[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Possible reason why password usage rules are such a mess

On Thu, Nov 19, 2020 at 2:56 PM Kent Borg <kentborg AT borg.org> wrote:
On 11/19/20 2:46 AM, Phillip Hallam-Baker wrote:
Sure, nobody leaves the front door open on the password file any more. But breaches occur regularly and the password files leak...

You are optimizing for a very specific case:

(1) A site uses password hashes,
(2) for passwords that are allowed to be long,
(3) and are honored in their entire length*,
(4) is broken into and they don't tell me,
(5) the breakin doesn't include general admin powers but just supplies that one file,
(6) the attacker bothers to crack the hash for my password, and
(7) it does any good for the attacker to have that password.

* Even Linux is willing to let you use long passwords where anything past 8-characters are quietly ignored—if you set things up wrong. I've twice discovered this where I didn't set it up that way, a system installation script did.

If I don't recycle passwords, getting all the way to #7 lets the attacker impersonate me only on this one iffy site, which the attacker already has some backdoor access to. By insisting on unmanageably long passwords for everything, you do avoid this one narrow circumstance.

What is a reasonable fee for memorizing a piece of information?


If someone wanted to hire me to remember a piece of information, I would charge them at least $2500. So hell yes, I reuse passwords. I reuse passwords for assets that DO NOT BELONG TO ME unless I am being paid to protect them.

I find that the assumptions of technologists tend to be really arrogant at times. When it comes to security, it is not just a mistake to expect the user to make an effort, it is almost always unreasonable. 

I wrote the HTTP digest authentication spec because I knew there was no way in heck that users would possibly use a different password for every site and that was the best I could do with unencumbered technology until the Diffie Hellman patent expired.

You have an unacknowledged cost transfer in your proposal. And that is why it is never going to work. Real users are not going to remember multiple passwords. We have to stop trying to learn them how to do things properly and take responsibility. This is our problem to fix, not theirs.


But there are a lot of ways for people to get security wrong, by the time they let their password data leak you need to assume things are very broken.

What makes you think there is any hashing going on at random site?

As I said, as the user, I have no way of auditing the site. So yes, I assume that some don't even hash.

I have a large collection of plain-text passwords that have publicly leaked, where did I get those? That doesn't smell like hashing to me. Why do so many sites have password length and severe password content restrictions? That doesn't smell like hashing to me.

While the origin of the restrictions is almost certainly stupidity, there is plenty of cargo cult implementation as well. We know that special characters actually weaken most user selected passwords because it effectively reduces them by one character. The obvious way to respond to such stupid is to stick ether 1 or 1! on the end as necessary to meet the idiot requirement. So while I accept the premise...

By telling people that every password has to be unmanageably long, you are effectively discouraging people from using difficult passphrases when it really does matter: for encryption.

I am saying we need to abolish memorized passwords as a means of site authentication and we have the means to empower the user to do just that.

Provide the user with a Web browser on every one of their devices that can fill any form with a username and password pulled from an end-to-end secure vault and they can use a different, strong password for every single site. And they are very likely to do so because this will be the easiest thing for them to do.

Additional security can be provided by adding a second factor (biometric, memorized PIN) to access the vault.

The cryptography mailing list
cryptography AT metzdowd.com