Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ukma!husc6!encore!bzs@encore.com From: bzs@encore.com (Barry Shein) Newsgroups: comp.unix.wizards Subject: Re: random passwords (was Re: Worm...) Message-ID: <4302@encore.UUCP> Date: 29 Nov 88 20:19:48 GMT References: <28399@tut.cis.ohio-state.edu> <278@aber-cs.UUCP> <10896@ulysses.homer.nj.att.com> Sender: news@husc6.harvard.edu Reply-To: bzs@encore.com (Barry Shein) Distribution: eunet,world Organization: Encore Computer Corp Lines: 73 In-reply-to: smb@ulysses.homer.nj.att.com (Steven M. Bellovin) >Let's look at this quantitatively. There are, more or less, 95 >printable characters. We'll subtract 2 for @ and #, which many UNIX >systems still use for line kill and erase. If we consider just >8-character passwords, that means there are 93^8 possibilities, or >5,595,818,096,650,401. Each one can be encrypt 4096 different ways, >given the salt; this leaves us with 22,920,470,923,880,042,496... >...If your encryptions take even 10 microseconds -- still 1000 times the best >speed reported for an 8600 -- my password is safe for 2 years. >What can we conclude? First, for 8-character passwords, today's algorithms >are good enough for now. Second, that they won't be forever; in 10 years, >some of these numbers will start to look worrisome. Third, using a larger >input character set expands the search space beyond the forseeable trouble >range. > > --Steve Bellovin Round of applause! I consider this a good argument to support my claim that shadow password files are basically an idea barking up the wrong tree. Choosing good passwords is both necessary and sufficient for reasonable security. If your users choose good passwords then hiding a passwd file is unnecessary. If your users choose bad ones than you better pray before you go to sleep every night that no one walked out with a copy of your passwd file, protected or not. If people leave their office/home/car keys lying around no one should be shocked if they walk away and later their property is found burglarized. If people resist choosing good passwords then the same can be said. Just as leaving keys around often endangers everyone (eg. outside entrance keys are often present allowing intruders into the building, stolen cars often end up in accidents on joy rides etc) so can passwds left "lying around" (eg. easy to crack.) On a system I managed a while back I would occasionally try to break the passwords by use of a program and, when I broke one, would send a mail message to the owner that went something like: Your password on this system is trival to break, I broke it with a readily available program in (time value.) Please choose a more reasonable password (seven or more characters, not an english word or name, at least one punctuation mark and preferably a mixture of upper/lower case and/or digits.) If you need help with this don't hesitate to ask one of the staff. If you choose to continue to use an easy to break password please do not bother the staff to restore files or undo other damage which might be done to your account. Since it wasn't important to you it will not be important to us. Note also that an intruder can disrupt and destroy others' work, if such an intrusion is traced to your bad choice of password the entire user community will be informed of this. Please excuse the tone of this letter but it is a serious matter. A program to demand a decent password might be an improvement, I'm mixed on the issue of individual responsibility vs trying to cram good behavior down people's throats with software but given the possible ramifications to the entire community it has its merits, besides, what consititutes a "good" password might be confusing to some. -Barry Shein, ||Encore||