This past week was mostly about getting the first draft of the research paper together, and then reading and responding to two other papers. I feel satisfied with the work I put into my paper and have so far gotten some very useful feedback that I will use before the final submission. When it was being written I found out that I could have gone into much more detail than I did but didn't due to length reasons. Each specific topic in the paper (hashing, attack types, etc) could easily be a research topic in its own write, so my overall goal was to present an overview that covered all the key aspects deep enough that readers would be able to make informed decisions.
The length of the paper worried me at first (8 - 15 pages) because I knew I would rather do it in single spaced format to make it look and feel more professional, but I was soon pushing the 15pg mark without any issue. I could have easily written another 10 or so pages about the specifics of password lists and analysis, examples of attack implementations, discussed more about how databases get divulged, covered the cost/efficiency factor more in depth. I did not cover non traditional attacks or the effects of quantum computing either, choosing to leave these out because they don't easily fit in the structure nor do they really effect the outcome/conclusion.
The most surprising thing I learned about research during this project is how much the topic itself plays a role in the research process. Security has always interested me and the attack/defense nature that I explored was fascinating, leading me to do more and more research. Contrast this with other scenarios where the research topic might get chosen for you and I could see how much harder that could be, especially if the topic is uninteresting or boring.
Overall I'm satisfied with my research and feel much more qualified to discuss passwords and authentication in the future. Being aware of a topic is often half the battle in the first place, and my hope was that people would be made more aware of how password systems work/break so they could make informed decisions as IT professionals.
No comments:
Post a Comment