On 7 March 2015 at 11:53, Mike Pinkerton <pselists@xxxxxxxxxxxxxx> wrote:
On 7 Mar 2015, at 10:41, Björn Persson wrote:
Mike Pinkerton wrote:
On 6 Mar 2015, at 23:49, Adam Williamson wrote:
On Fri, 2015-03-06 at 23:09 +0100, Björn Persson wrote:
I hope https://xkcd.com/936/will be among the inputs to that
discussion.
I'm fond of noting that pwquality has not yet blacklisted any variant
of correcthorsebatterystaple. I've been using correcthorse as my stock
anaconda testing password, since the strength check has been
enforced...
It won't stand up to a combinator attack:
<https://www.schneier.com/blog/archives/2013/06/a_really_good_a.html>
It's not entirely clear, but I guess you mean that a two-word
combination like "correct horse" won't stand up. That appears to be
true. A four-word phrase is an entirely different matter. Each
additional word increases the complexity exponentially, so doubling the
number of words squares the number of possible combinations.
The "combinator" attack that is described in the Ars Technica article that Bruce Schneier quotes in the above link appears to be an attack that tries combinations of multiple words from one or more of the attacker's word lists. Certainly adding more words to the pass-phrase would make that more difficult. As I don't know the current state of the art in password cracking, I don't know whether attackers typically limit their attacks to only two words, or extend to three or more words.
They limit it to 1-2 words because it takes a LONG time to crack SHA512crypt passwords. You can do on average 32k -> 128k hash crypt checks per second per password. A two word dictionary of diceware would have 2^25.85 passwords in it. A single system is going to take 256 seconds on 2 words. Add in 3 words (2^38.775) and it is 24 days. Add in a 4th word and it is 544 years. Add in a 5th word and it is 4.5 million years.
While writing this up I went and checked that the whole thing is outlined point for point in wikipedia
To estimate the time just do the following:
$15,000 computer -> 128k/sec = 2^17. Lets assume moore's law comes in and we have 2^20 by 2020.
Take the possible entropy and subtract the 2^17 and that will give you the worst case. I believe it may be 1/4 of that so make it subtract 2^19 currently for one system and 2^29 for a cluster of 1024 computers (so 15 million dollars).
2 words is going to be (25.85-19) 115 seconds for one system and 0.1 for big ass cluster.
3 words is going to be (38.78-19) 236 hours ). <1 day for big ass cluster
4 words is going to be (51.70-19) 221 years). < 1 year
5 words is going to be (64.63-19) 1.7 million years) < 1700 years. (or 1.7 years for a 15 billion dollar investment).
To get equivalent strength from say an all lower case password you are going to need 14 [a-z] characters.
Now here is the funny thing. All that speed to get 128k is if the password is less than around 12 characters for most cracking software due to the way the hardware and algorithms have been optimized. If the string is longer than that the hardware drops in speed by orders of magnitude. So correctstaple is actually going to take longer than I said. In fact all the numbers I put for 3+ words is probably going to be 10-100 times longer.
There are 2 caveats.
1) Once again, Adam was being sarcastic. He knows the password isn't any good because well he TOLD everyone what it was. He was making fun of the fact that libpwquality does not blacklist it.. which means that correctstaple is the new password of choice (when the old one might have been 123456)
2) This is always true http://xkcd.com/538/
And finally. If one were to take the top 1 million known passwords as the dictionary.. then each word would have about 20 bits of entropy. A password generator that outputted stuff like
123456 password trustn01 letmein1
would take 256 or more longer to brute force crack than using diceware. Actually that sounds like a nice project to add to my EN_RN translation project.
Stephen J Smoogen.
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct