Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 29 Oct 2017 16:41:57 -0600
From: Royce Williams <royce@...hsolvency.com>
To: passwords@...ts.openwall.com
Subject: Re: Real world password policies

On Sun, Oct 29, 2017 at 3:32 PM, Solar Designer <solar@...nwall.com> wrote:

> That's my tentative plan for passwdqc 2.0.  Not so much for processing
> and shipping a password cracker output, although that can be done, but
> rather to take advantage of the recent (and not so recent) availability
> of large password leaks, widespread acceptance of their use for the
> purpose, and to be consistent with the new NIST guidelines.
>
> The 320 million SHA-1 hashes of leaked passwords (without even
> re-cracking them first, although folks did that) from
> https://haveibeenpwned.com/Passwords would comfortably fit in an
> 8 GiB Bloom filter with negligible false positive rate and nearly
> instant checks.
>

I'm pretty sure that the new NIST guidance was intended to encompass
blacklists on the order of Dropbox's zxcvbn or similar, not a blacklist of
such colossal size as the HIBP 320M.

>From a usability standpoint, and taken in isolation, such a blacklist is
completely untenable. It would result in a never-ending "gotcha" guessing
game of "nope, not that one" for the user.

And even if NIST did intend this, such guidance would be ... misguided.
Fully 80% of the HIBP 320M list can be eliminated entirely by simply
requiring passwords of a length greater than 12. Such a limit would also
eliminate millions of other equally poor future passwords - passwords that
would otherwise eventually find their way into such a monstrous,
ever-growing blacklist.

Now, if the plans for passwdqc 2.0 could include working that length
restriction into its parameters ... that might be an interesting
compromise, and dramatically decrease the size of the required blacklist,
and still remaining NIST-"compatible".

Royce

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.