<div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:small"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Nov 18, 2020 at 12:04 PM Kent Borg <<a href="mailto:kentborg@borg.org">kentborg@borg.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div>On 11/17/20 1:09 PM, Phillip
Hallam-Baker wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Some of the password stupidity we suffer from today
comes from the two weeks after the release of Crack. At the
time, UNIX password files were world readable by default and
anyone suggesting shadow password files was the way to go was
attacked for 'security through security'. Crack upped the ante
because it could make 6? 60? attempts a second and so a moderate
sized cluster of SPARCstations could test every password in a
million entry dictionary in a weekend. <br>
</div>
</blockquote>
<p>But readable password hashes have gone away. Passwords are only
readable on systems that are already quite broken. (Any old Unix
systems still running are quite broken.) To set password policy
based this case is all wrong.<br></p></div></blockquote><div><div class="gmail_default" style="font-size:small">Password cracking doesn't use dictionaries any more... brute force is practical.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Sure, nobody leaves the front door open on the password file any more. But breaches occur regularly and the password files leak... </div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><p>
</p>
<blockquote type="cite">
<div dir="ltr">
<div style="font-size:small">Battery Horse
Staple Correct is 2^60 bits of work factor. That is not strong
enough.</div>
</div>
</blockquote>
<p>If the target system has already been broken into, correct. But
if one has to brute force through a login program? 2^60 is more
than plenty!</p>
<p>If I have done my math correctly, to be certain of breaking in in
100-years, one would have to get the login to test passwords for
you at over a 6 MHz rate that entire time. Appropriately faster to
get in appropriately sooner.<br></p></div></blockquote><div><div class="gmail_default" style="font-size:small">Retired bitcoin mining rigs... 600 billion a second. 0.6 THz... That system is six years old now.</div><div class="gmail_default" style="font-size:small"><br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><p>This gets me to an oft ignored point: passwords (something that
has to be tested against some authority) are completely different
from encryption passphrases (which, given ciphertext, can be
tested in parallel and at arbitrary speeds).</p></div></blockquote><div><div class="gmail_default" style="font-size:small">No they aren't. Not in practice because the user has absolutely no control over how the password authentication data is going to be stored.</div></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><br></div></div></div>