in reply to Re^3: Password strength calculation
in thread Password strength calculation

If I know your site doesn't accept passwords of less that 6 characters, that is somewhere between 782,757,789,696 and 308,915,776 permutations , depending upon what other silly restrictions you have in-place, that I don't have to try. Why make my life easy?

Using uppcercase, lowercase and digits you have 62^6=56,800,235,584 combinations---a whopping 0.000000002% of the remaining search space if we assume an upper limit of 12 characters. That's like making your work easy[tm] by shaving 50 µs off your 8 hour working day :)

This only becomes relevant anyway in the worst case of someone getting to your password DB. Nobody's gonna try that many combinations online; under the completely unrealistic assumption of 1000 parallel connections that each try 10 passes a second it would still take over two months. What people (and password crackers like John the Ripper) do first is take a dictionary, try that, then reverse, substitute some letters with more or less obvious digits, rinse and repeat. Password policies are supposed to keep people from using "dog", "johN" or "m0mmy" as passwords that indeed have a chance of being found by such attacks. They save an attacker a negligible amount of time if he's really going to try all combinations but not having any saves him close to 100% because he can count on some people stupidly choosing a dictionary word or the like.

Replies are listed 'Best First'.
Re^5: Password strength calculation
by BrowserUk (Patriarch) on Jan 20, 2012 at 22:26 UTC

    Once passwords are hashed, (and no one stores unhashed passwords right!), the stored hashes all end up the same length regardless of the length of the input. So any reduction in the possibilities just makes things quicker. And quicker, just means cheaper...

    Here we have a (single) gpu cracking 8-character hashed (NTLM) passwords that would take 1 year using a fast cpu, in 18 hours. At a rate of 3.334 billion passwords per second!

    Here we have clusterable twin-GPU AWS instances for $2.10 per hour. So for less that $20 you can crack 8-char passwords, from their hashes in an hour.

    And the proof it's possible: German 'hacker' uses rented computing to crack hashing algorithm - Brute force PAYG hack attack cracks SHA1 hashes – for $2

    The only effective defence is increasing the possibilities.

    With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.

    The start of some sanity?
[reply]
      Once passwords are hashed, (and no one stores unhashed passwords right!), the stored hashes all end up the same length regardless of the length of the input. So any reduction in the possibilities just makes things quicker. And quicker, just means cheaper... Here we have a (single) gpu cracking 8-character hashed (NTLM) passwords that would take 1 year using a fast cpu, in 18 hours. At a rate of 3.334 billion passwords per second!

      I'm well aware of current cracking capabilities (and the relative ease of calculating NTLM hashes BTW). But to do that, an attacker has to get at the hashes first, which assumes he's hacked your application already. Only in that case do make his work easier and cheaper: if we assume the conditions of your example and only allow 7- or 8-character passes, it's not 0.000000002% but 0.025%. So on his 1-hour cracking session he's saved 0.9s or 0.5 cents.

      If however our hashes have not been disclosed, all of that is hypothetical. In that case, network bandwidth and the overhead of your application is the limiting factor when bruteforcing. In that case, only simple dictionary attacks have a chance of succeeding. And that's what is actually going on---just watch auth.log on any internet-facing server with SSH enabled!

      To guard against GPU bruteforcing of disclosed hashes, the only practical solution (as people can hardly be convinced to use different 20+ character passphrases everywhere) is key stretching. If you use so many hashing rounds your machine takes 100 ms to calculate a hash, that doesn't hurt you much. A GPU may do it it 100 µs or whatever then but that's still impractically slow for bruteforcing.

[reply]
        If however our hashes have not been disclosed, all of that is hypothetical. In that case, network bandwidth and the overhead of your application is the limiting factor when bruteforcing.

        There are many well-known mechanisms for defeating front-of-house attacks that are far, far more effective than password rules:

        • Insert an obligatory 5 second delay between accepting the password and the acceptance/rejection.

          Even with 1000 concurrent attack vectors, a minimal 4-char password of upper-case-alpha only will require 2 weeks on average to crack.

        • Start with a 1 second delay and double it after each failure.

          Even a single character password will take an average of 1 year to find.

        • Require email contact after 3 failed attempts.

          Possibly the most effective.

        To guard against GPU bruteforcing of disclosed hashes, the only practical solution (as people can hardly be convinced to use different 20+ character passphrases everywhere) is key stretching. If you use so many hashing rounds your machine takes 100 ms to calculate a hash, that doesn't hurt you much

        (To the emboldened bit): Actually, they can.

        The simple fact is that using the same 20-char pass-phrase everywhere is far more secure than using a different 8 character passwords at each site. And far easier to remember than multiple passwords.

        And, if the information was out there and people would take notice, coming up with a single, memorable pass-phrase is actually quite easy:

        'the quick brown fox', 'every good boy deserves favour', 'nine eleven two thousand and one'. 'marge, bart, and lisa', 'red orange yellow green blue indigo violet', ...

        Even if the hash of your one passphrase is disclosed somewhere, cracking will take so long you'll be dead before you are vulnerable on other sites.

        With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
        Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
        "Science is about questioning the status quo. Questioning authority".
        In the absence of evidence, opinion is indistinguishable from prejudice.

        The start of some sanity?
[reply]

In Section Seekers of Perl Wisdom