Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Mar 2018 17:04:19 -0500
From: Jeffrey Goldberg <>
Subject: Re: Submitting Partial Password Hashes to Pwned Password

I will just be commenting on a few of your points here

On Mar 14, 2018, at 3:40 PM, Matt Weir <> wrote:

> if the password was randomly generated, is there value in using
> the service?

Yes. Do not assume that cracking is the only way a password can be
captured. There are plaintext offenders, passwords can be captured in
transit, and they can be captured by local malware.

One 1Password user reported[0] that “R9VvPHGoBmK64J” (long since changed)
was found on the list. After a bit of digging, we found it to be from
a plaintext breach.

I have argued[1] that if you have a truly strong and unique password
that is in HIBP, then that requires immediate action. It means that the
listing in HIBP almost certainly is about your account as it is exceedingly
unlikely that someone else has been using that same password.

> For #3, I’ll admit I’m a bit blasé about the user frustration impact
> of huge blacklists

We need to remember the purpose of password choice constraints. We may want
people to end up with passwords that aren’t like many other people’s
passwords. We are trying to flatten the distribution of passwords. So
a blacklist of the top 10,000 makes some sense in many contexts.
But a blacklist of 500,000 is going to have a long tail. So it may not
really be that useful in the typical context.

However, in a different context I can see using the full set as a blacklist.
Consider selection of a master password for a password manager. Suppose Alice
uses a password manager and has 100 sets of credentials in it all protected by
her master password. Now suppose that her encrypted password manager data
is breached, perhaps her local machine was stolen.

How long does Alice have to change those 100 passwords? Is it hours, days,
weeks, months, or years? That will really matter to Alice’s well-being, and
so is pretty much the opposite of the chasm of “don’t care”[2].

> All the research I’ve seen has shown that blacklists have a noticeable
> impact when protecting users against online password guessing attacks,

Right. We need to try to be clear about what we are aiming to protect against.

> but I’ll admit my blacklist creation advice is based as much, (if not more),
> on gut feelings vs actual studies and experiments.

Well, yeah. But my gut intuitions are always right, so who needs data?



Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits





Download attachment "smime.p7s" of type "application/pkcs7-signature" (3367 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.