![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Mar. 25th, 2010 01:27 pmWay back when, I posted this screed on passwords. In there I said:
In cryptography, the strength of a key is generally considered on the basis of how many operations an attacker would have to perform in order to break it. My thinking is that password strength should be considered the same way.
But, frankly, I didn't do a good job of backing this statement up. All you might say is that I didn't like traditional statements about "entropy" because it relates to natural language phrases, which is in part where the NSA's model comes from for cryptanalysis. Passwords are not simply part of the collective space of language after all. They have unique characteristics based on context that shape the likelihood of the user's password, its guessability.
I had the chance last week to read the article pointed to by this Bruce Schneier blog post. He links to another blog post by one of the authors. The author includes a link to the paper as a PDF. If you're just that lazy, I've saved you a couple of steps. Their study is based around security questions (a popular topic here at work) and there's some tasty bits in there. They pretty much nail the "strength" question with the comment that the attacker only needs the 3 most popular answers. They don't mention that the attacker also needs the usernames, which is worth mentioning, but somewhat to the side.
In any case, they have their own model for calculating entropy based on "guessability" assuming you have a data set to perform the stats against. This gives a good measure to compare against. A part of me wonders if we can reasonably use two big password file disclosures I can think of (a MySpace phishing leak from 2006 and the RockYou password database breach) as a basis for measurement. RockYou is probably the more statistically significant leak, but folks have done analysis on both incidents.
The paper that Schneier linked to also references work that's been done to tune credential choices by using an entropy measure to pass or fail what the user enters. Many sites now have strength meters for password entry, which are usually either checklists of attributes your password has or, in some cases, a zero sum game of good points and bad points. This idea takes that to its game theory conclusion by suggesting that you could measure the statistical likelihood of the password against a set and agree that no attacker will try that one except in brute force cases. The question is where does the set come from?
As a security practice, no one I know is building a database of the passwords people put in to their systems. In fact, we're trying to make it hard to even know what the answer is you gave for the silly security question in your profile. But without full knowledge of the set, how do we tune our statistics in order to provide useful feedback? This is doubly interesting to me because John the Ripper uses a small packed database to generate brute force guesses and this is supposedly based on a statistical model of likely character combinations. I don't know exactly what the developer for John used as his basis. The documentation just says "based on my experience cracking passwords". On the one hand, this means the attacker is doing his own research. On the other, it would be nice to tune things for locale and user audience.
In spite of how good the research was on this, I wonder if it will affect how online systems manage passwords or how password-based systems are designed.
In cryptography, the strength of a key is generally considered on the basis of how many operations an attacker would have to perform in order to break it. My thinking is that password strength should be considered the same way.
But, frankly, I didn't do a good job of backing this statement up. All you might say is that I didn't like traditional statements about "entropy" because it relates to natural language phrases, which is in part where the NSA's model comes from for cryptanalysis. Passwords are not simply part of the collective space of language after all. They have unique characteristics based on context that shape the likelihood of the user's password, its guessability.
I had the chance last week to read the article pointed to by this Bruce Schneier blog post. He links to another blog post by one of the authors. The author includes a link to the paper as a PDF. If you're just that lazy, I've saved you a couple of steps. Their study is based around security questions (a popular topic here at work) and there's some tasty bits in there. They pretty much nail the "strength" question with the comment that the attacker only needs the 3 most popular answers. They don't mention that the attacker also needs the usernames, which is worth mentioning, but somewhat to the side.
In any case, they have their own model for calculating entropy based on "guessability" assuming you have a data set to perform the stats against. This gives a good measure to compare against. A part of me wonders if we can reasonably use two big password file disclosures I can think of (a MySpace phishing leak from 2006 and the RockYou password database breach) as a basis for measurement. RockYou is probably the more statistically significant leak, but folks have done analysis on both incidents.
The paper that Schneier linked to also references work that's been done to tune credential choices by using an entropy measure to pass or fail what the user enters. Many sites now have strength meters for password entry, which are usually either checklists of attributes your password has or, in some cases, a zero sum game of good points and bad points. This idea takes that to its game theory conclusion by suggesting that you could measure the statistical likelihood of the password against a set and agree that no attacker will try that one except in brute force cases. The question is where does the set come from?
As a security practice, no one I know is building a database of the passwords people put in to their systems. In fact, we're trying to make it hard to even know what the answer is you gave for the silly security question in your profile. But without full knowledge of the set, how do we tune our statistics in order to provide useful feedback? This is doubly interesting to me because John the Ripper uses a small packed database to generate brute force guesses and this is supposedly based on a statistical model of likely character combinations. I don't know exactly what the developer for John used as his basis. The documentation just says "based on my experience cracking passwords". On the one hand, this means the attacker is doing his own research. On the other, it would be nice to tune things for locale and user audience.
In spite of how good the research was on this, I wonder if it will affect how online systems manage passwords or how password-based systems are designed.
