[Cryptography] Possible reason why password usage rules are such a mess

Jerry Leichter leichter at lrw.com
Wed Mar 4 14:53:34 EST 2020


> There has been some speculation in the past over why we have so many cargo-
> cult password security rules that make no sense in any modern context, the
> prime example being the need to change passwords periodically.  I've found one
> possible explanation, the Ware Report, which talks about authentication words
> more than passwords, and in a manner in which they resemble military
> countersigns rather than what we'd think of today as passwords....
I've actually heard comments to this effect.  I can't recall the context; it was years ago, when the whole field was new and was trying to develop best practices by incorporating "proven ideas," often without looking at them too closely.  (The whole Rainbow Book series is like that:  Some good ideas, some ideas that really make no sense outside of the military/intelligence context in which they were conceived.)

Much of this stuff is also due to CYA:  If I require this policy that others are requiring, it may inconvenience users, but that's someone else's problem.  If something goes wrong, I can show that I followed "best practices."  On the other hand, if I apply my own thinking and things go wrong, the shit will all land on me.

A number of years ago, a product I worked on had a protocol in which there were a pair of TCP connections.  One was essentially a control channel, used during setup and teardown but otherwise almost not at all.  The other transferred large amounts of encrypted data.  The protocol engine, if either connection went down, would shut the other one down as well.

At some customers, we'd find these connections shutting down every couple of hours.  Apparently some network admins, following "best practices" from the days of dialup connections, configured their routers to close any TCP connections that had been idle for more than x hours.

The question I always wanted to pose to these admins was the following:  Here are two TCP connections.  They connect the same two hosts - in fact, the same processes on the same two hosts - and have been up for the same amount of time, within a second or two.  In the last 2 hours (say), one of them has seen no data at all transmitted; the other has seen a couple of hundred MB of encrypted data which you cannot see into.  Which one is a potential security threat?
                                                        -- Jerry



More information about the cryptography mailing list