Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.security.misc > #1284
| From | Rich <rich@example.invalid> |
|---|---|
| Newsgroups | alt.os.linux, comp.os.linux.misc, comp.security.misc |
| Subject | Re: random passwords |
| Date | 2018-08-23 15:12 +0000 |
| Organization | A noiseless patient Spider |
| Message-ID | <plmiso$i0s$1@dont-email.me> (permalink) |
| References | (2 earlier) <plko2r$i9f$1@tncsrv09.home.tnetconsulting.net> <plkv63$ab3$1@dont-email.me> <pllofa$fbr$1@news1.tnib.de> <plm57g$p91$2@dont-email.me> <878t4xgouh.fsf_-_@miko.siamics.net> |
Cross-posted to 3 groups.
In comp.security.misc Ivan Shmakov <ivan@siamics.net> wrote: >>>>>> Rich <rich@example.invalid> writes: > > [Cross-posting to news:comp.security.misc, as this article's > matter is not specific to GNU/Linux.] > > [...] > > > For password auth, if a proper length, properly random, password is > > utilized, the space of possible keys (passwords) is already large > > enough that even with knowledge of the username, an attacker will > > not guess the password in any reasonable timeframe. > > > Sadly, too many folks passwords are much too weak (not proper > > length, not randomly generated) > > I'm actually curious on what recent research says about the > amount of randomness that one should have in one's password? Can't comment on specific research, don't have the citations to reference. > (Or, to put it other way around, how simple one password has > to be for it to be possible to break it in reasonable time > under one threat model or another?) Typically, the analysis is comparing the actual threat model to brute force of the password (brute force will always work, just not in a reasonable timeframe if the number of combinations to test is sufficiently large). So, for some 'brute force' data one has to set some parameters to measure anything, so lets pick some parameters (math below performed with 'bc' command): 1) 8 character password (traditional Unix crypt() password length) 2) A system (cpu/gpu/asic) that can test 1 billion passwords per second A) password selected from the 26 lowercase ASCII letters: 26 letters, with 8 positions, provides 26^8 possible combinations: $ echo "26^8" | bc 208827064576 So 208 billion possible combinations. But at 1 billion tests per second, brute forcing that one will take, on average [1] 104 seconds and at most 208 seconds. So, eight characters, just lowercase, not secure. B) password selected from 26 lowercase and 26 uppercase ASCII letters (total of 52 characters): echo "52^8" | bc 53459728531456 Doubling the possible number of letters, we now have 53459 billion possible combinations. At 1 billion tests per second, that will take 26729.5 seconds on average and 53456 seconds worst case. But, 53456 seconds is only 14.84 hours. So this is still insecure. C) password selected from the 95 'printable' ASCII characters (I'm including space in the printable set here): $ echo "95^8" | bc 6634204312890625 6,634,204,312,890,625 Now we have 6.6 million billion possible combinations. Worst case at 1B tries per second is 6634204 seconds. That many seconds works out to 76.78 days. Much more secure than A or B, but still, 76.78 days is not that long, so even this is insecure. D) Any possible byte value is allowed as a "password character". So now we have 256^8 combinations, which works out to: $ echo "256^8" | bc 18446744073709551616 18,446,744,073 , 709,551,616 If I'm counting correctly, we now have 18.4 billion billion combinations. Best case (half the time of the maximum) we have 9223372036.5 seconds to find the password. That works out to this many days: $ echo "scale=2; 9223372036/60/60/24" | bc 106751.99 And 106751 days is 292.27 years (at 365.25 days per year). For most humans, a password that will likely take 292 years to find is going to be largely considered secure (even if it is 8 characters). This is why all of the literature is always hammering on "longer passwords" and "use more of the possible letters/characters/bytes". Increasing the number of possible letters/bytes in use, and/or the length (updating the math above for a longer password is an exercise left for the interested reader) is the most effective way to thwart attacks. And 'random generation' of the password is the easiest way for humans to "use more of the possible letters/bytes" available as the password value. [1] reason is that a brute force attempts will, on average, need to only try 1/2 of the possible space when attacking large numbers of different passwords. Any given single password will take whatever number of tries it takes. > For instance, there's an entire class of passwords, such as > ghjDthrf1 and gf!Hjkm, which, while most certainly /not/ random, > would require some rather specific assumptions about the targeted > user to guess correctly in a reasonable number of attempts. The thing is, systems like jack the ripper that are tuned to password cracking already have hundreds of possible rule sets to try various different 'patterns' that humans come up with for creating 'random looking' passwords that really are not random. And as humans generate new rule sets, those end up getting added to the jack the ripper rule sets, negating their general value for adding security. > The obvious problem with completely random passwords is that > they generally require some means to store them securely, and > these means in turn may become both an attack vector and a > single point of failure. Yes, but humans are notoriously bad at selecting strong passwords when left to their own accord (beyond a very few who understand the value of proper selection of possibilities). A password manager program allows any given, quite non-random, human to actually create passwords that are more truly random than anything the human themselves would naturally create. Having truly random passwords, selected from a large enough set of possible characters, and of a sufficient length (doubling the length of the password examples above markedly changes the timing factors) provides much better security at the small expense of the password manager being a single point of attack. But, if you, joe random internet user, are being targeted at such a level that your attacker is attempting to breach your local system to obtain your password manager data file (most of these are stored encrypted themselves) then you are in a whole different level of attack senario than what most individuals need to protect themselves from. So the benefits of a manager far outweigh the costs of the manager. Note in the above I'm only considering locally stored manager files. Those managers that store one's passwords 'in the cloud' naturally do create nice attack vectors and single points of failure (because now, instead of attacking "you" individually, the cracker has to attack "cloud password manager X" and if successful, he/she obtains passwords for many users at once. So the payoff vs. risk scale there is weighted heavily in favor of the huge payoff from the 'cloud storage' managers. > FWIW, I tend to prefer "word-based" passwords (or even > "sentence-based"; not dissimilar to, say, 2onEjoy) to random ones. Single dictionary words are trivial to crack in very short time frames. Jack the ripper, with a sufficiently long word list, will find a dictionary word in a very short time frame. Sentence based ones are better than pure word based ones, but there's still patterns in sentence based passwords, patterns that can be formulated into patterns for tools like jack the ripper to test against. Yes, that increases the time of the attack, but nothing like how the numbers blow up when the password is based on "any one of the characters from large set X could appear here" (random generation). > > that having the username not be easy to deduce does add security for > > them. But their proper solution should be to "utilize a proper length, > > properly randomly generated, password" rather than "hide my username". > > Another important measure to use is to limit the number of > authentication attempts per unit of time. Applying a generous > number of iterations of a message digest function to the password > already does this, but also using something along the lines of > fail2ban won't hurt. You are assuming an online attack. For that threat senario, yes, a slow down in attempts and/or a fail2ban block will, typically, keep even a weak password from being 'found'. But most attacks today are not "online" they are "offline". And those are where the attacker managers to get an online service to cough up their stored password data, and the attacker is then free to go somewhere else (AWS, their 5 GPU cracking box under their desk, etc.) with sufficient computational resources to try to crack the passwords. And there a fail2ban or online slowdown is ineffective. This is the typical attack senario today (offline), which is why a randomly generated password of sufficient length is the best one to use (even if doing so requires a password manager and creates a single point of failure). The user with the password manager's randomly generated password of sufficient length simply will likely not have their password cracked by the attacker. The password manager also gives one additional benefit. It removes the human incentive (limited ability to memorize 'passwords') to reuse the same password across plural sites. Each site can have a unique, random, password, with zero reuse. Which limits the damage should an attack get lucky and succeed against one of those passwords. Only that one password, on that one site, is revealed. The remaining sites passwords are still safe, and the user only has to deal with the mop-up of that one site. Of course, depending on exactly which site was that 'one site' (i.e., banking site) determines the actual damage the user incurs.
Back to comp.security.misc | Previous | Next — Previous in thread | Next in thread | Find similar
random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 14:05 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-23 09:47 -0500
Re: random passwords Wouter Verhelst <w@uter.be> - 2018-08-24 10:16 +0200
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:46 +0100
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-24 09:19 -0400
Re: random passwords Daniel60 <daniel47@eternal-september.org> - 2018-08-25 21:57 +1000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-25 13:32 +0100
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-08-23 15:50 +0100
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 16:40 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:12 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-08-23 18:49 +0100
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-09-01 13:45 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-09-01 15:02 +0000
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-09-01 16:54 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-09-04 07:37 +0100
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 15:12 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-23 12:49 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:18 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:27 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:44 +0000
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:38 -0600
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:47 -0600
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-24 02:20 +0000
Re: random passwords Jasen Betts <jasen@xnet.co.nz> - 2018-08-24 05:10 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 02:32 +0100
Re: random passwords Rich <rich@example.invalid> - 2018-08-24 01:56 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:37 +0100
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 20:13 -0600
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:42 +0100
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-24 11:55 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-24 08:37 -0400
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-24 13:51 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-24 12:41 -0400
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-25 02:03 +0000
Re: random passwords Java Jive <java@evij.com.invalid> - 2018-08-25 11:32 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-25 07:49 -0400
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-27 23:12 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-27 23:40 +0000
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-27 20:10 -0400
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-28 00:17 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-27 20:52 -0400
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-27 22:31 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-28 10:23 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-28 14:45 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-28 23:00 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 01:22 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-29 07:21 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 11:37 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 12:25 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 19:35 +0100
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-29 17:46 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-30 06:53 +0100
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-30 07:48 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-30 19:07 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-31 00:36 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-31 03:10 +0100
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-31 12:26 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 23:36 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 11:35 +0100
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-29 23:45 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-24 18:07 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-24 20:27 +0000
Re: random passwords Bud Frede <frede@mouse-potato.com> - 2018-09-03 07:23 -0400
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 16:57 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:07 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:02 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 17:25 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:32 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:46 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 18:07 +0000
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:51 -0600
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-08-24 02:35 +0000
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-25 11:13 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-25 17:24 +0000
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-25 13:17 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-25 20:27 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-25 21:28 -0500
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-26 01:19 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 13:43 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-26 14:15 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 15:18 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 09:30 -0500
Re: random passwords Michael Black <mblack@pubnix.net> - 2018-08-26 11:44 -0400
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-26 16:40 -0500
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 21:11 -0500
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-08-28 13:29 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-28 14:32 +0100
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 07:17 +0100
Re: random passwords Melzzzzz <Melzzzzz@zzzzz.com> - 2018-08-27 06:21 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 08:15 +0100
Re: random passwords Roger Blake <rogblake@iname.invalid> - 2018-08-27 22:44 +0000
Re: random passwords azigni <azigni@yahoo.com> - 2018-08-26 12:55 -0600
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 16:09 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 21:32 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 21:11 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 07:19 +0100
Re: random passwords Doug McIntyre <merlyn@dork.geeks.org> - 2018-08-26 00:41 -0500
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 06:48 -0500
csiph-web