[cryptography] Password non-similarity?

Steven Bellovin smb at cs.columbia.edu
Sat Dec 31 18:07:17 EST 2011


On Dec 31, 2011, at 5:09 08PM, John Levine wrote:

>> The standard rationale is that for any given time interval, there's a
>> non-zero probability that a given password has been compromised.  At
>> some point, the probability is high enough that it's a real risk.
> 
> Sure, but where does that probability come from?  (Various tactless
> anatomical guesses elided here.)  If the probability is low enough the
> replacement interval could be greater than the lifetime of the system.
> I see they relate it to the guess rate, so I'd rather limit that then
> push costs on users and force them to rotate passwords.

Yup.  I'm not saying it makes sense now, or even made sense at the time.
But that was the rationale.  (Aside: this could have descended from NSA's
experience with cryptographic keys and especially codebooks.  The difference,
of course, is that in crypto having more traffic to cryptanalyze makes
the attackers job easier.)
> 
> R's,
> John
> 
> PS: Masking passwords as they're typed made a lot of sense on an
> ASR-33.  Is this another throwback?
> 
ASR-33s could run in full-duplex mode, i.e., without the password
being echoed; the issue was the host OS.  IBM mainframes were not
really capable of that at the time, so masking was necessary.  Or
it could have been an IBM 2740 or 2741 terminal, based on the Selectric
typewriter; these devices weren't even capable of running full
duplex, as best I can recall, so either the OS had to provide masking
or you had to trust the user to remove the typeball (see
http://upload.wikimedia.org/wikipedia/commons/6/60/SelectricII_Hadar.jpg
if you don't know what I'm talking about....).

		--Steve Bellovin, https://www.cs.columbia.edu/~smb








More information about the cryptography mailing list