FESCO request to revert password confirmation change in F22

Stephen John Smoogen smooge at gmail.com
Sat Mar 7 20:52:42 UTC 2015 

On 7 March 2015 at 11:53, Mike Pinkerton <pselists at mindspring.com> wrote:

>
> On 7 Mar 2015, at 10:41, Björn Persson wrote:
>
>  Mike Pinkerton wrote:
>>
>>> On 6 Mar 2015, at 23:49, Adam Williamson wrote:
>>>
>>>> On Fri, 2015-03-06 at 23:09 +0100, Björn Persson wrote:
>>>>
>>>>> I hope  https://xkcd.com/936/will be among the inputs to that
>>>>> discussion.
>>>>>
>>>>
>>>> I'm fond of noting that pwquality has not yet blacklisted any variant
>>>> of correcthorsebatterystaple. I've been using correcthorse as my stock
>>>> anaconda testing password, since the strength check has been
>>>> enforced...
>>>>
>>>
>>> It won't stand up to a combinator attack:
>>>
>>> <https://www.schneier.com/blog/archives/2013/06/a_really_good_a.html>
>>>
>>
>> It's not entirely clear, but I guess you mean that a two-word
>> combination like "correct horse" won't stand up. That appears to be
>> true. A four-word phrase is an entirely different matter. Each
>> additional word increases the complexity exponentially, so doubling the
>> number of words squares the number of possible combinations.
>>
>
> The "combinator" attack that is described in the Ars Technica article that
> Bruce Schneier quotes in the above link appears to be an attack that tries
> combinations of multiple words from one or more of the attacker's word
> lists.  Certainly adding more words to the pass-phrase would make that more
> difficult.  As I don't know the current state of the art in password
> cracking, I don't know whether attackers typically limit their attacks to
> only two words, or extend to three or more words.
>
>
They limit it to 1-2 words because it takes a LONG time to crack
SHA512crypt passwords. You can do on average 32k -> 128k hash crypt checks
per second per password. A two word dictionary of diceware would have
2^25.85 passwords in it. A single system is going to take 256 seconds on 2
words. Add in 3 words (2^38.775) and it is 24 days. Add in a 4th word and
it is 544 years. Add in a 5th word and it is 4.5 million years.



While writing this up I went and checked that the whole thing is outlined
point for point in wikipedia
http://en.wikipedia.org/wiki/Password_strength

To estimate the time just do the following:

$15,000 computer -> 128k/sec = 2^17. Lets assume moore's law comes in and
we have 2^20 by 2020.

Take the possible entropy and subtract the 2^17 and that will give you the
worst case. I believe it may be 1/4 of that so make it subtract 2^19
currently for one system and 2^29 for a cluster of 1024 computers (so 15
million dollars).

2 words is going to be (25.85-19) 115 seconds for one system and 0.1 for
big ass cluster.
3 words is going to be (38.78-19) 236 hours ). <1 day for big ass cluster
4 words is going to be (51.70-19) 221 years).  < 1 year
5 words is going to be (64.63-19) 1.7 million years) < 1700 years. (or 1.7
years for a 15 billion dollar investment).

To get equivalent strength from say an all lower case password you are
going to need 14 [a-z] characters.

Now here is the funny thing. All that speed to get 128k is if the password
is less than around 12 characters for most cracking software due to the way
the hardware and algorithms have been optimized. If the string is longer
than that the hardware drops in speed by orders of magnitude. So
correctstaple is actually going to take longer than I said. In fact all the
numbers I put for 3+ words is probably going to be 10-100 times longer.

There are 2 caveats.

1) Once again, Adam was being sarcastic. He knows the password isn't any
good because well he TOLD everyone what it was. He was making fun of the
fact that libpwquality does not blacklist it.. which means that
correctstaple is the new password of choice (when the old one might have
been 123456)
2) This is always true http://xkcd.com/538/

And finally. If one were to take the top 1 million known passwords as the
dictionary.. then each word would have about 20 bits of entropy. A password
generator that outputted stuff like

123456 password trustn01 letmein1

would take 256 or more longer to brute force crack than using diceware.
Actually that sounds like a nice project to add to my EN_RN translation
project.

-- 
Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150307/9bdd9102/attachment.html>

More information about the devel mailing list