in reply to Re^9: Password strength calculation
in thread Password strength calculation

This attitude is the real problem. I don't mean you specifically, but generally across the web and beyond. Users are too stupid to remember more than one long word, so we'll have to force them into using mixed case and puntuation to achieve security!
Well ... yes and no. It's true that it's often done but it's not what Cracklib enforces. And yes, it's stupid---but something rather different from preventing stupid users from using "joe" as a password.
Yet every password guide or ruleset I've every read on a website goes with some variation on the 6-8 characters with at least 1 digit and 1 punctuation and "Don't share passwords between sites". We've programmed people into the very habits that lead to all the problems we are now having.

Also mostly true. I blame it on people (except for Phil Zimmermann and Randall Munroe) not actually thinking about what they're doing when writing such guides but always passing on "common knowledge" from a time when system passwords were limited to 8 characters.

However, having several passwords makes complete sense. Every day tens of thousands of passwords get snatched by trojans, and often (had it happen so several friends of mine) it's because people entered them on notoriously dodgy internet café machines. Now if I can't avoid entering say my freemailer passphrase on a potentially infected machine (I'm paranoid enough to have a Knoppix USB stick on my keyring to avoid having to but I wouldn't ask that of everyone) I'd hate the Nigerians to get the passphrase to my PGP keys and work computers as well. So I just have a handful of different passwords that I use depending on how secure I think their respective site is, and the higher security ones just don't get entered anywhere I can't be reasonably sure the system isn't safe.

Replies are listed 'Best First'.
Re^11: Password strength calculation
by BrowserUk (Patriarch) on Jan 21, 2012 at 21:04 UTC
    However, having several passwords makes complete sense.

    I'm not for one minute suggesting that everyone should only use one pass-phrase everywhere. Only that it is several trillion times safer to use use 1 x 20-char phrase, than it is to use half a dozen unique 8-char passwords.

    And obviously, it doesn't make a jot of difference if you allow it to be overseen or keylogged.

    But 4- 6- and even 8-char minimums are so easily crackable, that they are almost pointless. They are the very epitome of 'a false sense of security'.

    All I'm suggesting is that anyone who is newly implementing an authorisation mechanism should stop, think, read the research, and then be different. Make a difference. Don't just copy what were pretty iffy mechanisms when they were invented back in the '80s.

    With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.

    The start of some sanity?
[reply]
      I'm not for one minute suggesting that everyone should only use one pass-phrase everywhere.

      If "think carefully about what passwords you use on what site" is too complicated for J. Random User, rather tell them something simple like "use different passwords on different sites (and a password manager)". I've had many discussions with support people in my last job where all the technical stuff that I thought might be valuable information to communicate was usually radically culled and replaced with something I felt was oversimplified. But the guys did have a point or two.

      Only that it is several trillion times safer to use use 1 x 20-char phrase, than it is to use half a dozen unique 8-char passwords.

      And obviously, it doesn't make a jot of difference if you allow it to be overseen or keylogged.

      But 4- 6- and even 8-char minimums are so easily crackable, that they are almost pointless. They are the very epitome of 'a false sense of security'.

      Don't believe the hype. The reason why all these GPU guys quote NTLM passwords as benchmarks is they're ridiculously easy. John on an AMD 1090T cracks them at between 0.7 and 28 Million a second depending on the version. Compare that to say PHPass MD5: well under 3900/s; BSD Blowfish in the same ballpark; Apache MD5 around 16k/s. At these rates (even GPUs can't significantly change the ratios), your $20 to search all 8-char passwords suddenly turn into $144,000 for a PHPass hash. 8 characters are good enough for most things even on buggy sites that disclose their hashes. Most of these hashing methods (with the notable exception of NTLM) use password stretching already so the difference between 8 and 20 characters will not be as big as you think either. Sure, the length doesn't matter if it's keylogged, the point about that was that you don't want your passphrase to too many places compromised in that case.
      All I'm suggesting is that anyone who is newly implementing an authorisation mechanism should stop, think, read the research, and then be different. Make a difference. Don't just copy what were pretty iffy mechanisms when they were invented back in the '80s.

      Fully agree. But that includes actually doing the math¹ before letting people use their mother's name and thinking it was more secure than an 8-character randomish password.

      ¹ OK, my calculation isn't quite correct but the error isn't larger that the amount I rounded the result up by anyway.

[reply]
        Don't believe the hype.

        Sorry, but you are out of date. There is no hype. It is not just NTLM that is vulnerable to GPU attacks. Vis.

        • 160-bit SHA-1 for $2.
        • WiFi. Not just WEP but also WPA & WPA2 (and MD5 & more)

          And that means your "100 ms of hashing" is no defence either, because WPA2 uses:

          Pre-shared key mode (PSK, also known as Personal mode) is designed for home and small office networks that don't require the complexity of an 802.1X authentication server.9 Each wireless network device encrypts the network traffic using a 256 bit key. This key may be entered either as a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters.10 If ASCII characters are used, the 256 bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1.

        I think we are done now.

        With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
        Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
        "Science is about questioning the status quo. Questioning authority".
        In the absence of evidence, opinion is indistinguishable from prejudice.

        The start of some sanity?
[reply]

In Section Seekers of Perl Wisdom