[cryptography] Password non-similarity?

Richard Clayton richard at highwayman.com
Sun Jan 1 12:20:13 EST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In message <CAOPE6PgW2y8rxvGmvPVoGYFYFFsVPM_0SJAhpizNahwUZjfRCw at mail.gma
il.com>, Kevin W. Wall <kevin.w.wall at gmail.com> writes

>Indeed, Ross Anderson did some study of this in one of his
>classes (sorry, I don't have the citation, but Ross, if you're
>listening, feel free to pipe in) and discovered that passwords
>created this way were almost as strong as completely
>random passwords by were much more memorable.

The memorability and security of passwords -- some empirical results
Jianxin Yan, Alan Blackwell, Ross Anderson, Alasdair Grant

    http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-500.pdf

Note that this comes from a time when undergrads did not turn up at
Cambridge with favourite passwords which they have been using for years
on MySpace, Facebook, Google+ or whatever is next...  I rather suspect
that would affect the results substantially.

- -=-=-

BTW: no-one seems to have mentioned the role of auditors in promoting
password change policies... whatever the original rationale, it has
ended up on their checklist of 'what we expect to find when we see if
this company is "secure" and using best practices' -- and it is a brave
individual (and hello to Ross again!) who challenges the auditors to ask
if they can cite any evidence to substantiate their view that this "best
practice" is actually "best".

Also -- there seems to be some confusion between threat models. My
password of "abc" is not likely to be safe for long on a Unix box where
an attacker can steal master.passwd and run offline attacks on it,
whereas if I use that password at http://webmail.example.com/ it may be
just fine because an attacker gets five guesses and not using "123456"
is pretty much good enough.

Schechter et al take this to the obvious limit by suggesting that
systems should not tell you if they think a password is "strong" but
instead tell you how many other people have the same password as you
were thinking of using.

    http://research.microsoft.com/apps/pubs/default.aspx?id=132859

Of course many sites don't restrict your guesses (or fail to link
guesses to IPs as well as to accounts), but it still takes rather longer
(and more bandwidth) to mount an attack compared with offline brute
forcing.  Joseph Bonneau (lighbluetouchpaper.org blog was mentioned
earlier) has data on this, and a lot of other useful stuff

    http://www.cl.cam.ac.uk/~jcb82/publications.html

and expect even more insight (for example, on how sub-optimal the
current criminal approach to password guessing actually is) as he
finishes off his PhD thesis :)

Of course 2011 has shown us that the main threat to fred at gmail.com's
password is for him to use the same password at Gmail and at an entirely
reputable website operated by a leading security company....

- -- 
Richard Clayton                            <richard.clayton at cl.cam.ac.uk>
                                  tel: 01223 763570, mobile: 07887 794090
                    Computer Laboratory, University of Cambridge, CB3 0FD

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBTwCVzeINNVchEYfiEQLf+wCgnZ71coEBYvw8MChZtyjdZGybX/MAoOnh
FPcXzMKzwQrV/IquUpvwV4xy
=Vva8
-----END PGP SIGNATURE-----



More information about the cryptography mailing list