Firewall Wizards mailing list archives
RE: strong passwords (was Radius/MS ISA stuff)
From: "Bill Royds" <broyds () rogers com>
Date: Tue, 9 Jul 2002 09:02:31 -0400
One of the best methods I have found is to get a copy of L0phtCrack (for NT) or Jack the Ripper/Crack (for NT) and go through a password table. When they see that you can find passwords so easily, they will start demanding better passwords. The reason that PIN numbers are so weak is that they are part of a 2 factor authentication. You need the card as well as the PIN and more than a small number of bad PINs as input will void the card. Despite the need for a card, it is a very weak form of authentication and there is a quite an underground business in copying card information (full copy of magnetic stripe) then cracking PIN. That is one reason that European banks are much more into smart cards with processors and strong encryption. North American banks have basically found that too complicated a PIN code will deter people from using the card, lowering profits. They are willing to pay for some losses for the increased business of a weak PIN. They don't really care that a customer gets stolen form, just that they are covered for losses. -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Daniel Djundjek Sent: Mon July 08 2002 19:39 To: Bill Royds; Ben Nagy; Paul Robertson Cc: firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] strong passwords (was Radius/MS ISA stuff) Gentlemen, I like your thinking on the crypto attack side of things relating to passwords, but I have a lightly different issue. How do you recommend to a IT manager, that they need to have a min. of 8 characters. I found the below article, but are you aware of any other articles or docs where companies are 'forced' by legislation or self regulated bodies to enforce such password control. When discussing entropy, MD5#, or different types of password attacks to a non-technical person it's difficult to convince them to go much further past 6 characters. http://www.securityfocus.com/infocus/1319 Think of it this way. Most PIN Numbers for banks to take money out of an electronic teller is 4 Digit's, and I can't remember the last time I was forced to change this PIN code... Regards Daniel Djundjek Senior Consultant -----Original Message----- From: Bill Royds [mailto:broyds () rogers com] Sent: Tuesday, 9 July 2002 2:36 AM To: Ben Nagy; 'Paul Robertson' Cc: firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] strong passwords (was Radius/MS ISA stuff) One statement you made was incorrect : For a completely random hex password it's a pure 4 bits of entropy per byte.[1] A byte is 2 hex digits (nibbles) so a purely random hex password has 8 bits of entropy. This improves passwords a little. If we only allow the printable ASCII characters we have 2^7 -2^5 -1 characters (all -control - DEL) which has 6.57 bits of entropy. If we use an 8 character password (typical Unix), then there are (2 ^ (6.57*8))=( 2^52.56) or 6.64E15 possible 8 character ASCII passwords. This can be readily cracked on a purpose designed parallel machine (< bits than DES) but not a home computer assuming MD5 is not harder than DES.A 20 TB store can hold them all. Not home computer but easy commercial size. Passwords are not a security fence, just a delaying tactic. But the size of a large English dictionary is about 300K words or about 18.2 bits of entropy (assuming that they are independent, which is not true), much smaller than 52.56 and easily cracked on a home computer. Even 2 words with a 3 digits and a separator will give no more than 40 bits. So the rule is: "if you can remember the password, it is easily cracked", Since this is a dictionary attack, it really doesn't matter about the hashing method since on can readily computer 2^40 word combinations and store the hashes and passwords in a 3GB database, even for MD5. -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Ben Nagy Sent: Mon July 08 2002 01:16 To: 'Paul Robertson' Cc: firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] strong passwords (was Radius/MS ISA stuff)
-----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Paul Robertson
[...] [This is Paul]
IMO, strong passwords are dead- dictionaries are too good now,[...]
[This is me]
I can't buy that without being shown more numbers[...]
[Paul]
I don't have great numbers[...]
[Me]
I'm not good at this sort of stuff
This is sounding fantastic, isn't it? Firewall Wizards - where the gurus hang out. ;)
but for the space required for the md5sums of typeable passwords at 12 characters I get 5.94e24 bytes,I'm assuming that's 116 printable characters?
No, I just looked at my laptop keyboard and went "1,2,3, um...4....", so it's only 94.
For time,with the 4.1e6 ops/second figure you quoted elsewhere for md5, I took a million processorsand [probably had my hand down my pants]
[lots of performance stuff snipped]
In '94 the estimates for finding a collison in MD5 were 24 days for a $10M custom-built machine.
I think that finding any MD5 collision is not a useful work comparison to guessing a specific password. Also, we already know that the collision thing (birthday attack) is the area of MD5 operation that crypto geeks are most worried about. [...]
Until then, I'd appreciate any other insights people have.
Let's look at it upside down (I should have approached it this way from the start). For a completely random hex password it's a pure 4 bits of entropy per byte.[1] Completely random typeables comes out at 6.55 something bits for my 94 character keyboard. Let's say that order 2^64 is still "safe" for work attacks (that's an arbitrary figure I Just Made Up. I get to do that because it's my email.). So, we need 16 random hex characters, or 10 random typeables. The trouble is that memorable or, worse, dictionary passwords have waaaaaaay less entropy than that. I've heard english language quoted as ~1.3b/b (so we need about 50 characters in our passphrase). Even passwords that people _think_ are random "because they just made them up at random" I'd guess would be under 4b/b. So, basically, Paul was pretty much right at the start in saying that strong passwords are "dead", because I'm prepared to bet heavily that very few people select truly random passwords of that length in practice. (Although I do routinely use md5sums of random things for VPN shared secrets).
Paul
Whee. I should be less flippant, but, oh well. [1] For those to whom this is confusing, I'll explain. There are 16 hex characters, right? And, like, 16 is 2^4, right? So, for this one character there are 16 possibilities, 2^4, ie "4 bits worth of entropy". You're allowed to just add these numbers up as you add more characters, because of mathy exponential goodness. There you go - now you can write "information theory" on your resume.[2] [2] I have no point here, I just like footnotes. -- Ben Nagy Delirious Sick Fool Mb: TBA PGP Key ID: 0x1A86E304 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: strong passwords (was Radius/MS ISA stuff) Daniel Djundjek (Jul 08)
- RE: strong passwords (was Radius/MS ISA stuff) Paul Robertson (Jul 08)
- Re: strong passwords (was Radius/MS ISA stuff) George W. Capehart (Jul 08)
- RE: strong passwords (was Radius/MS ISA stuff) Bill Royds (Jul 09)
- <Possible follow-ups>
- RE: strong passwords (was Radius/MS ISA stuff) Behm, Jeffrey L. (Jul 09)