Schneier on Security
A blog covering security and security technology.
« Animal Rights Activists Forced to Hand Over Encryption Keys |
| Movie-Plot Threat Described as Movie-Plot Threat »
November 29, 2007
How to Harvest Passwords
Just put up a password strength meter and encourage people to submit their passwords for testing. You might want to collect names and e-mail addresses, too.
For the record, here's how to choose a secure password:
So if you want your password to be hard to guess, you should choose something not on any of the root or appendage lists. You should mix upper and lowercase in the middle of your root. You should add numbers and symbols in the middle of your root, not as common substitutions. Or drop your appendage in the middle of your root. Or use two roots with an appendage in the middle.
Even something lower down on PRTK's dictionary list -- the seven-character phonetic pattern dictionary -- together with an uncommon appendage, is not going to be guessed. Neither is a password made up of the first letters of a sentence, especially if you throw numbers and symbols in the mix. And yes, these passwords are going to be hard to remember, which is why you should use a program like the free and open-source Password Safe to store them all in.
EDITED TO ADD (12/5): Note that I am not actually accusing them of harvesting passwords, only pointing out that you could harvest passwords that way.
Posted on November 29, 2007 at 7:03 AM
• 105 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I have no troubles remembering a sentence.
When you follow the link and read some of the info about strong passwords virtualy the first thing that hit my eye was...
"It contains both small case and upper case characters. This doubles brute force attack time, because it needs to check both cases."
Oh dear Oh dear Oh dear,
It doubles for every character in a pure alpha password so for a ten character password it would increase the "Brute Force" time by a little over a thousand (2^10 = 1024).
*rotfl* I wonder how many people actually hit "submit".
Another really good way to create a pretty strong password is to make use of your first or secondary language. For e.g. sinhala,tamil,urdu.. and type it in english. I guess that will stay strong as english dictionary wont have it!
On the subject of substitution, I noticed a while ago that to make passwords "stronger" everyone simply did basic substitution - e turned to 3, o to 0, etc. While this may look stronger, what it means practically is that people have dropped letters like o, e, a, and l from their passwords and just replaced them with numbers. It would be wise when brute forcing passwords to start doing the same thing.
And make sure, that you have another copy of your passwordsafe database in a secure place.
Diceware is an excellent way to generate strong and truly random passphrases:
Simply choose 5 words at random from their list of 7776 words. To choose each word, you roll 5 dice (six-sided).
The resulting passphrase is very easy to remember, yet very strong. Guessing a 5-word passphrase is about like winning the lottery a million million times in a row.
Here is an automated demo:
(Press the Random Passphrase button to try it.)
Here is a Perl script which does the job:
However, I recommend using real physical dice when security is paramount.
Some web sites do not accept these passphrases because they are too long or they don't have enough "special" characters. For cases like that, diceware does have a special page on how to create conforming passwords.
I distinguish between passwords that are nuisances and those that should provide security. For nuisance passwords I use simple words.
For secure passwords, I roll the dice. I have a plastic jar containing a number of dice. I also use a 6x6 table of 26 letters and the 10 digits. Each pair of dice give me row and column coordinates to select a character.
If upper and lower case is desired, I then flip a coin for each letter.
The common objection to my method is that random passwords are too hard to remember. I have not found that to be the case, and I've been using random generated passwords for years. It takes several uses, but after that my fingers remember which keys to strike even if I don't. I suppose it is because I used to play the flute.
My Windows password is an English sentence. No substitutions, easy to remember, and at 20+ characters, I'm fairly confident it will never be guessed.
I've always liked the diceware approach.
For systems where a password protects important data, I often use 64-128 bits of base85 encoded random data and pgp it for reference.
128 bits in base85 works out to 17 characters which is not bad for typing.
I've cracked many networks in my years as an auditor, and I must say that the easiest way has always been just to ask users for what you want. Someone usually trips up.
Passwords also need to be changed frequently enough that if they are compromised, their useful life is short.
To bad it´s pretty easy to recover a Windows password ;)
This is my favorite paper on this topic:
The Memorability and Security of Passwords Some Empirical Results (2000) by Jianxin Yan, Alan Blackwell, Ross Anderson, Alastair Grant
works for me
OMG now I have to change my password.
Never mind I change them every day.
Substitution can be effective. Watch the transformation of this passphrase into line noise:
"i like cheese"
"I like cheese!"
"I l1k3 Ch3£Se!"
Easy-to-remember, there's a little rhythm in the shift key, it's statistically fairly tough to brute-force, and even if someone sees you typing it they're not likely to figure it out.
I have to second Nevo's comment. As long as the application allows spaces, a full sentence with capitalization and punctuation is just as good against common brute force as randomly generated words. I tend to combine this with janantha's suggestion - the only problem (in remembering the passphrase) comes with transliteration inconsistencies. Of course I assume that, say, ISI agents trying to crack RAW systems use massive word lists of common variations of transliterated Indian-language words and phrases first.
"Passwords also need to be changed frequently enough that if they are compromised"
You contradict your own statement. You say if you want a password ask for it. Therefor changing passwords frequently doesn't work.
Forcing people to change passwords frequently forces them to use passwords that are next to useless.
To bad it´s pretty easy to recover a Windows password ;)
And too bad it's pretty easy to get root access into a Mac.
An easy way to choose a secure password is with password cards you print yourself.
Deal a password of whatever length you like. The cards include upper and lower case letters and numbers.
Make sure the cards do not spell out a word. If necessary, rearrange the cards.
@Tim: "You contradict your own statement. You say if you want a password ask for it. Therefor changing passwords frequently doesn't work."
Not really a contradiction. I understand your point, and I agree with most of it. If users freely give up their passwords, changes aren't effective.
The flip side is it increases the effort required to retain access by an unauthorized person. If the change interval is 30 days, on average a compromised password will be useful for 15 days. Then the unauthorized person must go through the motions again to regain access. This also increases the odds they will be caught if they have to call and BS people every month.
As with everything, it is a trade off.
I 2nd tim, frequent password changing has a very high cost that many 'experts' ignore. Another thing to be considered is that if you are assuming your passwords are being compromised and are mitigating that by making their lifetime 'short', how short is short enough? I've never met anyone who implemented a frequent password change policy who actually put real thought into the password period.
I like American Express's password policy. Your password must be at least 8, but no more than 10 letters or numbers. Case insensitive.
What's even better- if you try to create a longer password, it will accept it but silently chop it.
Anyone know the crack time of 36^10?
@Rich Wilson: "Anyone know the crack time of 36^10?"
On the flip side, an unauthorized person would have to be very unfortunate to have to guess every single password.
I agree with you--we should not change passwords under the assumption of compromise. However, I do believe forcing unauthorized people to work more frequently to retain access increases the odds they will get caught.
One of my pet peeves is systems that put serious limits on password strength. I've seen many systems that only allow letters, or only letters and numbers, no spaces, no punctuation. Combine that with systems that limit you to something absurdly short like 8 or 10 chars and I usually just take my business elsewhere.
For most things, I use Password Safe to generate a random password. I usually use 16 chars; if it's random, there's no reason not to use lots of chars since I have to cut/paste it anyway.
For things I need to personally remember (like the password safe combination) I use acronyms of sentences with L337 substitutions in some places.
My rule one is unfortunately not password strengthening: Use the character subset located equally on US and your native keyboard. It is so common that in single user mode keyboard is set to US and you have no idea where the characters are.
My rule two is better: Choose a pattern. I don't know what my password is, I just know how to type it - which is why I need rule one.
I use password safe myself. I have an insane password for it, and I use the max length for everything else.
Taking advantage of some limited musical talent, I don't find it hard to remember the key passphrase when using initial letters. I pick a song I know well and love, use the initial letters with sensible capitalization, keep the punctuation, and substitute a few numbers when it's too simple, and similar tricks. An old one: "Giictrl!" from the first line of a gospel song "God is in control!" In that case, I used the abbreviation for the CTRL key to replace the word.
I know it's best to use punctuation and other funky characters in passwords, but I never use them for website logins. I've been bitten too many times by poorly programmed sites that do wrong things with escaping special characters (particularly +, ?, or %) and end up breaking in subtle ways or preventing me from logging in, sometimes months after I set the password.
@janantha's suggestion for using one's second language as a source for passwords.
Although using, say, Urdu or Tamil could hamper a dictionary attack using English, there are pw cracking dictionaries for other languages, jargon, fan interest terms (e.g.; Star Trek), and so on.
If the attacker knows a bit about the password user's background, he could avail of dictionaries for the second language.
Also if the non-English word is used solely with letters and numbers, a brute force attack may come across the non-English word.
Using "chat alphabets" for certain non-Latin character sets may not be all that helpful. (For an example of a chat alphabet, see http://en.wikipedia.org/wiki/...
Using other languages as *a part* of the password generation process can be helpful. Using single words or common phrases, even with some modification such as "l33ting", is not helpful.
PasswordSafe is certainly an interesting app but it, like many other password storage apps has my "warning Will Robinson" alarm bells ringing. They idea of using a password to store a listing of passwords screams problems to me. Now an intruder only needs to crack a single password to access all server/services passwords. That is scary! I still like the, locked in safe technique. That way it introduces two fold security: Physical access to safe and safe combination.
If you're using something like Password Safe to store your passwords, doesn't it make a lot more sense to simply make them random? Why a clever password scheme to make a password you can't remember to store in a tool so you don't have to?
Why come up with your own passwords at all? If you use Password Safe or a similar tool, just use that one to generate passwords for you.
I play piano, so I just tap out a piano tune on the keyboard. On my (Dvorak) keyboard, the first 9 notes of fur Elise can be:
All you gotta do is remember a tune and where you started and it is pretty good. Then I sub a couple of the notes with punctuation or numbers:
Easy and secure.
Passwords... We don't need no stinking passwords...
... Remember, they can't hack me.
Besides No Guts, No Glory....
# Found on slashdot.org 3/26/1999
# Generates a random mixed password
dd if=/dev/random bs=6 count=1 2> /dev/null | uuencode -m - | head -2 | tail -1
"Passwords also need to be changed frequently enough that if they are compromised, their useful life is short. "
Which is why, on a piece of paper in my desk, I have the "base" password, plus modifications, written down. Becasue I can't remember a password that is at least 8 characters, uppercase and lowercase and numbers and special characters.
Sure, it's strong.
Until someone opens the desk drawer.
"Anyone know the crack time of 36^10?"
The rule as posted was 8
Doesn't that make the needed crack time 36^10 - 36^8?
Another reason why I hate the "echo the number of characters in the password as stars when entered" that is so common.
"Which is why, on a piece of paper in my desk, I have the "base" password, plus modifications, written down."
Put it in your wallet 8)
But seriously that is the problem with all passwords the more secure they are the more "management" is required to handle them, which opens up new avenues of attack.
For instance Password Safe is a good idea unless the user can only remember their bank card Pin number and they use that as the pass phrase. Even if they do use a better pass phrase if the attacker can copy your Safe then they can attack at their leisure and get all your passwords in one go. Do they care if some have change in the mean time one is usually all it requires.
An attacker will always find and go for the weakest link in the chain.
And these days the weakest link might just be the hard disk in your computer due to paging of memory...
I flip coins.
I determine the space I want to use for each character, find the next greater power of two, and flip that many coins for each character. I translate the coin flips into binary, and discard any characters outside of the space I plan to use. As I deliberately try to produce more characters than needed, I rarely need to change this procedure due to length, but when I do, I just generate more characters through the same method.
Someday we will puzzle out how to empower mere mortals to manage this stuff. Before that day we all ought to be ashamed.
Shades of the Brunching Shuttlecocks "Mr T name generator"!
I have a website that I created and I host that uses the domain name of the site I want to access (excluding A-records for sites that have register. and login.) and a constant 8-digit number of my choice. It uses these to generate a 20 character phrase that I use as the password.
It is highly unlikely that the person trying to hack into my bank/paypal/whatever account knows which site I use to generate the password, or my personal code. Plus, as it's online, it's always available. Obviously it's susceptible to key-loggers and viruses, but I run linux and physical security against key-loggers is a whole different ball-game.
echo "(secret phrase) websiteX.com" | md5sum | cut -c1-8
at my bash prompt gives me a unique 8 digit password for each web site without any need to remember what it is or use special password storage software.
Clive makes a good point that is too often forgotten when it comes to choosing passwords:
"An attacker will always find and go for the weakest link in the chain."
Picking strong strong passwords is a good idea because it protects you from untargeted, brute force attacks. But by no means does it mean that you are immune from attack! A general strengthening of passwords will only cause attackers to find another way. Personally I am not worried about my passwords falling under brute force attack, but a well chosen password does nothing against a keylogger or an effective phishing attack. People are usually the weakest link.
@Marc: I think you are almost correct; it should ofcourse be 36^10 - 36^7, because the password length is 8-10 inclusive.Not that it really makes a difference:
36^10 ~= 3.6 * 10^15
36^7 ~= 78 * 10^9
36^8 ~= 2.8 * 10^12
It's just a rounding error...
I use long phrases from poems, songs, drinking ditties etc. My current password is approximately 24 chars long and I change it once a month.
Good luck cracking that, let alone in a timely fashion.
And too bad it's pretty easy to get root access into a Mac.
Same with any machine, once you have physical access, right?
According to Dr Eugene Stafford, noted information security expert at Purdue, password expiration does not address any of the real world threats to passwords, unless the password is changed immediately after each use.
@TomK: don't start humming the song when typing in the passphase. :)
I have to agree with the other posters on using a sentence. Just pick something that's easy to remember in the context of where the password is being used. For example here:
Who would guess that one? Upper case, lower case, punctuation, and it's long. Use spaces or don't, just always use a sentence.
Thank you for that link. Good food for thought.
I want to be clear that I do agree that password changes alone are not adequate to address the array of risks facing passwords.
I do believe a reasonable change interval helps for some reasons beyond merely protecting the password and limiting the useful timeframe of a password.
One reason is simple detection. If a password never changes, once someone has a password, they have it. But if they have to work to get it more often, there is more of a change they will get caught. You may dupe a few people into giving a password over the phone, but the more often you have to call people, and the more people you have to call, the greater the odds one will get caught. Same with crackers.
But I agree, there is a much wider array of risks that must be considered.
Want to go out and have a couple of drinks? Mind if I bring a note pad?
A friend of mine worked for NASA/Ames for a while, and described the password scheme there, which I rather liked. They print out a card, once a month, with the new, randomly generated passwords, and hand them out to everyone.
So, your password card looks like "x#v*Yu7" on the card, which you can keep in your wallet.
And they also tell you, "this months conversion is: Subtract 2 modulo 10 from all digits, add a $ after all capital digits."
So, your password is actually "x#v*Y$u5", and all you have to remember is this months simple algorithm, and if your wallet is stolen, your passwords are still secure.
I've been trying to figure out how to implement this in an automated fashion for things like my banking, etc. Even if they were all the same password, or a couple of different ones (Banks, Credit Cards, Insurance, VPN, Personal) I could do it monthly with minor problem. Right now, I just have to do it manually every few months, but it's rather a pain in the butt.
I came up with a great way to get my random but easy-to-remember passphrase: I decided to run 'head -20' on a text file on my system and use the initial letter on each line. All I have to remember is the text file I used, and I can recreate it anytime. For convenience, I decided to use a file common on lots of Unix systems -- /usr/dict/words.
Seriously, 25 years ago I ran into a BBS which assigned passwords (and wouldn't let you change it). The password it assigned me is between 6 and 10 characters long, consists of both letters and digits, and does not resemble a word in any language. It is still one of the principle passwords I've used, and has never failed a decent test for a "strong" password.
When I needed another "strong" password, I wanted something easy to remember, yet hard to guess. My monitor at the time had printed on it a model number consisting of a string of letters, numbers, and punctuation between 6 and 10 characters long. Not only was it strong, it was "hidden in plain sight" making it easy to remember. The monitor in question is probably in a landfill somewhere, so even the written-down form of it is no longer associated with me.
Hey, this is cool! If you type your password into the comment box, it will show as stars.
Some themes in the comments:
1) Generated passwords are good.
2) There's lots of bad advice out there about how to choose passwords.
3) The typical scheme of short unpronounceable passwords doesn't line up with what people are good at remembering. For example, you can probably memorize more entropy in the form of a phrase or pronounceable gibberish than as random letters and numbers.
4) Passwords are inherently easy to lose control of.
On a lighter note, and writing as a non-techie, this paragraph is either very funny or not at all.
"So if you want your password to be hard to guess, you should choose something not on any of the root or appendage lists. You should mix upper and lowercase in the middle of your root. You should add numbers and symbols in the middle of your root, not as common substitutions. Or drop your appendage in the middle of your root. Or use two roots with an appendage in the middle."
Which tells us a lot about how our minds work.
OK, so I laughed.
my password didn't turn into stars :(
I make some of mine using two or more dialects, of different languages even, with odd spelling, and adding in the middle random things that have a meaning in any sense only for me... the words in dialects aren't in hte dictionary. Even when there is a dictionary for one of these dialects...
Anon - No, it's stars here, it's just not starred out 'cause it's *YOUR* password...
I haven't read all the comments but just in case no one noticed before ... the form has no action atribute set ... so the data entered is sent no where ...
I always thought displaying an asterisk for each character of a password was a weakness. Any shoulder-surfer now knows the length of your password. (It's a lot easier than counting keyclicks.)
I pine for the days of Unix command-line passwords. No echo, and the only forbidden characters were, roughly, ^H (backspace), ^U (kill the entry and start over), and ^M (end of password entry). A judiciously-placed control character or two always gave me a warm feeling.
Now I'm using some memorable phrase, and stick a few digits from a PRNG into the middle somewhere. It doesn't take long for the digits to become habit.
@Non e Mouse
I think using uuencode will introduce bias. I use a more wasteful form
dd if=/dev/random bs=100 count=1 | tr -cd 'A-Za-z1-9!@#%^&&'
This is neat because you can simply tune the character set to match the password system you are using and, given that /dev/random is meant to give an even output distribution, it should have an even chance of choosing each possible characater. If you want a fixed length you can use something like
dd if=/dev/random bs=100 count=1 | tr -cd 'A-Za-z1-9!@#%^&' | head -c 8
I'd never trust any program to save a password for me, no matter what it's called, be it open source or closed source.
PasswordSafe isn't the weak link in the chain. Yes, if someone had physical access to your PC, and could guess your PasswordSafe password, they could get all your other passwords. But if they have physical access to your PC, you're probably screwed anyway.
For your average home user, using random passwords stored in PasswordSafe is still safer than trying to create and remember random passwords.
What bothers me more is how many websites (online shops, particularly) who store your password and email it to you on request! Not only does it show that they can access it, it's also been exposed by having been emailed. I wish developers would stop thinking of encrypting passwords and start hashing them instead.
Please verify your accusations before posting your opinions.
I removed the submit button because of the accusation that I harvest passwords and emails using this example
I wonder why should I do that ? for spam ?
I think there are better ways to do that, not by waisting time for writing an entire post on how to do a password strength meter and waiting for some people to hit submit on the example page. Disclaimer: I don't gather any personal information on my blog, except email addresses when adding a comment on a post. Thank you.
@eli: so your passwords are always 8 digits? Sounds pretty easy to brute force that.
@Bruce (and anyone else interested): Steve Gibson recently spoke and released his 'Perfect Paper Passwords' which he (and other people who have checked) believe is a perfect system. One time use password, four characters that are hashed up to a huge actual password. Info here: https://www.grc.com/ppp.htm
He also mentions it in a few podcasts of his own. Which reminds me - when are you going to do a podcast Bruce?
"I wish developers would stop thinking of encrypting passwords and start hashing them instead."
I wish people would stop storing passwords on their computers unencrypted, really it's a stupid practice. Storing passwords at all in/on any medium is stupid, encrypted or not, electronic or not.
PasswordSafe provides some security by locking all passwords behind a master password.
So, the fear is that someone will find that password and then have access to them all.
Well, PasswordSafe requires something that "I know". The master password.
If I now store the PasswordSafe 'database' on my USB key, then I have also met the "something I have". Cause I bring the USB key with me when leaving work, etc.
Using a PC, Mac or most 'ordinary' computer systems, there's still no way to provide "something I am", but two out of three isn't that bad while using a computer interface.
True, but by putting PasswordSafe on a usb drive, you're putting it somewhere that can be lost. That 'something I have' becomes 'something I don't have', and then all anyone needs to access your passwords is the 'something I know', which brings us back to where you started.
Still, I think it's better than the alternatives.
Password safe or Key pass also allows for using long keys. I will need to check if they can be stored on removal media but they seem to be preferable to using passwords.
> echo "(secret phrase) websiteX.com" | md5sum | cut -c1-8
Indeed. Given the sort of people who read this blog, you would’ve thought that more people would’ve cottoned onto the fact that *long* hexadecimals make exceedingly good passwords.
Oh yeah!? Well YOUR password schemes STINK! Here's how I make up MY password! First I...
Wait a minute... wait JUST a minute here...
Copy a suitably sized string from the generated results. Paste it in to your password vault, then into where ever it's going.
BTW: this is my own work. I release it to the public domain. Do with it what you will.
# pwgen.sh -- generate a passphrase
# summary: pwgen
# pwgen.sh writes to stdout a string of 64 random characters.
# $Id: pwgen.sh 188 2007-11-17 22:27:44Z larry $
randstring=`dd if=/dev/urandom bs=1 count=64 2>/dev/null | od -t u1 -w1024 -v`
# remove front and last displacement tokens, an artifact of od
# Note! if you change the count argument to dd, you'll have to change
# the second displacement token
# emit random string
for rindex in $randstring
@CJ: "True, but by putting PasswordSafe on a usb drive, you're putting it somewhere that can be lost. That 'something I have' becomes 'something I don't have', and then all anyone needs to access your passwords is the 'something I know', which brings us back to where you started."
Good point. But my solution is this--Insane password, USB key in my possession at all times, and a backup locked up in a safe location. If my key was lost, I would use my backup and immediately change every password, hopefully completing before they cracked password safe (unlikely they can crack my password any time soon).
Not perfect. But nothing is. If it were for a more critical function, more would need to be done. It works well for my purposes when balance the burden and overhead with the threats.
@andyinsda: I keep seeing posting about the best way to generate a password, where it should be stored, etc. without anyone (besides me!) asking whether or not we should still be using passwords.
The short answer is NO.
I'll say it. Particularly for very sensitive or critical systems, passwords have outlived their useful life as an authentication tool.
Having said they, they will likely persist for a number of reasons:
* people understand them, even if they don't know how to best use them.
* perception of cost-effectiveness (try convincing management to change to something else in most circumstances)
* Simple economics. How much business would an electronic commerce site generate if they required something besides passwords for their customers? They would be likely to take their business elsewhere.
* Legacy. Unfortunately, passwords have become such a part of the infrastructure that migration is no small feat.
I agree with you that passwords are not the best means. However, realistically, we're going to be stuck with them for a while, so we should encourage the best usage possible.
This is pretty funny IMO:
The form obviously had a 'submit' button, but the author of the tutorial is taking Bruce's post personally. Whether it was intended that way or not. So now he has this text at the bottom of the demo form, with a link pointing back to Bruce's post:
There is no submit button, just fill in a password to check it's strength. I removed the submit button because of the accusation that I harvest passwords and emails.
I wonder why should I do that ? for spam ? I think there are better ways to do that, not by waisting time for writing an entire post on how to do a password strength meter and waiting for some people to hit submit on the example page. Disclaimer: I don't gather any personal information on this website, except email addresses when adding a comment on a post. Thank you.
Interesting how content evolves over the network, no?
There should be laws prohibiting public libraries and other public agencies from limiting a PIN to four digits. It should be even be illegal for librarians or other public employees to advise anyone to use a four-digit password in systems that allow passwords stronger than four-digit PINs.
I read somewhere on the web that “PIN��? was introduced because “password��? taken literally would not allow numeric characters. Semantics, semantics. Conveniently, not admitting that a PIN is a password allows administrators to pretend that all the cautionary literature concerning passwords does not apply to PINs. And there's the hope that library patrons will think of library account PINs as being no more of a security problem than are ATM PINs.
I admit I'm no security expert, but it seems to me that, if in possession of a patron's library card number, a mischievious person could conceivably blunt force a four-digit PIN quickly. With there being only 10,000 possible solutions, and with some numeric ranges more likely than others to contain a PIN, it might not take all that long to crack a four-digit PIN even by simple trial and error. Moreover, if library card numbers run sequentially, perhaps it would be possible to start with one library card number and proceed to crack the PINs of all the patrons in a library system.
My preferred method of generating passwords (that I need to remember, like the password for Password Safe or my computer login, for everything else I use random passwords of length > 12 generated with Password Safe) is to take a poem and use the first letter of every word to make up the password. They are easy to remember and can be quite long. For extra security one can combine them to form even longer passwords and do the usual special character transformations.
Some other remark: Really annoying are web sites that restrict the length of passwords, especially online banking services that limit it to 6 characters! Incredibly stupid.
just making people register for something is a much better way to get a collection of user-names and passwords. Most people only have one username/password set that they use everywhere. Given that, you've now got a username and password that you know go together.
In my comment above, using “blunt force��? for “brute force��? must have come from my hearing and reading “blunt force trauma.��? Both are bad if you're on the receiving end.
Speaking of brute force attacks, I have no idea how attackers deal with site restrictions of log-in attempts to three or so per session.
@Xoke Steve Gibson recently spoke and released his 'Perfect Paper Passwords' which he (and other people who have checked) believe is a perfect system. One time use password, four characters that are hashed up to a huge actual password. Info here: https://www.grc.com/ppp.htm
That's a typical implementation of a TAN-system (_T_rans_a_ction_n_umber) with all its pros and cons, only the description differs. Nothing new here.
Some of the wording at the site seem to try to hide that fact, but I don't think it would qualify for the doghouse: it actually works and gives an extra level of security, even if it is not very much.
I would say: not worth the hassle.
It's also a solution for a different set of problems; there's a good reason that it's called "transaction-number" and not "login-number"! You can restrict some database-commands for example. It is probably a good idea to secure the deleting of tables or even whole databases with an extra lock, especially one with a limited number of key turns (no fear of shoulder surfing while the DBA types in a TAN instead of the admin-password).
OK, not a very good example but I hope at least somebody gets the point ;-)
BTW: both C-Implementations I checked (SHA1(ppp-c.zip)= 265b0a04e2bae78a33e6973c7410a507e9f64335
RIPEMD160(ppp_source.zip)= fe195253076b2b496b098dfff8105569ccc8f1f0) have a needlesly restricted entropy gathering. The code quality is average at best and thus insufficient for a cryptographic tool.
@It's time to END it. Not MEND it.
What are you proposing? A PGP-signature gadget you carry around? Something like the "Perfect Paper Passwords":
I am wary of gadget-based solutions because it leaves me with NO low-tech method of access if the gadget is lost, broken, or just too expensive or complicated to use.
PPP is a promising approach because you could use a single string to identify yourself on all web sites you use, but your one-time password on each site would vary.
If you used a lot of sites it would mean carrying a lot of cards though.
I am technically competent to handle a PGP challenge from a web site after entering a personal identification string. But how do you propose to bring that sort of authentication within reach of the masses?
You'd need some kind of built-in software accessory for Windows that could auto-sign a challenge from a web site, yadda yadda.
What sort of thing do you propose?
I use ssh all the time, and I really love the public/private key method it uses. Plus I can add my private key one time with ssh-add, and then log into a variety of different servers with NO further action on my part. You can even chain authentication from one server to the next.
But how those ssh concepts translate into web browsing by ordinary users is another story altogether.
For my purposes, I developed a content management system where you can kind of "log into anything", e.g. you can establish any kind of web object floating in space (static, dynamic, or whatever), and then do authentication to that object as a complete after-thought, without the object itself supporting authentication or knowing anything about it.
The session cookie is used as a key to decrypt a single encrypted leg of the full path to that object.
That session cookie value is normally _established_ through a log-in screen asking for a simple password, but that need not be the only way or even the preferred way.
If the session cookie could be established by other more universal means, not involving a password, I would welcome the change. None of my existing content management plug-ins would need to change at all.
My first password snafu was as a sophomore in college; back then the rule was, "Passwords are only reset at the systems administrator's office between 1:00pm and 3:00pm on Friday" - tough on you if your assignment is due on Tuesday.
The first time you get a zero on an assignment that drops your highest possible grade to a B+, you by God will establish a good personal password policy. Nowadays there are very few actual consequences to bad personal password policies, so people don't take care of them. Why should they? For the last 10 years, they've been provided "click here to reset your password" buttons - industry has quite simply *trained* people to be horrible password managers.
Lots of people have commented that passwords "aren't good enough", but outside of context this isn't a complete answer.
Identifying and authenticating people authoritatively is hard, period. Using strong auth has management implications. Using biometrics has not only management implications, but revocation problems and privacy implications. Identity management costs money and time, whatever solution you use. None of these problems are going to go away, and making a system more complex without taking into account all of the implications simply for the sake of "passwords aren't good enough" isn't good security practice.
I had a grad student once ask me why I didn't provide smart card access for login, so that we wouldn't have to worry so much about the problem of compromised passwords. Egads, I know a guy who has a *full-time job* maintaining RSA tokens for one organization (largely because the sole consequence for "losing your RSA token" is "call this guy").
If you are lacking a well-thought out security policy, which takes into account the structure of your organization (and all the political and legal ramifications thereof), you're just taking a huge money sink onto your IT budget for very little actual real security advantage.
As a hacker, I especially like it when organisations have a requirement to change passwords often. That way, if my dictionary attack of common passwords doesnt work this month I get another shot at it next month.
matt21811: "As a hacker, I especially like it when organisations have a requirement to change passwords often. That way, if my dictionary attack of common passwords doesnt work this month I get another shot at it next month."
Haha! Where I work, a "security audit" was recently completed. This resulted in a "password policy" that demanded frequent changes, minimal requirements, and a suggestion that good passwords can be formed by keyboard patterns like "zse4rfv".
I tried to explain to the person who drafted the policy the problem with the latter suggestion, but it was clear this was somewhat beyond his ken. Most of the other requirements are just feel-good crap that force people to add "!"'s and ","'s to there otherwise normal passwords. Big f-in' deal.
Pat Cahalan: "I had a grad student once ask me why I didn't provide smart card access for login, so that we wouldn't have to worry so much about the problem of compromised passwords. Egads, I know a guy who has a *full-time job* maintaining RSA tokens for one organization (largely because the sole consequence for "losing your RSA token" is "call this guy")."
Huh? I can't imagine it taking more than a few minutes to initialize one of these tokens. Let's say 10/hour -- gotta web-surf and pee every now and then -- and we hit on the order of 100/day. Now maybe I'm weird, but I've lost my wallet twice in my entire life. Let's say once every 10 years, or 3650 days. At this rate of loss, this organization would need some 365,000 people to fully employ one person in this job as token-rebinder. According to Wikipedia, Citigroup is the largest company in the world, and has 332,000 people working for it.
Have I blown his cover? ;-)
Probably not. I would guess that if he is being hassled alot for loss of token, he is hassled even more for revocation (people quiting/fired) and initial binding (people hired), which would be much more frequent events. (This reduces the population he is managing by a factor of, say, 10.)
But would not most large organizations divvy the work up at a fairly low level in the corporate hierarchy? A tree-of-trust instead of that radical, anarchic web/graph-of-trust stuff. It seems natural and easy to do. Could even be automated to a large degree.
> I can't imagine it taking more than a few minutes to initialize one of these tokens.
Let me make a wild guess: every "lost" token results in at least 3 different forms to fill out, each with three carbon copies, several signatures from several different people who are scattered all over the building/town/state/globe, a sacrifice of a live chicken (must be black without one white feather!) and the initialization of the new token too.
Let me make another wild guess: you never worked in a very large company?
CZ: "you never worked in a very large company?"
I will neither confirm or deny. Nyah!
However, I can say that the last time I lost my wallet, it took about five minutes -- once I had presented myself to the teller -- to obtain a new, working, access token. Ditto for the "driving access token" (although they only gave me a paper one - the real one came in the mail a few days later). In both cases I recall forms, and even carbon copies. If there was a black chicken, I unfortunately missed it.
If I were CodeAssembly, I would sue you for this, Bruce. You at least owe them an apology. Or are you big enough for that?
If I were Bruce, I would sue CodeAssembly and their lawyer for libel libel.
Anyone think of a recursive acronym for libel^n?
I understand it feels bad to be unfairly accused, and I think you have no bad intentions.
However, as a rule, people must learn not to type their password nowhere else than the app it was intended for. No exceptions! (Someone said he typed his password into google. Bad idea!) No matter how good you are, you must accept users are discouraged from using any online password meter, including yours.
Futher more, I don't think Bruce was accusing you directly, but pointed at the page as an example of what a villain *could* do. (The villain's page could in fact look exactly like that page, same disclaimers and all.)
It's not you, it's me.
I've heard of the password strength meter con before, which works like the 'Captcha' con (set up a porn site with a captcha linked from a site you want to hack... client resolves captcha, and your bot runs with it.) Personally, I always just play keyboard games for my passwords... one that I used last year was "a's;dlfk &*(" which may look unintelligible until you type it out. They're pretty easy to lengthen (and remember) as well.
A good password is one you don't forget, and one I can't crack. So, as sysadmin, you get to keep your password till I crack it - running the usual suspects. As Mary Poppins says, "In ev'ry job that must be done
There is an element of fun -
you find the fun and snap!
The job's a game"
Great, I just found out that the passwords for logging in to my bank's website are NOT case-sensitive.
Never thought that that was even possible in 2007. I found out by chance, trying to change the pwd and getting an error message claiming that you can't have the new pwd be the same as the old one (they were not).
Mind you, this is a major North-American bank, not a mom-and-pa operation...
What would you do? For now I wrote to them asking whether they're pwd are case-sensitive. :-)
Here's an implementation of GRC.COM's PPP v. 3.1 CryptoSystem (GRC.COM/PPP) using a batch file I wrote. You can use it to create random passwords with various character sets and password lengths.
A six-character password consisting only of lowercase letters?
A six-character password consisting of only upper- and lowercase letters?
An eight-character password consisting only of lowercase letters?
An eight-character password consisting of only upper- and lowercase letters?
An eight-character password consisting of upper- and lowercase letters and at least one numeric digit (0–9)?
A ten-character password consisting of upper- and lowercase letters and at least one numeric digit (0–9)?
*sigh* Like the man mentioned, there are much easier ways to farm usernames/passwords then devoting the time to a long post about the subject.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.