 |
 |
|
July 29, 2004Passwords vs. PassphrasesToday I read an interesting post by Robert Hensing (incident response specialist for Microsoft) about the fact that you shouldn't use passwords of any kind on your Windows networks. Ok, now before you foam at the mouth and think he's nuts, take some time to read the post. Its rather interesting. What Robert is getting at is that in this day and age, with the number of different techniques that exist passwords (especially through pre-computed hashes) are easy to break. His solution, use long passPHRASES that are more difficult to break through attack vectors such as LC. OK, I'll buy that for a dollar. Mostly because thats all that its worth. Robert makes a good point that if you have a longer "passphrase", its is extremely difficult for pre-computed hashed to crack per character. What he fails to really point out is that password entropy doesn't simply get better by using length, UNLESS IT IS RANDOM! Shifting to longer passphrases is good, but only to the extend of the random nature of characters used. Why do I say that? Because tools already exist in the underground that now include precomputed H4CK3R 1337 5P34K, and normalized words that are part of the english language. The weakest link is the human factor here. A passphrase of: Bob's your uncle! Is Alice in wonderland? The answer is 42. ...is great on length, uses a combination of of upper and lower case letters, digits and even special punctuation characters. It is extremely easy for me to remember, I won't even need to write it down. Yet you know what? It is weaker than a password I can make up that is just as easy to remember, but is way shorter. Let me explain. As Robert points out in his post, brute force attacks using pre-computed hashes on longer passphrases is nearly impossible due to the sheer hardware requirements needed to store all the pre-computed results. Ram and diskspace limitations make this much more difficult. However, by using passPHRASES you break down the password into distinct elements, in this case in the english language we call those WORDS. So the parser breaks down the above passphrase into 14 distinct components which are guessable. (You break out punctuation as its own word here). Attackers know this. And can use that to their advantage. Now to be fair, a passphrase with 14 distinct components is still amazingly strong, and difficult to crack. However, it also becomes too easy to break down in password management for the user. Why? Well for starters:
Let me show you a just as effective way of making a strong password/passphrase that will defeat most cracking attack vectors, is easy to remember, and is prone to LESS input errors by humans, the people we are wanting to protect here. Use the same passphrase technique as Robert suggested in your head, and simply type out the first letter, and any numbers and punctuation that come out of it. For the passphrase: Bob's your uncle! Is Alice in wonderland? The answer is 42. You would get a password of: Byu!IAiw?Tai42. Now under the guise of a complex random password, you actually have (in this case):
Robert brings up very interesting thoughts in his post. And you should seriously consider following them, with one change. Remember the user. As security professionals, its easy for us to use insane passwords for protection. We are supposed to know better. But Alice in accounting just isn't going to follow it. With my slight change to simply type out the first letter of each word, and any numbers and punctuation that come out of it, you have a much more PRACTICAL passphrase that is 'good enough' for most networks. With a bit of user education, this can become extremely effective. Oh, and if on the next password rotation you don't feel like using the first letter of every word, change it up. Use the last letter. Or the second. Just remember if you make it to difficult, you will forget it, making it no better than 'g0d' or 'P4$5w0rd!'. Especially since you are going to have to call IT services to reset your password anyways. Posted by SilverStr at July 29, 2004 08:13 AM | TrackBackComments
Interesting. This is the method I have used and commented on Robert's site about. Posted by: Robert Hurlbut at July 29, 2004 09:35 AMI guess great minds think alike. :) Guess I better go read the comments. *lol* Posted by: SilverStr at July 29, 2004 12:03 PMYou have a good point that a password policy that's too strict will backfire and make things worse. Fortunately, there's a halfway decent way to create passphrases. http://www.diceware.com has a wonderfully accurate and practical discussion of passphrases. They have a list of words you can chose from by rolling 5 dice, and you make a passphrase out of the random words. Then you make up a story to link them. The Diceware page also has some debatable but well thought out opinions on how long your passphrase really needs to be. They phrase the decision in terms of what other precautions you've taken. For example, a six-word passphrase is wasted unless you have armed guards preventing physical access to the computer. Intruders will attack the weakest point. Making your strongest point stronger adds no security. Depending on what's threatening your data, I might even advise writing down your password. Not for everybody, but we all know how to guard physical objects like credit cards or slips of paper with passwords on them. Fred Wamsley CISSP Posted by: Beryllium Sphere LLC at July 29, 2004 09:45 PMWhat are you people's thoughts on managing many passwords? I'm trying to come up with a strong security policy for handling passwords. Having 15 character nearly-random passwords for 20 switches, 15 routers, 50 servers, root vs. user accounts, ftp accounts, web accounts, systems for different customers, etc it can easily get out of control. Add in password rotation, being able to give a password to somebody to give them access to a single device without compromising everything else, avoid predictability, etc and it's not super easy. The Diceware site looks pretty good - will have to read it closer later. In my opinion, it's good to print out the entire password list, broken up into different areas, stuffed into different envelopes, and put in a safe. But this has problems as well, such as it needs to be updated when passwords are updated, if somebody needs one password from a sheet then they immediately get everything else on the page, etc. Hence, sharing some passwords can be ok, make life easier, and reduce the chance of forgetting a password which can have high costs. A lot of older networking devices, embedded OSs, etc don't support fancy punctuation in passwords, long (> 8 char) passwords, SSH, and so on. Posted by: Wim at July 30, 2004 12:26 AMWhen I first heard of the passphrase idea a while back it seemed like a good idea so I tried to use it with one of my clients. I was helping them impliment a new password policy and we gave the users the option of 8 random characters or 8 word long passphrase. Every single person chose the password over the passphrase and the feedback was they didn't want to have to type that much to be able to log in. So, there's a small case study to prove your point. Posted by: Dave King at July 30, 2004 05:59 AMI'm not looking for trolls by saying this, but I use 1337speak or phrases with numbers in it. like '1ncr3dul0us' or '12by2is6'. Using something like a mnemonic is a great idea though! Wasn't one of leetspeak's original functions bypassing triggerword filters? deterring dictionary patternmatching attacks is very similar~ Posted by: evilmousse at July 30, 2004 11:19 AMWim, There are a couple of good password 'safe-houses' which work to give you one master password to protect the others. Of course, this is a single point of failure and attack, and that one password has to be extremely strong. But it is effective. I blogged about this a bit before and pointed to an interesting article on MSDN by Keith Brown. You can read the entry over at: http://silverstr.ufies.org/blog/archives/000632.html Basically there are two really good ones out there that I recommend that you check out: 1) Password Safe from Bruce Schneier (http://www.schneier.com/passsafe.html) 2) Password Minder from Keith Brown (http://download.microsoft.com/download/d/3/1/d31fff33-fd97-488f-9bbd-4b7402905716/SecurityBriefs0407.exe) If you have a WinCE device and need a good system, check out eWallet. It works well, its pretty light weight and doesn't cost to much. Works great on a smartphone like the MPx200. YMMV of course. Posted by: SilverStr at July 30, 2004 03:19 PMThree words, chosen from a vocabulary of 5000, plus two digits (in between the words perhaps), makes for quite a strong password in practical terms. Most of the password crack programs that I've seen descriptions of claim that they test somewhere on the order of one to ten million passwords a minute. At the high end of that range, the average time to crach such a password would still be over a year. I've seen one program that claims to test one billion zip passwords a minute. If that claim is true, it would crack a password of that strength within one working day, but if you add a fourth word and a third digit, you're going to be in pretty good shape. These calculations do assume, by the way, that the cracking program is aware of the pattern of words and digits that you are using. Vary that pattern, and that particular cracking program will fail. Deliberately mis-spell a word, and that particular cracking program will fail. More numbers here: http://smokey.rhs.com/web/blog/rhs.nsf/stories/passwordarithmetic -rich Posted by: Richard Schwartz at August 1, 2004 04:05 PMA slightly older version of Passwordsafe is also available for Windows CE (and possibly Linux) . One big advantage of password safe against other systems I looked at, is that it doesn't need to be installed. I keep a copy on a USB memory stick and can use that on any Windows system I want. I have not used Password Minder so I can't comment on that program. Richard Posted by: Richard Clyne at October 18, 2004 05:45 AMYour logic is flawed. As Richard Schwartz pointed out, the mathematics weigh strongly in favor of pass phrases, even if everyone uses correctly formed sentences in the English language with correct punctuation. This is because a character sequence of 10 random characters has the limitation that each character only has about 72 printable unique values. Therefore, you get 72 ^ 10 possible combinations (3e18) With English words, even if you restricted yourself to the 10,000 most common words, and followed the rules of usage which would restrict any position to about 40% of the possibilities based on other positions, a five word passphrase has 4000 ^ 5 possible combinations (1e18). That's the same order of magnitude. Therefore, the passphrase: Is fundamentally as secure as Robert is right. The first one is easier to remember. Posted by: Nick at October 26, 2004 05:11 PM |
 
My 5 Favorite Books
Writing Secure Code
Secure Programming Cookbook Security Engineering Secure Coding Principles & Practice Inside the Security Mind
My 5 Favorite Papers
Smashing the Stack
Penetration Studies Covert Channel Analysis of Trusted Systems DoD Trusted Computer System Evaluation Criteria NSA Security Recommendation Guides
Archives
October 2007
September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006 January 2006 December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004 December 2003 November 2003 October 2003 September 2003 August 2003 July 2003 June 2003 May 2003 April 2003 March 2003 February 2003 January 2003 December 2002 November 2002 October 2002 September 2002 August 2002 July 2002 |
|
