Myths of Password Security(stormpath.com) |
Myths of Password Security(stormpath.com) |
Hashcat is a tool who's goal is to do various hashing functions as fast as possible in both CPU and GPU (depending on what the user has available). Where the tool gets interesting is the attack modes[1] it has. Each of the attack methods has different use cases, but I would say Rule-based and table-lookup are both fairly interesting (allow for smart generating of test passwords so things it's not a full character set brute-force).
Now, you have other groups that are going out and doing analysis on database password leaks[2]. This site tries to crack as many passwords as it can from publically leaked password databases (such as Gawker ane EHarmony), then do an analysis of the passwords they have cracked thus far. People can then use this data to write rules for Hashcat or other tools to possibly crack passwords a lot faster.
As rules for passwords change and people change their password habits, the crackers will adjust their methods. While this article does bring out some interesting points about passwords, it can still be good to know what tools the crackers have at their disposal so you can think about how to craft a password that won't be easily cracked.
[1] http://hashcat.net/wiki/#attack_modes
[2] http://www.adeptus-mechanicus.com/codex/hashpass/hashpass.ph...
Please do tell clearly when username was wrong. It won't disclose anything new, because you're already disclosing this information by validating registration form (and reg form will even disclose existence of registered e-mails by forbidding duplicate registration), existence of profile URLs, all kind of "add a friend" APIs, etc.
If you're really concerned about somebody compiling list of usernames by brute force (and you've patched all other places where you disclose it) then put rate limiting on the login form (you should have it anyway to prevent brute forcing of passwords).
It's not only bad from that point of view, but also the attacker now knows you have a account there and so could try social engineering techniques to gain access to your account, it basically provides a attack opportunity that it doesn't have to.
There are about 180000 words in English (but don't assume everybody knows 180000 words). That means that for three words, you have at most 5.810^15 options.
For a password with mixed case and numbers, you have 62 different characters. With, 9 characters, you have 1.310^16 options.
I can understand that people would prefer common words to remember them, but they are not that much stronger.
The best password is the password I don't need to remember: generate long random passwords, and store them in your browser, in Keepass, LastPass or whatever system of your choice.
XKCD's oft-quoted comic uses 4 words. That would be 100000 times stronger than using just 3 words, and vastly superior to your example of a random 9-char password. The article's own example, "golf kangaroo crispy halitosis", also uses 4 words.
I agree with you that long random passwords are the way to go, but even in that case you need to remember at least one password: the master password to your password manager. It would be a good idea to make that a string of 4 or more words. My LastPass master password consists of 5 words with a bunch of symbols sprinkled in between, and my banking password is 4 words in a foreign language.
i.e. "jjjjjjjjjjjjjjjjjjjjjjjjjjjj" is 224 bits as a string. Huffman-encoded, you only need 0=j as a code to convert it into 28 bits, a compression of 87.5%. So this is a good way of actually checking the security of a password, if it seems to have high entropy.
I don't like this meme. Because it's not necessarily "more efficient." Like most things, it depends. If I have a password made of 10 lowercase characters, it's much better to replace with an upper case character rather than add another lower case one.
Option 1) Add a lower case character. Password is 26 times stronger.
Option 2) Replace 1 upper with 1 lower case character. Password is 1024 times stronger.
Identical entropy, extra theatre.
Hopefully such systems don't exist.
Instead most attackers have to run through the obvious, then through brute forcing against the known character set.
Take point #4:
> "4. MYTH: Two-Factor Auth Means Any Password Will Do" > > This is absolutely not a dismissal of multi-factor auth. Use it when it’s available! Two factor is on the Stormpath roadmap, and we use it for many backend systems. Just don’t consider it a substitute for strong passwords.
The example that the OP blithely cites is Cloudflare's incident in 2012, when CloudFlare's CEO explained how his GMail account got compromised despite activating 2-factor authentication. However, if you actually click through the post, you see that CloudFlare's problem had nothing to do with a weak password, but a flaw in AT&T's authentication procedures which allowed a hacker to bypass GMail's password/auth requirement with a little social engineering. It had nothing to do with the CF CEO's password, which he says was strong and 20-characters long. In his case, it wouldn't matter if the password was 8 characters long and a dictionary word, if 2-factor auth worked as it was supposed to.
http://blog.cloudflare.com/post-mortem-todays-attack-apparen...
And that's kind of the whole dilemma of security, isn't it? That certain maxims ("Your password should be x characters long and contain y different kinds of characters") do not universally apply, and that the implementation of security protocols is extremely important into understanding your potential to be hacked. The OP's mythbusting is somewhat counter-productive here.
The only viable security I can think of is if we have distributed public key infrastructure. Bitcoin style wallets. And securing the "PK wallets" is up to the end user. Persona is close I think - so if the app fad/insanity finally dies we will be on a good track.
Yes there is: you use a real RNG to generate your password. A good option is http://passphra.se. Just remember that you can't go clicking "Generate Another!" until you find something particularly memorable, or you'll be sacrificing an unknown amount of entropy by narrowing the space to memorable passwords. Better to keep the phrase somewhere safe (encrypted) until you have managed to drill it into your head. I like to fit the phrase into a sentence, which adds both memorability and entropy.
For example, it just gave me: "song surprise calm task", which I might turn into "Sing a song of surprise, and resume your calm task.", which Dropbox's zxcvbn tool estimates at 141 bits of entropy. If a password form has a character limit, you can initialize the sentence, yielding "Sasos&ryct", which zxcvbn rates at a not-too-shabby 52 bits.
This is fake security trough obscurity. You can get pretty secure passwords nowadays by just concatenating your username and site domain and md5-ing them and taking the first half. It generates awesome passwords ... until you are the only one using this way of deriving passwords.
The human brain is not suited for remembering long complex passwords. Even less suited for unique for every service.
Question for the smarter people out there. If everyone started using passwords like "donkey computer watch" would this mean that this format would then be much easier to crack as opposed to xy7*hdkSD
Security is a bit of game theory right?
But it's not a question of maximizing entropy. It's a question of maximizing entropy relative to the human brain's ability to remember it. The brain handles words as single units, so it's a lot easier to remember three of them than eight or more arbitrary characters.
Having said that, does any cracker even try for something like jjjjjjjjjjjjjjjjjjjjjjjjjjj? If I were trying to brute force password, I would think that such a password would be relatively safe simply because it's such an irregular pattern.
Here's my response to that: https://news.ycombinator.com/item?id=5546741
tldr: I could try all repeating characters so fricking fast it would be worth it to build into a cracker.
People tend not to bruteforce passwords. People tend to use dictionary attacks. I don't know if any current wordlists include 'jjjjjjjjjjjjjjjjjjjjjjjjjjj', but it'd be easy enough to create a wordlist that is just repeated characters.
$ wc -l /usr/share/dict/words
99171 /usr/share/dict/words
$ rl -c 4 /usr/share/dict/words | xargs -d\\n
contortionists mocking Alphard soling
$ rl -c 4 /usr/share/dict/words | xargs -d\\n
Toni's dish's mauled spillages
$ rl -c 4 /usr/share/dict/words | xargs -d\\n
expedited tireless interneships tranquiller
$ rl -c 4 /usr/share/dict/words | xargs -d\\n
bohemian rogering unkindliest ayes
As for the problem of strong, memorable passwords that can stand up to offline attacks, there is still a gap (a 253 bit password made of 11 bit words would be 23 words long), but I don't think the problem is unsolvable. A project I am interested in working on when I have time is one that produces very long, but memorable high-entropy passwords with rigorously quantified entropy by generating evocative, grammatically structured sentences, using a carefully selected word list and a set of mad-libs style templates.
So to get a ~256 bit pass phrase, you might be left to type out a 50 word poem. It would take effort to memorize, but it would be reasonably doable, whereas memorizing a random 39 character password is extremely difficult for most people.
Moreover, since you'd be working with a limited set of words and grammatical constructs, the password entry form could have robust auto-correction so that typos and spelling errors wouldn't be a significant problem.
In the context of this discussion, of course we'll all say that. Does any actual cracker program try for that, though? Not to my knowledge.
Some people are using all repeating characters if they can get away with it. ESPECIALLY because articles like this keep hinting that they are decent.
It doesn't matter how small this percentage of people is. The time it takes to check against it is infinitesimal and the reward is nonzero. If I were building a cracker, I would do it and not just because it's the topic of discussion.
Use a long, complex password. Period.
However practically we know the history of password crackers, and while it's easy to look at specific examples given and say "Oh I would totally crack for that", in most general cases they wouldn't be cracked. On the flip side, passwords that are dictionary words following by numbers and or punctuation are cracked because they are exactly what people migrated to once complexity rules were implemented.
Those do not have remotely equal entropy.
What I'm describing are passwords like
T1g3rF33t Cam3lT03
etc.
All dictionary stuff along a theme, but made "secure" by applying a zero-entropy substitution of all occurrences of (L,O,A,E) with (1,0,4,3).
Given that crackers know people do this, they add them to their dictionary attack routines so this is no more secure.
Given I'm still fighting with them over, "don't store passwords plain text" I've not even begun to attack them over this practice yet.
If so, you will have to maintain either a bloom filter or a list of hashes for all eternity to ensure that nobody signs up twice with the same CC number. [Edit: actually, you could keep the scrambled CC data for a finite length of time if you're just trying to rate-limit, but still see below]
So suppose you've done all that. Are you going to do a test charge to see if the credit card number is valid before allowing the user to choose a username? If you don't, your efforts are wasted, since anyone can just use a CC generator (they're used for testing) to sign up for new accounts all day. If you do, you've probably driven away 99% of your users with your ridiculous signup process.