[cryptography] Password non-similarity?

Steven Bellovin smb at cs.columbia.edu
Sat Dec 31 15:30:10 EST 2011


On Dec 31, 2011, at 12:32 06PM, John Levine wrote:

>>> You can't force people to invent and memorize an endless stream of
>>> unrelated strong passwords.
>> 
>> I'm not sure I agree with this phrasing.  It is easy to memorize a strong 
>> password -- it just has to be long enough. 
> 
> Don't forget "endless stream of unrelated".  I have some strong
> passwords for the accounts that matter, but I don't have to start over
> every month.
> 
> 
>> So what problem _is_ being addressed by requiring passwords to be changed 
>> so often [and so inconveniently]?
> 
> Compliance with standards written by people who created the standard
> by copying standards they saw other places.  I suspect a lot of them
> still trace back to attacks on /etc/passwd on PDP-11 Unix.
> 

That's about it.  It all derives from the Morris and Thompson paper and
from http://csrc.nist.gov/publications/secpubs//rainbow/std002.txt .
Both were written at a time when a power user would have about 3 passwords.

Yes, ideally people would have a separate, strong password, changed
regularly for every site.  The difference between theory and practice,
though...  By actual count, I have more than 100 web site passwords.
The odds on me remembering all of them are exactly 0.  So -- I use a
password manager program, and store everything in an encrypted, 
"cloud"-resident place.  Nothing else would work.  The most sensitive
sites, though, aren't in the file; those, I can and will memorize.

Changing passwords?  Unless you're changing from one random string to
another, it doesn't help.  I posted a link a few days ago to a paper
that described an algorithm for finding ~40% of new passwords from the
previous one -- people follow patterns.

And if your machine is infected by a keystroke logger -- one of the
bigger threats these days -- none of that matters.  (See some of Cormac
Herley's papers.)

Passwords aren't dead, and despite what IBM says I don't think they're
going away any time soon.  But we need new rules and new guidelines
for managing them; the ones from the 1980s don't work anymore.


		--Steve Bellovin, https://www.cs.columbia.edu/~smb








More information about the cryptography mailing list