[cryptography] Password non-similarity?

Steven Bellovin smb at cs.columbia.edu
Sat Dec 31 16:59:21 EST 2011


On Dec 31, 2011, at 4:36 00PM, Bernie Cosell wrote:

> On 31 Dec 2011 at 15:30, Steven Bellovin wrote:
> 
>> Yes, ideally people would have a separate, strong password, changed
>> regularly for every site.
> 
> This is the very question I was asking: *WHY* "changed regularly?  What 
> threat/vulnerability is addressed by regularly changing your password?  I 
> know that that's the standard party line [has been for decades and is 
> even written into Virginia's laws!], but AFAICT it doesn't do much of 
> anything other than encourage users to be *LESS* secure with their 
> passwords.


The standard rationale is that for any given time interval, there's a
non-zero probability that a given password has been compromised.  At
some point, the probability is high enough that it's a real risk.  By
changing passwords frequently enough, you never reach that point.  The
reference I posted previously (http://csrc.nist.gov/publications/secpubs//rainbow/std002.txt)
makes this very explicit, complete with equations; see Appendix F.

		--Steve Bellovin, https://www.cs.columbia.edu/~smb








More information about the cryptography mailing list