DOCSLIB.ORG

7: Password-Hashing

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
7: Password-Hashing 7: Password-Hashing I Passwords, Passphrases, “Personal Identification Numbers” (PINs) are needed all the time user name: Max passwort: ******** I Can be part of a “two-factor-authentication” (e.g., chipcard + PIN) I Adversaries trying to “guess” them: I How probable is a pwd? I How to attack unknwon pwd by making X attempts to “guess” them I Which passwords are the X most probable ones? I How to choose pwd to thwart such attacks? I . while still being able to remember pwd? Our goal: Make the usage of passwords as secure as possible. –130– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash Preliminaries . speaking words of wisdom, let it be, let it be, . (The Beatles) I QUESTION: Which of the following passwords is OK? “53cur3 pa55w0rd”, “ci90n38!P0??3ah9vhv” or “123456”? user name: Max passwort: ******** I ANSWER: None! (Not after being shown on my slides . ) I Passwords must be unpredictable ... I BUT this is actually a property of password-generation and password-handling (random choices, not published on slides, . ) I information-theory: a “password-source” must have high entropy! I very informally: k-bit of entropy ≥ 2k−1 “guesses” for the attacker –131– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash Wisdom # 1: Choose “high-entropy” passwords! . this is harder than it looks –132– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash Wisdom # 2: Do not allow Offline Attacks! . whenever you can avoid them user name: Max passwort: ******** Online: Offline: I access to server I function F I adversary sends pwd-”guess” I adversary can compute F I server accepts or rejects without the server’s aid pwd-”guess” I F(pwd) = 1 , pwd accepted X: as large as the server allows X: as large as the adversary can and can handle afford –133– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash Wisdom #3: Passwords in the Clear are bad! . worse than leaving the key to your flat under the door-mat name pwd Anakin skywalker Dagobert moneymoneymoney Donald enwo34qindk!d Luke sykwalker Tick mysecretpassword Trick mysecretpassword Track mysecretpassword –134– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash Wisdom # 4: Hashing Passwords helps . but is not good enough name H(pwd) Anakin viqwbnqwtomwm Dagobert wer4mnrt4rnrm Donald r034jionksioe Luke viqwbnqwtomwm Tick sdjklasdle9nr Trick sdjklasdle9nr Track sdjklasdle9nr best attack: I assume “dictionary” with N “common” passwords I compute another dictionary with N hashed passwords I attacking each account in time O(1), if password is “common” –135– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash Wisdom # 5: Salt and Hash Passwords name salt H(salt, pwd) Anakin 34892 4unuiio8nuue7 Dagobert 29495 ksni9m8k89kiu Donald 09858 cdk5jkambydyu Luke 45888 xumun6muzyqjo Tick 19495 cnjk9mk3msdfk Track 27849 dekcexcidklc7 Trick 90479 yei7kmdkx2dcx best attack: I assume “dictionary” with N “common” passwords I attacking each account in time O(N), if password is “common” (if the salt never repeats) –136– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.1: Key Stretching Wisdom # 6: Perform “Key Stretching” I stretching by k bit I attacks slow down 2k times I “virtual” entropy goes from β to β + k I unfortunately, the defenders’ operations may also slow down by 2k times I so the idea is to I choose k as large as possible I without annoying the defender –137– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.1: Key Stretching Generate Password Hashes with Stretching log ( ) iteration: stretch by 2 N bit pepper: stretch by p bit input: pwd, salt, N input: pwd, salt, p X H(salt; pwd) choose random R < 2p for I 1 to N do X H(salt; R; pwd) X H(salt; X) return X end for return X –138– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.1: Key Stretching Verify Password Hashes verify iteration verify pepper input: pwd, salt, N; X 0 input: pwd, salt, p, X 0 X H(salt; pwd) choose random R0 < 2p for I 1 to N do for I 0 to 2p − 1 do X H(salt; X) R00 (R0 + I) mod 2p end for X 0 H(salt; R00; X) accept if X = X 0 else reject accept if X = X 0 end for reject Advantages and disadvantages: +iteration generation and verification are the same +pepper fast generation +pepper parallelizable (why is this an advantage for the defender, and not a disadvantage?) -pepper R must be random – and even secret (why?) –139– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.1: Key Stretching Iteration – Without Knowing the Count just let the user decide for herself unknown iteration verify unknown iteration input: pwd, salt, N input: pwd, salt, N, X X H(salt; pwd) X 0 H(salt; pwd) while true do while X 6= X 0 do X H(salt; X) X 0 H(salt; X) end while end while when exception: {user: ctrl-c} accept return X when exception: {user: ctrl-c} reject –140– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.1: Key Stretching Usage Scenarios for Password Scramblers I user authentication I key derivation I proof of work I ... These uses imply different attack models / security requirements! –141– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.1: Key Stretching History until 2010 1960s: Wilkes: plain passwords are bad ! store hash and compare 1978: unix crypt I 25 iterations of DES-like operation I 12 bit salt to hinder dictionary attacks 1980s: shadow passwords I store (user; salt; dummy) in File A I store H(pwd; salt) in File B 1995: Abadi, Lomas, Needham: pepper 1997: Kelsey, Schneier, Hall, Wagner: analyzed iteration 2007: Boyen: unknown iteration count 2010: Turan, Barker, Burr, Chen: First standard for KDFs (PBKDF1/2 – Password-Based Key Derivation Function) –142– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.1: Key Stretching Practical Password Scramblers and KDFs until 2010 1978: crypt: in UNIX-based systems based on DES (25 iterations), 12-bit salt 1995: md5crypt by Poul-Henning Kamp 64-bit salt, 1000 iterations of MD5 1995: bcrypt by Provos and Mazières based on Blowfish (Schneier, 1993) needs a significant (but constant) amount of memory: S-boxes (4 × 1024 Bytes) + subkey (72 Bytes)) 2010: PBKDF2 by NIST first standard for KDFs, can use hash function or block cipher –143– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.1: Key Stretching PBKDF2 Password-Based Key Derivation Function Two F(pwd, salt, N, i) I F is the core function PRF(Key, Input) is modelled U PRF(pwd; salt jj i32) I X U as a “pseudorandom for I 1 to N do function” U PRF(pwd; U)(∗) I Why is pwd used in every X X ⊕ U round? Isn’t that dangerous? end for I Should we replace line (∗) return X by U PRF(U)? I PRF could be instantiated by I a block cipher E: PRF(K ; U) = EK (U) I a MAC M: PRF(K ; U) = MK (U) I a hash function H: PRF(K ; U) = H(K jj U) I the HMAC-construction, using H in a nested way: PRF(K ; U) = H(K ⊕ const2 jj (H(K ⊕ const1 jj U)) –144– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.1: Key Stretching PBKDF2 can Generate Large Outputs relevant for key derivation I For a required number of output bits, PBKDF2 concatenates F(pwd; salt; N; 1) jj F(pwd; salt; N; 2) jj ::: truncating the final call to F(pwd; salt; N; i) to the required number of bits I Example WPA2: I PBKDF2 with PRF = HMAC-SHA-1 and N = 4096 iterations I output 256 bits, but HMAC-SHA-1 provides 160 bits I thus, call F twice I use all the 160 bits from F(pwd, salt, N; 1) I and the first 96 bits from F(pwd, salt, N; 2) –145– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.1: Key Stretching 7.2: Considering Memory Timeline 2009: scrypt (Percival) 2013: Catena (Forler, Lucks, Wenzel) 2013–2015: Password Hashing Competition 2015: Argon2 (Biryukov, Dinu, Khovratovich) wins competition 2015–now: theoretical results on amortised costs –146– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.2: Memory The Advance of Massively Parallel Commodity Hardware http://www.nvidia.com/object/what-is-gpu-computing.html I commodity hardware with an abundance of parallel cores I attacker can try out any number of password in parallel I defender is hashing a single password I also, defender does not always have so many cores –147– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.2: Memory Wisdom # 7: Storage is Expensive . use this, to make the adversary’s life harder CPU (Multiple Cores) GPU (Hundreds of Cores) Core 1 Core 2 Core 3 Core 4 Cache Cache similar cache and memory sizes RAM RAM Adversaries with cheap of-the-shelf parallelizable hardware (GPUs, FPGAs, . ) don not have much memory – especially fast cache-memory. The cost for expensive special-purpose hardware is driven up by memory costs. –148– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.2: Memory Memory-Hard Functions Percival (2009) I let f be a function which can be computed in time T using space S I consider a machine with S=k units of memory, instead of S Definition 12 A function f is memory-hard if computing f (x) with an input of size n needs S(n) space and T 0(n) units of operations, where S(n) ∗ T 0(n) 2 Ω T 0(n)2− for > 0. ≈ computing f with S=k units of memory takes kT operations –149– Stefan Lucks Hash Fun. (2019) 7: Passw.-Hash 7.2: Memory Sequentially Memory-Hard Functions Percival (2009) I if we consider physical “time” rather than number of operations, the speet-up on a parallel machine can be a concern Definition 13 A function f is sequentially memory-hard if (1) it is memory-hard and (2) it cannot be computed on a machine with S(n) processors and S(n) space in expected time T (n), where S(n) ∗ T (n) = O T (n)2− for any > 0.
Load more

Recommended publications
  • Shell Scripting with Bash
    Introduction to Shell Scripting with Bash Charles Jahnke Research Computing Services Information Services & Technology Topics for Today ● Introductions ● Basic Terminology ● How to get help ● Command-line vs. Scripting ● Variables ● Handling Arguments ● Standard I/O, Pipes, and Redirection ● Control Structures (loops and If statements) ● SCC Job Submission Example Research Computing Services Research Computing Services (RCS) A group within Information Services & Technology at Boston University provides computing, storage, and visualization resources and services to support research that has specialized or highly intensive computation, storage, bandwidth, or graphics requirements. Three Primary Services: ● Research Computation ● Research Visualization ● Research Consulting and Training Breadth of Research on the Shared Computing Cluster (SCC) Me ● Research Facilitator and Administrator ● Background in biomedical engineering, bioinformatics, and IT systems ● Offices on both CRC and BUMC ○ Most of our staff on the Charles River Campus, some dedicated to BUMC ● Contact: [email protected] You ● Who has experience programming? ● Using Linux? ● Using the Shared Computing Cluster (SCC)? Basic Terminology The Command-line The line on which commands are typed and passed to the shell. Username Hostname Current Directory [username@scc1 ~]$ Prompt Command Line (input) The Shell ● The interface between the user and the operating system ● Program that interprets and executes input ● Provides: ○ Built-in commands ○ Programming control structures ○ Environment
    [Show full text]
  • Powerview Command Reference
    PowerView Command Reference TRACE32 Online Help TRACE32 Directory TRACE32 Index TRACE32 Documents ...................................................................................................................... PowerView User Interface ............................................................................................................ PowerView Command Reference .............................................................................................1 History ...................................................................................................................................... 12 ABORT ...................................................................................................................................... 13 ABORT Abort driver program 13 AREA ........................................................................................................................................ 14 AREA Message windows 14 AREA.CLEAR Clear area 15 AREA.CLOSE Close output file 15 AREA.Create Create or modify message area 16 AREA.Delete Delete message area 17 AREA.List Display a detailed list off all message areas 18 AREA.OPEN Open output file 20 AREA.PIPE Redirect area to stdout 21 AREA.RESet Reset areas 21 AREA.SAVE Save AREA window contents to file 21 AREA.Select Select area 22 AREA.STDERR Redirect area to stderr 23 AREA.STDOUT Redirect area to stdout 23 AREA.view Display message area in AREA window 24 AutoSTOre ..............................................................................................................................
    [Show full text]
  • An Empirical Comparison of Widely Adopted Hash Functions in Digital Forensics: Does the Programming Language and Operating System Make a Difference?
    2015 Annual ADFSL Conference on Digital Forensics, Security and Law Proceedings May 19th, 11:45 AM An Empirical Comparison of Widely Adopted Hash Functions in Digital Forensics: Does the Programming Language and Operating System Make a Difference? Satyendra Gurjar Cyber Forensics Research and Education Group (UNHcFREG), Tagliatela College of Engineering, ECECS Department, University of New Haven, [email protected] Ibrahim Baggili Cyber Forensics Research and Education Group (UNHcFREG), Tagliatela College of Engineering, ECECS Department, University of New Haven Frank Breitinger CyberFollow F thisorensics and additional Research worksand Education at: https:/ Gr/commons.eroup (UNHcFREG),au.edu/adfsl Tagliatela College of Engineering, ECECS Depar Partment,t of the Univ Aviationersity ofSaf Newety and Hav Securityen Commons, Computer Law Commons, Defense and Security AliceStudies Fischer Commons , Forensic Science and Technology Commons, Information Security Commons, CyberNational For Securityensics Resear Law Commonsch and Education, OS and GrNetworksoup (UNHcFREG), Commons T, Otheragliatela Computer College Sciences of Engineering, Commons ECECS, and theDepar Socialtment, Contr Univol,ersity Law , ofCrime, New andHav enDe,viance AFischer@newha Commons ven.edu Scholarly Commons Citation Gurjar, Satyendra; Baggili, Ibrahim; Breitinger, Frank; and Fischer, Alice, "An Empirical Comparison of Widely Adopted Hash Functions in Digital Forensics: Does the Programming Language and Operating System Make a Difference?" (2015). Annual ADFSL Conference on Digital Forensics, Security and Law. 6. https://commons.erau.edu/adfsl/2015/tuesday/6 This Peer Reviewed Paper is brought to you for free and open access by the Conferences at Scholarly Commons. It has been accepted for inclusion in Annual ADFSL Conference on Digital Forensics, Security and Law by an (c)ADFSL authorized administrator of Scholarly Commons.
    [Show full text]
  • Lecture 17 the Shell and Shell Scripting Simple Shell Scripts
    Lecture 17 The Shell and Shell Scripting In this lecture • The UNIX shell • Simple Shell Scripts • Shell variables • File System commands, IO commands, IO redirection • Command Line Arguments • Evaluating Expr in Shell • Predicates, operators for testing strings, ints and files • If-then-else in Shell • The for, while and do loop in Shell • Writing Shell scripts • Exercises In this course, we need to be familiar with the "UNIX shell". We use it, whether bash, csh, tcsh, zsh, or other variants, to start and stop processes, control the terminal, and to otherwise interact with the system. Many of you have heard of, or made use of "shell scripting", that is the process of providing instructions to shell in a simple, interpreted programming language . To see what shell we are working on, first SSH into unix.andrew.cmu.edu and type echo $SHELL ---- to see the working shell in SSH We will be writing our shell scripts for this particular shell (csh). The shell scripting language does not fit the classic definition of a useful language. It does not have many of the features such as portability, facilities for resource intensive tasks such as recursion or hashing or sorting. It does not have data structures like arrays and hash tables. It does not have facilities for direct access to hardware or good security features. But in many other ways the language of the shell is very powerful -- it has functions, conditionals, loops. It does not support strong data typing -- it is completely untyped (everything is a string). But, the real power of shell program doesn't come from the language itself, but from the diverse library that it can call upon -- any program.
    [Show full text]
  • CMSC 426/626 - Computer Security Fall 2014
    Authentication and Passwords CMSC 426/626 - Computer Security Fall 2014 Outline • Types of authentication • Vulnerabilities of password authentication • Linux password authentication • Windows Password authentication • Cracking techniques Goals of Authentication • Identification - provide a claimed identity to the system. • Verification - establish validity of the provided identity. We’re not talking about message authentication, e.g. the use of digital signatures. Means of Authentication • Something you know, e.g. password • Something you have, e.g. USB dongle or Common Access Card (CAC) • Something you are, e.g. fingerprint • Something you do, e.g. hand writing Password-Based Authentication • User provides identity and password; system verifies that the password is correct for the given identity. • Identity determines access and privileges. • Identity can be used for Discretionary Access Control, e.g. to give another user access to a file. Password Hashing Password • System stores hash of the user password, not the plain text password. Hash Algorithm • Commonly used technique, e.g. UNIX password hashing. Password Hash Password Vulnerabilities Assume the authentication system stores hashed passwords. There are eight attack strategies. • Off-line Dictionary Attack - get hold of the password file, test a collection (dictionary) of possible passwords. ‣ Most systems protect the password file, but attackers sometimes get hold of one. • Specific Account Attack - given a specific user account, try popular passwords. ‣ Most systems use lockout mechanisms to make these attacks difficult. • Popular Password Attack - given a popular password, try it on multiple accounts. ‣ Harder to defend against - have to look for patterns in failed access attempts. • Targeted Password Guessing - use what you know about a user to intelligently guess their password.
    [Show full text]
  • Jellyfish Count -M 21 -S 100M -T 10 -C Reads.Fasta
    Jellysh 2 User Guide December 13, 2013 Contents 1 Getting started 2 1.1 Counting all k-mers . .2 1.1.1 Counting k-mers in sequencing reads . .3 1.1.2 Counting k-mers in a genome . .3 1.2 Counting high-frequency k-mers . .3 1.2.1 One pass method . .3 1.2.2 Two pass method . .4 2 FAQ 5 2.1 How to read compressed les (or other format)?newmacroname . .5 2.2 How to read multiple les at once? . .5 2.3 How to reduce the output size? . .6 3 Subcommands 7 3.1 histo .............................................7 3.2 dump .............................................7 3.3 query .............................................7 3.4 info ..............................................8 3.5 merge ............................................8 3.6 cite . .8 1 Chapter 1 Getting started 1.1 Counting all k-mers The basic command to count all k-mers is as follows: jellyfish count -m 21 -s 100M -t 10 -C reads.fasta This will count canonical (-C) 21-mers (-m 21), using a hash with 100 million elements (-s 100 M) and 10 threads (-t 10) in the sequences in the le reads.fasta. The output is written in the le 'mer_counts.jf' by default (change with -o switch). To compute the histogram of the k-mer occurrences, use the histo subcommand (see section 3.1): jellyfish histo mer_counts.jf To query the counts of a particular k-mer, use the query subcommand (see section 3.3): jellyfish query mer_counts.jf AACGTTG To output all the counts for all the k-mers in the le, use the dump subcommand (see section 3.2): jellyfish dump mer_counts.jf > mer_counts_dumps.fa To get some information on how, when and where this jellysh le was generated, use the info subcommand (see section 3.4): jellyfish info mer_counts.jf For more detail information, see the relevant sections in this document.
    [Show full text]
  • Husky: Towards a More Efficient and Expressive Distributed Computing Framework
    Husky: Towards a More Efficient and Expressive Distributed Computing Framework Fan Yang Jinfeng Li James Cheng Department of Computer Science and Engineering The Chinese University of Hong Kong ffyang,jfli,[email protected] ABSTRACT tends Spark, and Gelly [3] extends Flink, to expose to programmers Finding efficient, expressive and yet intuitive programming models fine-grained control over the access patterns on vertices and their for data-parallel computing system is an important and open prob- communication patterns. lem. Systems like Hadoop and Spark have been widely adopted Over-simplified functional or declarative programming interfaces for massive data processing, as coarse-grained primitives like map with only coarse-grained primitives also limit the flexibility in de- and reduce are succinct and easy to master. However, sometimes signing efficient distributed algorithms. For instance, there is re- over-simplified API hinders programmers from more fine-grained cent interest in machine learning algorithms that compute by fre- control and designing more efficient algorithms. Developers may quently and asynchronously accessing and mutating global states have to resort to sophisticated domain-specific languages (DSLs), (e.g., some entries in a large global key-value table) in a fine-grained or even low-level layers like MPI, but this raises development cost— manner [14, 19, 24, 30]. It is not clear how to program such algo- learning many mutually exclusive systems prolongs the develop- rithms using only synchronous and coarse-grained operators (e.g., ment schedule, and the use of low-level tools may result in bug- map, reduce, and join), and even with immutable data abstraction prone programming.
    [Show full text]
  • Daniel Lyons [email protected] Why?
    How to Hurt Your Friends with (loop) Daniel Lyons [email protected] Why? Fast Powerful Widely-used Like format you can probably do more with it than you realize. Even though you hate it, you may have to read it in someone else’s code. On my machine, 578 of 1068 library files contain at least one loop form (54.12%). It’s fast as hell. loop as List Comprehension Python: [ f(x) for x in L if p(x) ] Haskell: [ f(x) | x <- L, p(x) ] Erlang: [ f(X) || X <- L, p(X) ]. Loop: (loop for x in L when (p x) collect (f x)) Things You Can Do With loop Variable initialization and stepping Value accumulation Conditional and unconditional execution Pre- and post-loop operations Termination whenever and however you like This is taken from the list of kinds of loop clauses from CLtL Ch. 26 - variable initialization and stepping - value accumulation - termination conditions - unconditional execution - conditional execution - miscellaneous operations Initialization for/as with repeat for and as mean the same thing with is a single ‘let’ statement repeat runs the loop a specified number of times for Is Really Complicated for var from expr to expr for var in expr for var on expr Of course from can also be downfrom or upfrom, and to can also be downto, upto, below or above for var in expr: Loops over every item in the list Optionally by some stepping function for var on expr loops over the cdrs of a list, giving you each successive sublist Loops over each sublist of the list, e.g.
    [Show full text]
  • Linux Command Line: Aliases, Prompts and Scripting
    Linux Command Line: Aliases, Prompts and Scri... 1 Linux Command Line: Aliases, Prompts and Scripting By Steven Gordon on Wed, 23/07/2014 - 7:46am Here are a few notes on using the Bash shell that I have used as a demo to students. It covers man pages, aliases, shell prompts, paths and basics of shell scripting. For details, see the many free manuals of Bash shell scripting. 1. Man Pages Man pages are the reference manuals for commands. Reading the man pages is best when you know the command to use, but cannot remember the syntax or options. Simply type man cmd and then read the manual. E.g.: student@netlab01:~$ man ls If you don't know which command to use to perform some task, then there is a basic search feature called apropos which will do a keyword search through an index of man page names and short descriptions. You can run it using either the command apropos or using man -k. E.g.: student@netlab01:~$ man superuser No manual entry for superuser student@netlab01:~$ apropos superuser su (1) - change user ID or become superuser student@netlab01:~$ man -k "new user" newusers (8) - update and create new users in batch useradd (8) - create a new user or update default new user information Some common used commands are actually not standalone program, but commands built-in to the shell. For example, below demonstrates the creation of aliases using alias. But there is no man page for alias. Instead, alias is described as part of the bash shell man page.
    [Show full text]
  • The Xargs Package
    The xargs package Manuel Pégourié-Gonnard [email protected] v1.1 (2008/03/22) Contents 1 Introduction 1 2 Usage 1 3 Implementation 4 Important note for French users: a French version of the user documentation is included in the xargs-fr.pdf file. 1 Introduction A Defining commands with an optional argument is easy in LTEX2ε. There is, how- ever, two limitations: you can make only one argument optional and it must be the first one. The xargs package provide extended variants of \newcommand & friends, for which these limitations no longer hold: It is now easy to define commands with many (and freely placed) optional arguments, using a nice hkeyi=hvaluei syntax. For example, the following defines a command with two optional arguments. \newcommandx*\coord[3][1=1, 3=n]{(#2_{#1},\ldots,#2_{#3})} $\coord{x}$ (x1,...,xn) $\coord[0]{y}$ (y0,...,yn) $\coord{z}[m]$ (z1,...,zm) $\coord[0]{t}[m]$ (t0,...,tm) 2 Usage 2.1 Basics The xargs package defines an extended variant for every LATEX macro related to macro definition. xargs’s macro are named after their LATEX counterparts, just adding an x at end (see the list in the margin). Here is the complete list: \newcommandx \renewcommandx \newenvironmentx \renewenvironmentx \providecommandx \DeclareRobustCommandx \CheckCommandx 1 If you are not familiar with all of them, you can either just keep using the A commands you already know, or check Lamport’s book or the LTEX Companion (or any LATEX2ε manual) to learn the others. Since these commands all share the same syntax, I’ll always use \newcommandx in the following, but remember it works the same for all seven commands.
    [Show full text]
  • Table of Contents Local Transfers
    Table of Contents Local Transfers......................................................................................................1 Checking File Integrity.......................................................................................................1 Local File Transfer Commands...........................................................................................3 Shift Transfer Tool Overview..............................................................................................5 Local Transfers Checking File Integrity It is a good practice to confirm whether your files are complete and accurate before you transfer the files to or from NAS, and again after the transfer is complete. The easiest way to verify the integrity of file transfers is to use the NAS-developed Shift tool for the transfer, with the --verify option enabled. As part of the transfer, Shift will automatically checksum the data at both the source and destination to detect corruption. If corruption is detected, partial file transfers/checksums will be performed until the corruption is rectified. For example: pfe21% shiftc --verify $HOME/filename /nobackuppX/username lou% shiftc --verify /nobackuppX/username/filename $HOME your_localhost% sup shiftc --verify filename pfe: In addition to Shift, there are several algorithms and programs you can use to compute a checksum. If the results of the pre-transfer checksum match the results obtained after the transfer, you can be reasonably certain that the data in the transferred files is not corrupted. If
    [Show full text]
  • Unix-Like Access Permissions in Fully Decentralized File Systems
    Unix-like Access Permissions in Fully Decentralized File Systems Johanna Amann∗ Thomas Fuhrmann Technische Universitat¨ Munchen¨ Technische Universitat¨ Munchen¨ [email protected] [email protected] Current fully decentralized file systems just offer basic lic and a private part. World-readable files are stored access semantics. In most systems, there is no integrated in the public part of the group-directory in addition to access control. Every user who can access a file system the owner’s user-directory. Files that are only readable can read and sometimes even write all data. Only few by the group are stored in the private part of the group- systems offer better protection. However, they usually directory. Files that are only readable by the owning user involve algorithms that do not scale well, e. g. certifi- are only stored in the owner’s user-directory. The private cates that secure the file access rights. Often they require group directory is secured with a group encryption key. online third parties. To the best of our knowledge all sys- This encryption key is distributed to the group members tems also lack the standard Unix access permissions, that using the subset difference encryption scheme. When a users have become accustomed to. file-owner writes a file, the copy in her user-directory is In this poster, we show a decentralized, cryptograph- updated. When a group-member updates a file, the copy ically secure, scalable, and efficient way to introduce in the group-directory is updated. Both places have to be nearly the full spectrum of Unix file system access per- checked on access for the most recent version.
    [Show full text]