(part 2 continued...) This is the question I’m getting at. I’m sure that the current implementation is awful as you’ve already pointed out, I only wanted this is a demo of the concept.
If anyone is game I would love to have a practical challenge. Let’s say we are using SHA2. Let’s say I will tell you the following about my inputs: 1) It is a transform on the domain www.facebook.com and I will even say it does not include the www. or the .com 2) My number is a date of some kind. 3) My special char obviously you will know, & 4) I will not tell you my version. How quickly could do you think this could be cracked really? If this answer involves any of the following: “it would take quite a bit of time,” “it would require some pretty decent CPU power,” or “it would need someone that really knows their mathematics and cryptography well” It would require someone who knows how to use something like John the Ripper or Hashcat. There are thousands of such people. Using SHA-256, a GPU acceleration would allow them to probably run millions of guesses per second on a computer that costs less than $5000 dollars. I’m not going the take the challenge, but my off the cuff guess is that they’d have a 75 chance of guessing within 4 hours after initial set up and configuration. (I should note that I don’t do a lot of password cracking myself, but I very much follow what others are doing). You can make it harder for them by increasing the burden on the user. But every time you do that, you make it more likely that the user will use the same system for each site, thus increasing the risk that cracking one will need to a crack of all. If I hear you correctly you are saying that the hacker knows I use this particular password “system”. He knows that I use some form of transform on domain name without www. or .com, that my number is a date of some kind, that my special char is &, he doesn’t know the version. You are saying given all of that you would still need someone who understands password cracking technologies, has specialized hardware (even if not crazy expensive), would need to spend some unknown time X on setup and configuration and then some number of hours on this dedicated machine just to crack my password? I would consider that a huge win. The last time I played with John the Ripper (at least I’m pretty sure it was that, could have been something similar) was in the late 90’s using a 486dx 66 MHz with 8MB of ram and some version of Linux. I realize that the algorithms used today are much better, but then again so is the hardware. What I remember was cracking several of the weakest of the weak passwords within minutes, within hours or perhaps a couple of days you could easily crack 10-20% of the passwords. Maybe those users were particularly stupid but somehow I don’t think so. And this was just working mostly with the out of the box configuration. If we are fully understanding each other here, then what I am proposing does as much, or perhaps even more than I had ever hoped. I thought it would take a lot more work and development for me to even get to this point. Another question of interest me in this case, again assuming I understood you correctly in the first place is, how easy would it be to search for the people using this weak system, and would somehow be any easier or more fruitful than just going after the average passwords? The most exciting thing I have ever read along these lines is this: http://www.extremetech.com/extreme/133067-unbreakable-crypto-store-a-30-character-password-in-your-brains-subconscious-memory This, and things like @inproceedings{BonneauSchechter2014:USENIX, Address = {San Diego, CA}, Author = {Bonneau, Joseph and Schechter, Stuart}, Booktitle = {23rd USENIX Security Symposium (USENIX Security 14)}, Month = Aug, Pages = {607--623}, Publisher = {USENIX Association}, Title = {Towards Reliable Storage of 56-bit Secrets in Human Memory}, Year = {2014}} https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/bonneau are great. But the problem is that there is so far no testing (or reason to believe) that people will be able to do that for dozens of independent passwords. So those training schemes are good for something like a Master Password for some password management system, but they are not useful for the scores of passwords that people need to use. Wow fantastically interesting leak. I will watch the presentation and perhaps comment more later. What do you think about this one? http://www.nimbusid.com/ While the setup and login is a bet lengthy, I find it to be extremely user friendly. The demo requires 3 objects with 7 attributes… I don’t know if whatever math they are still using would still workout but personally I could see it being easier to deal with by having more objects but less attributes. I very much like this system but I can imagine that there must be a reason why it hasn’t taken off like wild fire yet. Even if many users felt it was too cumbersome, it would be great to have it as an option. It makes a lot more sense to me than biometrics, or password, managers, or 2 factor authentication, etc. Although somewhere there still must be some unique data stored in the cloud that could theoretically be stolen in order to allow this to work it would seem. Thanks again for your replies, it’s been enlightening. Cheers. Cheers, -j
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
