Re: Passphrases v Password

[Steven Alexander <alexander.s () MCCD EDU>]

" How real it is depends on the format of your password hashes and how simple access is to that hash store."

For web applications, the password store is generally just a SQL injection exploit away.  For internal systems, access 
to the store probably depends on having admin rights so it could be difficult to access.  One of the reasons hashes are 
valuable, however, is that attackers who gain admin rights can use cracked hashes to preserve access and/or to gain 
access to other systems.  The risk doesn't go away just because the hashes aren't useful for gaining initial access.

You often do not have much control over the password hash used.  Most Unix/Linux systems support bcrypt, but you can't 
change the hash on Windows and it uses MD4 (which is an awful choice).  Many web apps use MD5 or SHA-1 (which are not 
really any better than MD4 for password hashing).  If you're writing a new app, it would be easy to just use bcrypt, 
scrypt or PBKDF2.  If you've already deployed an app using MD5, it may be difficult to change.  

Steven Alexander Jr.
Online Education Systems Manager
Merced College

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of shanna 
leonard
Sent: Tuesday, July 09, 2013 12:29 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Passphrases v Password

On 7/8/13 7:02 AM, Tim Doty wrote:
> I've been resisting, but I will point out that that xkcd significantly 
> overstates the entropy of English which ruins his analysis. Relying on 
> simple passphrases as protection against hash cracking

> doesn't work against real threats
>
> (http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-
> out-of-your-passwords/)

I'm not sure that I would call that a "real threat". How real it is depends on the format of your password hashes and 
how simple access is to that hash store.

In the offline cracking example given, the crackers had access to simple unsalted md5 hashes. This made their task 
significantly easier (in terms of compute time) than it would have been had they only had a copy of a well constructed 
password db, e.g. a good passworddb (e.g. counterpane's passwordsafe), or a set of "slower" hashes.

"slow hashes" with a reasonably well-constructed (e.g. mostly english 
18+ character master passphrase with a bit of perturbation, ie typo and
throw a few symbols in the middle) is still slow to crack  (e.g. 
passwordsafe discussion:)
http://sourceforge.net/p/passwordsafe/discussion/134800/thread/671fd0d4/#2a53

Likewise bcrypt linux passwords by default use 5000 encryption iterations and are computed much more slowly than simple 
md5 or NThash rendering them more difficult to crack than the example.
http://samsclass.info/123/proj10/comparing-hashes.htm
http://arstechnica.com/security/2012/08/passwords-under-assault/4/

"If the LinkedIn passwords had been hashed using bcrypt, I never would have been able to crack 90 percent of them," he 
told Ars in an e-mail. 
"The number of attacks I had to run, combined with the sophistication of the attacks I had to run to get many of the 
passwords [more than] 15 characters, would have taken literally centuries to finish.

That said, the race is certainly on - the crackers are nipping at the heels of what were recently considered to be 
well-constructed passphrases. Writing a complex completely random 20-character master password down on a piece of paper 
and putting it in your wallet is looking better and better! :)

Shanna Leonard
ssl () email arizona edu
University of Arizona

This email has been scanned by a Spam/Virus Firewall. If your email has been classified as Spam please contact the 
HelpDesk at (209) 384-6180.