Reply to post: Re: DES

Father of Unix Ken Thompson checkmated: Old eight-char password is finally cracked

Michael Wojcik Silver badge

Re: DES

Staple Horse Battery is incorrect. Here's why:-

https://diogomonica.com/2014/10/11/password-security-why-the-horse-battery-staple-is-not-correct/

(Sigh. You could at least try to get the phrase correct.)

Monica makes some decent points, but he's arguing a different question. His complaint about Munroe's comic is ill-founded. He also relies on incorrect assumptions.

First, he claims "As a community we did a great job incentivizing the use of bcrypt and scrypt, and humiliating those who use bad password hashing mechanisms". That is utter rubbish. In breach after breach we see disclosures of password-verifier databases that do not use strong hashing mechanisms. It will be years before there's a decent probability that exposed verifiers won't use weak hashes. And unless a user knows that the entity computing the verifier is using a strong hash, long passphrases beat short passwords with a complex alphabet. Munroe is completely correct about that.

Second, even against resource-intensive hash algorithms like scrypt and Argon2 (bcrypt is not in the same class, since it's only CPU-intensive), dictionary attacks with reasonable-size dictionaries still work well. And users often still choose weak passwords that appear in such dictionaries.

Third, Monica fails to consider attackers who steal resources (e.g. using leaked AWS keys), and attacks which iterate over IDs using the same password, avoiding lockout and common throttling mechanisms. Assuming that brute-force is only feasible for nation-state attackers is flat-out wrong.

Finally and most importantly, Monica's basic argument is that human-memorized passwords are the wrong protection model, and we should encourage something else. Well, essentially everyone in IT security has been saying that for decades. It's not a controversial or underexposed position. And it's irrelevant to questions about how to structure strong human-memorable passwords, which is still a requirement unless you want users to rely exclusively on other classes of verifiers (the "what you have" and "what you are" classes). And there are significant issues with the latter position, which introduces a significant attack surface with some very bad failure modes.

In any case, arguing against human-memorized passwords does not respond to Munroe's comic. It's a different threat model. You can't claim to make motorcycles safer by telling everyone to ride the bus instead.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019