[cryptography] Password non-similarity?

Jonathan Katz jkatz at cs.umd.edu
Mon Jan 2 21:40:36 EST 2012


On Mon, 2 Jan 2012, lodewijk andré de la porte wrote:

> The reason for regular change is very good. It's that the low-intensity
> brute forcing of a password requires a certain stretch of time. Put the
> change interval low enough and you're safer from them.
>
> We've had someone talk on-list about a significant amount of failed remote
> ssh login attempts. Should he chose not to force user to change their
> passwords they wouldn't. And the likelyhood of a successfull login
> would improve with the years (given coordination) to somewhere above the
> admin's comfort zone.

I just don't buy this argument; am I missing something?

Say passwords are chosen uniformly from a space of size N. If you never 
change your password, then an adversary is guaranteed to guess your 
password in N attempts, and in expectation guesses your password in N/2 
attempts.

If you change passwords constantly, and an adversary guesses a random 
password (with replacement) each password-guessing attempt, then in 
expectation the adversary guesses your password in N attempts. Not much of 
an advantage.

(This seems like such a trivial point I hesitated to post it, but I 
haven't seen it come up explicitly at any point in this thread.)

The point you raise below (about limiting exposure once a password *is* 
guessed) remains valid, though for common-use passwords (where an 
adversary can simply lock the legitimate user out of the account once the 
password is guessed) I wonder how much benefit there really is.

> The timeframe in which a password has to change also limits the maximum
> time exposed once someone has cracked it. This is relevant when the
> adversary needs multiple opportunity's to coincide. The amount of time
> it'll have access without triggering resource-counting or other
> "suspicious behavior" alarms becomes limited, as changing a password would
> either lock him or the legitimate user out.
>
> For most systems though, it's a complete waste of time.
>


More information about the cryptography mailing list