increasing password security

[Jef Poskanzer]

In the referenced message, bzs at encore.com (Barry Shein) wrote:
}The following proposals seem to be on the table:
}	1. Improve the encryption algorithm so brute force attack
}	on even relatively "easy" passwords becomes difficult.
}	2. Improve software which ensures users choose hard to crack
}	passwords.
}	3. Shadow passwords.

Good enumeration.  But what's wrong with doing all three, plus more if
you can think of any?  Protecting the encrypted passwords isn't admitting
that if they get out you are compromised; it is merely part of a defense
in depth.  It might delay the attack weeks or months, while the cracker
waits to get ahold of the shadow password file.  That is worthwhile.

Also, one point seems to have been missed by everyone regarding proposal
1 above.  Yes, it makes brute force attacks 50 to 100 times harder.  But
it also discourages the more sophisticated pre-computed attack described
Dennis Mumaugh, because the attacker does not know in advance exactly
what the encryption function is.  He can't just grab his CD-ROM filled
with the encrypted lexicon with all salts.  He must first figure out
exactly how many iterations of DES are being used on the target site.
So this is another part of a defense in depth.

Of course, there is a trade-off involved in making your site's security
non-standard.  The upside is that you become less vulnerable to mass attacks
such as the rtm worm or Mumaugh's pre-computed lexicon.  The downside is
that you are no longer quite as confident that your security measures are
free from holes.  I mean, software from reputable sources such as Berkeley
and Sun has been pounded on by so many people that it must be secure, right?
Right?

Anyway, none of this matters too much while passwords are still flying
over the ethernet in the clear.
---
Jef

             Jef Poskanzer   jef at rtsg.ee.lbl.gov   ...well!pokey
          My .forward contains "| sed '1,/^$/d | /bin/sh ; exit 0".