random passwords (was Re: Worm...)
Barry Shein
bzs at encore.com
Wed Nov 30 06:19:48 AEST 1988
>Let's look at this quantitatively. There are, more or less, 95
>printable characters. We'll subtract 2 for @ and #, which many UNIX
>systems still use for line kill and erase. If we consider just
>8-character passwords, that means there are 93^8 possibilities, or
>5,595,818,096,650,401. Each one can be encrypt 4096 different ways,
>given the salt; this leaves us with 22,920,470,923,880,042,496...
>...If your encryptions take even 10 microseconds -- still 1000 times the best
>speed reported for an 8600 -- my password is safe for 2 years.
>What can we conclude? First, for 8-character passwords, today's algorithms
>are good enough for now. Second, that they won't be forever; in 10 years,
>some of these numbers will start to look worrisome. Third, using a larger
>input character set expands the search space beyond the forseeable trouble
>range.
>
> --Steve Bellovin
Round of applause!
I consider this a good argument to support my claim that shadow
password files are basically an idea barking up the wrong tree.
Choosing good passwords is both necessary and sufficient for
reasonable security. If your users choose good passwords then hiding a
passwd file is unnecessary. If your users choose bad ones than you
better pray before you go to sleep every night that no one walked out
with a copy of your passwd file, protected or not.
If people leave their office/home/car keys lying around no one should
be shocked if they walk away and later their property is found
burglarized.
If people resist choosing good passwords then the same can be said.
Just as leaving keys around often endangers everyone (eg. outside
entrance keys are often present allowing intruders into the building,
stolen cars often end up in accidents on joy rides etc) so can passwds
left "lying around" (eg. easy to crack.)
On a system I managed a while back I would occasionally try to break
the passwords by use of a program and, when I broke one, would send a
mail message to the owner that went something like:
Your password on this system is trival to break, I broke
it with a readily available program in (time value.)
Please choose a more reasonable password (seven or more
characters, not an english word or name, at least one
punctuation mark and preferably a mixture of upper/lower
case and/or digits.)
If you need help with this don't hesitate to ask one of
the staff.
If you choose to continue to use an easy to break password
please do not bother the staff to restore files or undo other
damage which might be done to your account. Since it wasn't
important to you it will not be important to us. Note also
that an intruder can disrupt and destroy others' work, if
such an intrusion is traced to your bad choice of password
the entire user community will be informed of this.
Please excuse the tone of this letter but it is a serious
matter.
A program to demand a decent password might be an improvement, I'm
mixed on the issue of individual responsibility vs trying to cram good
behavior down people's throats with software but given the possible
ramifications to the entire community it has its merits, besides, what
consititutes a "good" password might be confusing to some.
-Barry Shein, ||Encore||
More information about the Comp.unix.wizards
mailing list