Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 5 Sep 2016 18:43:07 +0200
From: Yoha <yoha@...on.org>
To: passwords@...ts.openwall.com
Subject: Re: Authentication process



> «This approach partially breaks the abstraction users have gotten used
> to. In consequence, it would probably reduce adoption significantly.»
>
> The question is:  Is it more realistic to impose this approach to
> users, or force them to use a password like «calve ice greg linking
> stunt» with a password policy?

That's why there should be a fallback in any case where the user can use
(almost) whatever they want. Those would just be suggestions.

>
> The reality is that if you can identify a request by a token, a simple
> password like "rockyou" becomes acceptable as long as it is not
> recorded all over the web, in every database (hashed or not) with your
> name on it.  It might not be good for "cia.gov/classified
> <http://cia.gov/classified>", but it is plenty good for login to
> "store.momandpop.com <http://store.momandpop.com>", "datingsite.com
> <http://datingsite.com>" or even "myemail.com <http://myemail.com>".
>
> Let's even say that somehow a 64-hex password is no longer consider
> secure in the future.  I can change my "internal" password policy
> without the user being aware of it (apart from a forced reset with his
> unchanged password).  If I don't make the change and my database is
> breached, it doesn't even has an effect on my users' login habits on
> other websites.
>
It's definitely easier to just have a password manager (application or
in website). I was just making an additional suggestion for classical
password creation.

> But let's say picking 5 words from a 9806-word dictionary is no longer
> a secure method.
Just a minor remark, but this is an extremely unlikely scenario (Moore's
law does no apply here, and quantum computing would not change that
much). The only universe where I can see that happening is one where
human civilization expands by several orders of magnitude, making
corporations and institutions grow with them, and strengthening the
asymmetry between an state-level attacker and an individual.

> What do I have to do?  Force a password reset on every user.  They are
> all pissed off and hate me because they have to learn a new (weirder)
> password, which will be different from their other websites unless
> they change them all (but other websites might not allow the new
> password because they did not update their password policy).  If I
> don't do it and my database is breached, then I expose my user's
> passwords.  The worst thing is for that scenario to happen, the
> password policy doesn't need to be outdated, just a breach in my
> database and I have to reset all passwords and tell my users to not
> used their previous password anymore, just to be sure.  Even if I can
> assume the password are impossible to guess.
>
> After a database breach, the PR and legal dept. will frown at you when
> you'll tell them "There is very little chance the stolen hashed user's
> passwords might be cracked".  But they will love you when you'll tell
> them "What user's passwords? We don't have them in our database."
The interactiveness of your protocol does seem to protect users'
passwords in this scenario. You might be interested in public-key
authentication schemes (like in SSH), which would improve the security
when first creating the account. If you want to look into that, you
might want to investigate client-side certificates, that are already
partially implemented in major browser, although current available UIs
are quite clunky.

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.