Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 16 Dec 2016 09:52:17 -0800
From: Jim Fenton <fenton@...epopcorn.net>
To: passwords@...ts.openwall.com
Subject: Re: proposed NIST guidelines on passwords

It should be clear that there is a security benefit from prohibiting
really obvious passwords like "Password1". But as I pointed out in slide
17 of the presentation, choosing dictionary size is a tradeoff between
effectiveness and frustration (user experience). The SP 800-63B draft
doesn't recommend a particular dictionary size.

Yes, we're mostly dealing with online attacks here. An 8-character
minimum is not sufficient for offline attacks against a hashed database
unless it is a keyed hash (and the key isn't breached).

The algorithms you are suggesting sound interesting. Please make this
comment when the public comment period opens early next year. I'll
forward the announcement when the comment period begins to this list for
those who aren't avid readers of the Federal Register :)

-Jim

On 12/16/16 1:21 AM, Martin Rublik wrote:
> Hi,
>
> thanks for the pointer, I quickly watched the video. The part relating
> to dictionaries caught mine attention and I have a few questions.  
>
> Don't you think that the dictionary check might be even more
> frustrating than the composition rules? After all, users probably
> won't know the entire dictionary. 
>
> As for comparing BadPassword -> BadPassword1 you could use
> something Levensthein distance or Needleman-Wunsch algorithm (simmilar
> to Levensthein distance with the difference that you can weight
> adding/removing a character), still the user experience might be a
> problem.
>
> What is the main purpose of the dictionary check? Should it be a
> protection against online attacks? 
>
> Martin 
>
>
>
> On Thu, Dec 15, 2016 at 6:13 PM, Jim Fenton <fenton@...epopcorn.net
> <mailto:fenton@...epopcorn.net>> wrote:
>
>     FYI, I gave a presentation at Passwords '16 Las Vegas about the
>     rationale for many of these changes:
>
>     http://www.slideshare.net/jim_fenton/toward-better-password-requirements
>     <http://www.slideshare.net/jim_fenton/toward-better-password-requirements>
>
>     Expect a new public comment period to begin early next year.
>
>     -Jim
>
>     On 12/15/16 6:58 AM, Martin Rublik wrote:
>     > Hi,
>     >
>     > NIST published new draft on Digital Authentication Guidline
>     >
>     >
>     https://pages.nist.gov/800-63-3/sp800-63b.html#memorized-secret-verifiers
>     <https://pages.nist.gov/800-63-3/sp800-63b.html#memorized-secret-verifiers>
>     >
>     > Summary related to passwords is following:
>     >
>     > - at least 8 chars minimum length
>     > - at least 64 chars should be allowed by application
>     > - printing ASCII, space and UNICODE allowed (the application should
>     > perform normalization, little worried about this one)
>     > - password hints should not be implemented,
>     > - passwords should be checked by the application against: passwords
>     > obtained from breaches, dictionary words, context specific such as
>     > username. These passwords should not be allowed / user should be
>     warned
>     > - no composition rules such as different character sets
>     > - no periodic change (unless a breach was detected)
>     > - mandatory encryption/hashing (PBKDF2 mentioned)
>     >
>     >
>     >
>     > Martin
>
>
>


Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.