[Cryptography] Removal of spaces in NIST Draft SP-800-63B

Arnold Reinhold agr at me.com
Mon Apr 3 11:10:11 EDT 2017


> On Apr 2, 2017, at 3:17 PM, Kevin W. Wall <kevin.w.wall at gmail.com> wrote:
> 
> ...
> 
> Speaking of which, NIST's suggested wording that you
> commented on might actuall be reasonable if applied to
> answers of password security questions (which I
> generally recommend being hashed in the same manner
> that passwords are).
> 
> However, unlike passwords, most development shops do
> not require that answers to security questions be
> confirmed by re-typing the answer in a second time.
> But if you hash then, then there is a potential
> problems with typos that enven a help desk can't assist
> you with. E.g., if the security question that is posed
> is something like:
> 
>  Q: What address did you live on when you were in 1st grade?
> and the user types in
>    123  Main St., Denver, CO
> (notice the 2 spaces after '3'), when the come back to
> answer the security question (if they ever do), the
> most likely would type
> 
>    123 Main St., Denver, CO
> 
> it would not match and the user would not be able to
> reset their forgotten password. If the system deletes
> multiple spaces before it hashes the security answers,
> then this particular typo problem goes away. And doing
> so probably does not significantly reduce the
> difficulty of guessing the posed security question.
> (Those who are really concerned about security are
> going to lie about it or use an answer something like
>    I lived on a street in some @#&!*#$% house.
> or some random string they keep in notes in a password
> manager. But I digress.)
> 
> For passwords, what I'm describing is seldom a problem
> because conventional wisdom is that you confirm the
> candidate password by requiring it to be typed in a 2nd
> time to prevent this sort of typos. (And there are ways
> using JavaScript in web forms, to prevent it from being
> pasted in in the password confirmation field.)
> 
> I've not bothered to read the NIST document that
> Arnold commented on though to know if it deals with
> password resets via security questions / answers or
> not.
> 

I took a look at NIST 800-63 A and B and did not find anything suggesting password resets via security questions was OK. They mention “knowledge based verification” (KBV) but that seems to mean using info that the proper user might know, e.g. what was your last credit card transaction, and NIST seems to discourage its use. The NIST specs deal with three levels of verification and re-establishment of lost authenticators at the upper two levels is spelled out and requires re-verification of the means of identity verification used in initial establishment to some degree.

Password resets via security questions are a huge security hole since many answers can be guessed, found by researching a user's online presence or phishing techniques ("free dating service, just fill out this questionnaire”). I’m not sure hashing answers helps much. If an attacker gets a hold of the hash value, the universe of possible answers to test could be quite small by cryptographic standards. (All movie, book and song titles, for example, all city names, all valid address in the U.S., all names in a phone book -- testing these against a known hash output would be quite easy.) Chained encryption with random initial padding might make more sense, since the data would be accessed infrequently. The account creation software could encrypt answers with a public key and the decryption could take place in a special server used only for answer verification. Having the decrypted plaintext answers available would let a human intervene if needed. 

But I agree that canonicalization of the security answers could be acceptable. It might include removing multiple spaces, converting other whitespace characters to space, even removing punctuation and converting to single case. These steps would aid in automatic verification. But I don’t see a justification for removing single space characters even then.

Arnold Reinhold



More information about the cryptography mailing list