When you're analyzing the strength of a password, make sure you know what's done with it.

re: When you're analyzing the strength of a password, make sure you know what's done with it.

steveg — Mon, 19 Nov 2007 05:32:41 GMT

I wonder if the NSA do something like "select ClearText from Password where MD5=<value> or Sha1=<value>". They'd only need 1.3E36 (give or take) 1TB harddrives... :)

http://en.wikipedia.org/wiki/SHA_hash_functions implies SHA1 is still reasonably secure at the moment. MD5 collisions can be found in a minute according to http://en.wikipedia.org/wiki/MD5

re: When you're analyzing the strength of a password, make sure you know what's done with it.

Norman Diamond — Mon, 19 Nov 2007 03:10:50 GMT

I write down some of my passwords. One example used to be that if someone stole my wallet then they could get my money, use my credit cards, and log into some of my employer's computers (if they could get into the building). One example now is that if someone breaks into my apartment then they can get my computers and they can order a pizza to be sent to me (or to them if they want to risk waiting for it).

I'd say that a strong written-down password is better than a weak memorable one. Also a strong written-down password is better than one that's stored in HKCU.

re: When you're analyzing the strength of a password, make sure you know what's done with it.

Motoma — Sun, 18 Nov 2007 05:43:43 GMT

@mh: Performing a one-way hash on a password is designed to provide security in a way that neither password expiration nor account lockout are able: in the case that your data is compromised, hashes ensure that you haven't given your intruder a list of email addresses and passwords to start running through Paypal (or any other site for that matter).

I don't want to put words into Larry's mouth; however, I would say that the lesson in this post is not making a point about information security directly, rather, it is pointing out how a system's underlying design can subvert the security attempts of even the most cautious user.

As a question to anyone reading this, is brute forcing a viable option for breaking a hash? I always figured that rainbow tables were going to be where password recovery was heading.

re: When you're analyzing the strength of a password, make sure you know what's done with it.

mh — Sat, 17 Nov 2007 00:46:13 GMT

On the whole password security thing, the whole point of complexity is to make dictionary attacks a waste of time. Combine that with a reasonable minimum length so that it's an even call between brute forcing the hash or brute forcing the password itself, then add in account lockout and mandatory password expiration, and the only remaining issues are (1) users writing down their passwords, and (2) backdoor stuff.

It's amazing how often discussions about password security wander off into all kinds of interesting tangents without even considering the two most basic defenses, good old account lockout and mandatory password expiration, both of which have been around since the year dot.

re: When you're analyzing the strength of a password, make sure you know what's done with it.

Arun Philip — Fri, 16 Nov 2007 20:03:54 GMT

Ah, got it Larry. I do recall seeing that messge in XP & 2003, since my default pwd is 16 characters.

re: When you're analyzing the strength of a password, make sure you know what's done with it.

Luigi — Thu, 15 Nov 2007 23:24:18 GMT

But I still don't get it... what would the trouble be in digesting passwords into a hash that far exceed the strength of even the "strongest" passwords? Surely, in this era of terabyte HD's and quad core CPU's, even the allocation of a whole kilobyte to store a user's password is not going to be a problem, I would expect?

re: When you're analyzing the strength of a password, make sure you know what's done with it.

Larry Osterman [MSFT] — Thu, 15 Nov 2007 17:17:56 GMT

arun.philip: If you try to set a password longer than 14 characters on XP, Windows pops up some text indicating that you won't be able to access older resources.

That message is an indication that the LM hash is being disabled.

re: When you're analyzing the strength of a password, make sure you know what's done with it.

Arun Philip — Thu, 15 Nov 2007 13:58:06 GMT

@JM: Thanks for the reference.

@Larry: since most passphrases are longer than 14 characters long, they disable the LM hash

Hmm, JM's link indicates that the password is truncated to 14 characters, so wouldn't that be a case of what Jonathan described?

re: When you're analyzing the strength of a password, make sure you know what's done with it.

Igor — Thu, 15 Nov 2007 04:07:07 GMT

Nothing wrong with md5 except that it was not designed as an encryption hash algorithm replacement but rather as a replacement for crc32.

re: When you're analyzing the strength of a password, make sure you know what's done with it.

Miral — Thu, 15 Nov 2007 02:50:58 GMT

Aaron: Maybe I'm just showing my ignorance here, but what's wrong with MD5?