Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 23 Mar 2018 09:46:06 -0400
From: Arnold Reinhold <>
Subject: Re: Submitting Partial Password Hashes to Pwned Password

On Mar 16, 2018, at 11:24 AM, wrote:
> On 03/15/2018 05:24 PM, Arnold Reinhold wrote:
>> Telling people the password they have selected has been cracked in the past, when in all likelihood they will then select a password that is just as weak, doesn’t seem a very effective tactic.
> this bold claim is so stupid on so many levels, i can't even.

Maybe I wasn’t clear enough or perhaps I am missing something, but in my experience most users have some method or rubric for picking passwords. If an IT system rejects a proposed password because it is on a list of 300 million passwords that have already been cracked, they are likely to keep using the same rubric to pick and submit a different password until they find one that is not on the list. There is little reason to think the final password will be materially stronger than the password initially rejected. I was contrasting this tactic with the 63b suggestion to hash passwords using a hardware protected secret, which fundamentally changes the risk equation by eliminating the use of the hash as an oracle for password guessing. I was not intending to criticize filtering with much shorter lists of very common passwords, such as 123456 or password1, which might be vulnerable to trial login attacks, even with failed-attempt throttling. 

Arnold Reinhold

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.