password protection

Kemp at dockmaster.arpa Kemp at dockmaster.arpa
Sun Jan 1 04:50:59 AEST 1989 


> From: Barry Shein <bzs at encore.com> in V6#064
> . . . [some specifications for non-trivial passwords] . . .
>
> Something has to be tacit, every time someone says that eight chars
> from a 64 or 100 char set should be sufficient someone else jumps up
> and says "not if they're all lower-case!", assume when we say "from
> 100 chars" we mean we'll make it hard to search less, not "from 100
> chars or any number less down to one".

    I can't quite parse that last sentence, but I assume you are saying
"educate users to use mixed-case, digits, and punctuation in their
8 (or 7) character passwords".  That's a useful idea, but it's not
sufficient.  Your math is *bogus*.  Entropy has been discussed here a
few times, but I will beat on it again.

    The maximum amount of information a standard unix password may
contain is 56 bits (8 symbols, each from a set of 128 characters).
BUT, that is only true if for each symbol, every character from the
set is *equally* likely.  If you are going to base your math on a
100 character set (or more precisely the 94 graphic ASCII characters),
you are going to have to have users pick passwords like &Q8nz)~B and
aaaabbbb.  The first one isn't going to be used because humans can't
remember it, and no one will pick the second one because it "isn't
random enough".  As soon as you start adding a priori knowledge about
how passwords are constructed, you reduce the amount of information
they can contain.  If you set an army of undergraduates to generating
zillions of passwords based on your rules (mixed case and punctuation,
no dictionary words, etc), I would be extremely surprised if you came
out with as much as 40 bits of information per password.

The only way I know of to get reasonably high work factor passwords
out of humans is to hash 'pass phrases' down to 56 bits, as has been
suggested several times, most recently by "David L. Jobusch"
 <jobusch at atanasoff.cs.iastate.edu> in v6#064.

> And let's let the conversation about more exotic methods (password
> aging, shadow password files, anything beyond influencing a reasonable
> choice of a good password in the first place which some of us claim is
> sufficient) proceed from there instead of going round and round in
> circles.

Again, you miss the point.  As a security issue, password aging is
virtually orthogonal to password selection.  This has also been explained
several times here or in RISKS.  Passwords may be obtained illicitly in
many ways besides cryptanalytic attack, such as listening to your comm
line or your ethernet, looking over your shoulder, searching your desk
for scraps of paper, running a password grabber, bribing a system
administrator, searching your dumpster for punched cards :-), analysing
the reflections of an invisible laser beam aimed at your keyboard :-) :-),
etc.  The point is, an unauthorized person has your password and you don't
know (s)he has it.  How long do you want him/her to have it.  If your
answer is "a century", that's fine.  On systems with anything of value
to protect, six months might be a better answer.

  Dave Kemp

More information about the Comp.unix.wizards mailing list