In storing passwords, what is “salt,” and how does it help keep the passwords secure?
Why do experts recommend that short passwords of eight or fewer characters should be avoided?
What is displayed when the below program is executed?
nums = [7, 9, 6, 7, 8]
map = {}
for i in range(5):
n = nums[i]
map[n] = i
for key in map:
print('{0} to {1}'.format(key, map[key]))
What is displayed by the following Python fragment?
words = 'The quick brown fox jumps over the lazy dog'
map = {}
for word in words.split():
map[len(word)] = word
for k in range(3, 6):
print('{0} {1}'.format(k, map[k]))
Suppose census
is a dictionary mapping state names to
populations. Complete the following so that it displays the total
population of all the states.
for state in census:
print total_pop
Suppose we have a dictionary scores
mapping names (each a string) to test scores (each an integer).
Write a program fragment that displays the name of each student
whose score is 100.
We have a dictionary identified by word_counts
in
which all keys are strings. What is wrong with the following program to
remove all keys
that start with p, and what can be
done to repair it?
for key in word_counts:
if len(key) > 0 and key[0] == 'p':
word_counts.pop(key)
Salt is a random sequence of characters that is generated for each user separately, and it is stored along with the cryptographic hash of the result of appending the password onto the hash. To verify a password entered by a user logging in, we read the user's salt from the database, append the password to it, perform a cryptographic hash, and then confirm that this result matches what is stored in the database.
This is much more secure than simply storing the hash of the password, since doing the latter makes it far easier to perform a dictionary attack: The attacker can perform a single hash of a frequently-used password and compare it to all hashed values, whereas with a salted system, the attacker must try each individual salt value along with the frequently-used password, slowing the decryption process down considerably.
People trying to crack a password can feasibly try hashing each possible combination of eight or fewer characters, to see which combination hashes to what is stored in a database. A short password guarantees that this attack will find a combination that works. However, it is infeasible with current technology to hash all possible combinations of nine characters, so more than eight characters avoids this type of exhaustive attack.
7 to 3 (Lines may be reordered in any way.) 9 to 1 8 to 4 6 to 2
3 dog 4 lazy 5 jumps
total_pop = 0
for state in census:
total_pop += census[state]
print total_pop
for name in scores:
if scores[name] == 100:
print(name)
While we are iterating through the keys of a dictionary (as
with for
…in
), Python will not allow us to
change that very same dictionary, as pop
does.
The best way to repair this would be to create a secondary list into which we place all the keys we wish to remove. Then, after completing our iteration through the list, we would have a second loop through this secondary list in which we could remove each key that was added into this list.