-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <caope6pgw2y8rxvgmvpvogyfyffsvpm_0sjahpiznahwuzjf...@mail.gma il.com>, Kevin W. Wall <kevin.w.w...@gmail.com> writes
>Indeed, Ross Anderson did some study of this in one of his >classes (sorry, I don't have the citation, but Ross, if you're >listening, feel free to pipe in) and discovered that passwords >created this way were almost as strong as completely >random passwords by were much more memorable. The memorability and security of passwords -- some empirical results Jianxin Yan, Alan Blackwell, Ross Anderson, Alasdair Grant http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-500.pdf Note that this comes from a time when undergrads did not turn up at Cambridge with favourite passwords which they have been using for years on MySpace, Facebook, Google+ or whatever is next... I rather suspect that would affect the results substantially. - -=-=- BTW: no-one seems to have mentioned the role of auditors in promoting password change policies... whatever the original rationale, it has ended up on their checklist of 'what we expect to find when we see if this company is "secure" and using best practices' -- and it is a brave individual (and hello to Ross again!) who challenges the auditors to ask if they can cite any evidence to substantiate their view that this "best practice" is actually "best". Also -- there seems to be some confusion between threat models. My password of "abc" is not likely to be safe for long on a Unix box where an attacker can steal master.passwd and run offline attacks on it, whereas if I use that password at http://webmail.example.com/ it may be just fine because an attacker gets five guesses and not using "123456" is pretty much good enough. Schechter et al take this to the obvious limit by suggesting that systems should not tell you if they think a password is "strong" but instead tell you how many other people have the same password as you were thinking of using. http://research.microsoft.com/apps/pubs/default.aspx?id=132859 Of course many sites don't restrict your guesses (or fail to link guesses to IPs as well as to accounts), but it still takes rather longer (and more bandwidth) to mount an attack compared with offline brute forcing. Joseph Bonneau (lighbluetouchpaper.org blog was mentioned earlier) has data on this, and a lot of other useful stuff http://www.cl.cam.ac.uk/~jcb82/publications.html and expect even more insight (for example, on how sub-optimal the current criminal approach to password guessing actually is) as he finishes off his PhD thesis :) Of course 2011 has shown us that the main threat to f...@gmail.com's password is for him to use the same password at Gmail and at an entirely reputable website operated by a leading security company.... - -- Richard Clayton <richard.clay...@cl.cam.ac.uk> tel: 01223 763570, mobile: 07887 794090 Computer Laboratory, University of Cambridge, CB3 0FD -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBTwCVzeINNVchEYfiEQLf+wCgnZ71coEBYvw8MChZtyjdZGybX/MAoOnh FPcXzMKzwQrV/IquUpvwV4xy =Vva8 -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography