[Cryptography] Passwords (Smallest feasible work factor today?)
Bill Frantz
frantz at pwpconsult.com
Sat Sep 10 21:44:00 EDT 2022
> On Sep 8, 2022, at 01:36:24, Jon Callas <jon at callas.org> wrote:
>
> Now, if the attacker wants *your* password, they're not going to do a billion (30 bits) of tries. Come on. The round-trip time of each try makes it infeasible. A bit of a hand wave is that a million (20 bits) seconds is about a fortnight. (Actually closer to ten days; work with me.) So that means 25 million in a year, and thus a 30-bit password takes 40 years. If the attacker can do ten per second (100ms total round trip) it's a mere four years, which is still not anything an attacker is going to do.
The snarky thought came to me that even online password tries can be parallelized. There is no reason to single thread them. Of course the result will be a distributed denial of service attack on the logon process. :-)
Also, the server could notice that a single account was getting a lot of bad password tries and freeze it.
Heck, my wife had her iPhone locked up with the only option being a complete wipe of the phone after too many “password” (i.e. 4 digit unlock code) attempts. Apple froze her Apple ID account until the end of this month since she didn’t know the password and couldn’t use 2 factor authentication to reset it because the 2nd factor came in via the iPhone. At the end of the month, we should be able to change the Apple ID password and wipe the iPhone. This is what can happen when a user develops dementia.
Cheers - Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220910/f8e7b1df/attachment.htm>
More information about the cryptography
mailing list