[Cryptography] Passwords (Smallest feasible work factor today?)

Phillip Hallam-Baker phill at hallambaker.com
Wed Sep 7 11:20:34 EDT 2022


Folk, what are people's thoughts on the smallest work factor that can be
considered acceptable today? I am thinking 2^80.

Context here is a rant on passwords:

"Nor does requiring users to capitalize the first letter and add the digit
1 to the end of their password improve security except at the margin. The
requirement to include special characters in a password became an industry
standard shortly after the release of Crack v2.7 in June 1991. On the
machines of the day, Crack could perform a brute force attack at the rate
of 35 attempts per second. If a user had chosen a password in the Crack
dictionary, it would be found in a few hours. Requiring the use of special
characters extended the search time from hours to days.


"Password cracking hardware has advanced since. A password cracking rig
built from off-the-shelf hardware for less than $7,500 in 2019 can make 211
billion attempts per second (2^32). This is more than sufficient to test
any password or passphrase that a human can be expected to remember within
a few hours."


I know there are attempts to make hashing harder and I have nothing but
contempt and scorn for such efforts in futility. I am a human and
memorizing data is a very expensive operation. Every shortcut I might apply
to memorize a password or passphrase is a shortcut that can be reduced to
code and used in an attack. Expecting me to deliver a search space of more
than 2^20 in my head is unreasonable and more than 2^40 delusional and I
have to order hats online because my size is 8+.


My thesis here is that if we are going to get rid of passwords, we need a
combination of THREE technologies. The FIDO/Passkey folk are doing
themselves no favors trying to kill what they appear to imagine to be
rivals.

First up, we need a standards-based password vault that can be supported on
every platform and every browser and allows the user to choose their
password vault provider. Only when users know that they can access their
password vault on every platform they might use can we expect them to start
using strong, machine generated passwords.

[This is more practical than it might seem since a password manager can
register itself as a keyboard device and force password data into
applications written by mental midgets who want to force their users to
conform to their security model.]

Secondly, we need to have support for a range of public key authentication
options. FIDO is not going to solve every authentication problem because
the Web isn't the only application involved. To have a complete password
replacement, we need a practical way to do TLS client auth, EAP methods,
etc. etc.

Finally, we need accept the fact that passwords are used for more than
authentication. They are also used as elements in ceremonies intended to
establish user intent. The reason I am forced to keep re-authenticating
myself to all my dozen streaming services on the TV is because they want to
know that I am still using it and didn't just come to a party at the house
three years ago. This is where a second factor solution is needed.


As you might expect from me, the Mesh provides all three.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220907/1a4da67d/attachment.htm>


More information about the cryptography mailing list