Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.024
X-Spam-Evidence: '*H*': 0.95; '*S*': 0.00; 'odd': 0.07; 'bits': 0.09; 'etc).': 0.09; 'processing,': 0.09; 'second.': 0.09; 'cc:addr :python-list': 0.11; '65536': 0.16; 'banks.': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'grep': 0.16; 'it),': 0.16; 'lower-case': 0.16; 'password,': 0.16; "someone's": 0.16; 'subject:Password': 0.16; 'subject:issue': 0.16; 'subject:security': 0.16; 'targeting': 0.16; 'wrote:': 0.18; 'cc:addr:python.org': 0.22; 'password.': 0.24; 'cc:2**0': 0.24; 'header:In-Reply-To:1': 0.27; '[1]': 0.29; 'am,': 0.29; 'words': 0.29; 'message-id:@mail.gmail.com': 0.30; "i'm": 0.30; '(which': 0.31; 'usually': 0.31; 'fast.': 0.31; 'option': 0.32; 'entirely': 0.33; 'problem': 0.35; 'etc': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'add': 0.35; 'consist': 0.36; 'passwords': 0.36; 'words,': 0.36; 'possible': 0.36; 'seconds': 0.37; 'christian': 0.38; 'mine': 0.38; 'rather': 0.38; 'how': 0.40; 'even': 0.60; 'most': 0.60; 'hardware': 0.61; 'more': 0.64; 'mar': 0.68; 'low': 0.83; '*and*': 0.84; 'alone,': 0.84; 'insecure': 0.84; 'short,': 0.84; 'passwords,': 0.91; 'system:': 0.91; 'to:none': 0.92; 'taught': 0.96
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=P7k8tI905d37/7+06ieLZ7mOB1+wpeCMUBWzyvHWGwQ=; b=Iq1Nq0QUQVu6NCtxGnUeHEESdNLTybwolT6m6I0eiq8UwcTjxpYfyGUnXbTV5R8Dip 3YKnKfoUDkWw58sMEcSaGZ0/yE3ICuZXdUEBhja5bvoeo0qTSumrwQQBivaYnOFygp1a pA/rdJMfzLmuZ/JnfX3EaQQoJ2qf2z7uwdqU08G63BmyVK2VZJ9DeTtGU5e9E5BB3Aa3 uTlKQVSoaPFDjSjZ5yMiXBDwroteYMUf9yHKRJNlKfjVWhSLWb0fCDoI/VF4nB1RGN81 gdrwlPvPb0bXbVv1hVaTWl+eZr4mtNE9wNBlxGz1+hD+c9AMg9wme61cZtW/mthFd0LV HNHQ==
MIME-Version: 1.0
X-Received: by 10.68.240.36 with SMTP id vx4mr233312pbc.140.1393704709641; Sat, 01 Mar 2014 12:11:49 -0800 (PST)
In-Reply-To: <letdt5$1g3$1@ger.gmane.org>
References: <09f43567-779e-4d01-8621-c4eb36354d99@googlegroups.com> <CAPTjJmqCTLqXgmHMm2QGYJB1MmYEnhMV3OGe0jPc_UOoUQ9gQA@mail.gmail.com> <let920$fmn$1@ger.gmane.org> <CAPTjJmq0MYQugUnsL52ZN0um=V3iABHmM4+vsffD=+2YV7t=MA@mail.gmail.com> <letdt5$1g3$1@ger.gmane.org>
Date: Sun, 2 Mar 2014 07:11:49 +1100
Subject: Re: Password validation security issue
From: Chris Angelico <rosuav@gmail.com>
Cc: "python-list@python.org" <python-list@python.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.7535.1393704717.18130.python-list@python.org>
Lines: 29
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1393704717 news.xs4all.nl 2958 [2001:888:2000:d::a6]:37517
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:67347

On Sun, Mar 2, 2014 at 6:54 AM, Christian Heimes <christian@python.org> wrote:
> Yes, for most applications brute force is still the best option to crack
> the password. Passwords are usually rather short, have a low entropy and
> modern hardware is insanely fast. With software like [1] and a fast GPU
> it is possible to do more than 10*10^9 checks/second for SHA-256.

Using XKCD 936's estimate, 44 bits of entropy would still require
17592 seconds of processing at 10^9 per second. That's not a lot if
someone's personally targeting you *and* they know you use XKCD 936
*and* know the exact set of 2048 words that you drew your password
from *and* they know how you lay them out (spaces between, no spaces,
whether or not you capitalize the words, etc etc). Not knowing any of
these would add a few more bits of entropy; and if you use
/usr/share/dict/words and take only those words which consist entirely
of lower-case letters, then your corpus is over 65536 words [1], so
you have 64 bits of entropy. Even at 10^10 checks/second (which is
what 10*10^9 is, but that's an odd way to write it), that would be
21350 *days* of dedicated processing, just to crack the one password.
If cracking my password, and mine alone, in sixty years, is considered
"insanely fast", then I'm going to keep using SHA-256 for a while.

The problem isn't SHA-256. The problem is insecure passwords, the way
we've been taught to make them by the banks. Hence, XKCD 936.

ChrisA

[1] On my Debian Wheezy system:
$ grep -c '^[a-z]*$' /usr/share/dict/words
72861