What are verification methods? -
correct answer ✅Something you know - e.g. Passwords
Something you have - e.g. token based
Something you are - e.g. biometric
List password attacks. -
correct answer ✅*Steal from user - Install a keylogger (hardware
or software)
- Find it written down
- Social engineering/Phishing
- Intercept the password over network
- Use a side channel
* Steal from service
,UIUC CS 461 Final Exam Questions
With 100% Verified Answers
* Steal from a third party (password reuse)
Location of passwords on UNIX -
correct answer ✅/etc/shadow
Simply storing hashes of passwords is not enough to ensure
security of the password database. What are the other mechanisms
that are combined with hashing? -
correct answer ✅Salt (a random number / nonce) - does not have
to be secret - simply unique
Pepper - must be secret and stored separately from the password
database - such as in a configuration file - added to plaintext prior
to hashing
Advantages of salting password databases. -
correct answer ✅* Makes rainbow tables worthless - prohibitively
large
* Protect commonly used / reused passwords (each password must
be cracked individually)
Specific trait of Blowfish -
correct answer ✅* Block cipher
, UIUC CS 461 Final Exam Questions
With 100% Verified Answers
* Long preprocessing setup for each key
* Processes about 4 kB of data, key scheduling to prepare
substitution boxes
Algorithms / Hash functions with special features? -
correct answer ✅* bcrypt - applies blowfish repeatedly - designed
to take a lot of (configurable) time
* scrypt - must generate large random bit vector which must be
randomly accessed during computation
- Designed to take a lot of memory to compute
- Also used as proof of work hash for Litecoin and Dogecoin
Algorithm with configurable time + memory + parallelism required
to compute -
correct answer ✅Argon2, which won password hashing
competition in 2015
What does a smart card protect against, over a static memory card,
for token-based authentication? -
