|
Message-ID: <20120117195131.GA25350@openwall.com> Date: Tue, 17 Jan 2012 23:51:31 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: bugtraq@...urityfocus.com, Theodore Ts'o <tytso@....edu> Subject: Re: pwgen: non-uniform distribution of passwords On Tue, Jan 17, 2012 at 02:01:38PM +0400, Solar Designer wrote: > Time running (D:HH:MM) - Keyspace searched - Passwords cracked > 0:00:02 - 0.0008% - 6.0% > 0:01:00 - 0.025% - 19.5% > 0:20:28 - 0.5% - 39.1% > 1:16:24 - 1.0% - 47.1% > 3:00:48 - 1.8% - 55.2% > 3:21:44 - 2.3% - 59.4% > 5:05:17 - 3.1% - 64.2% ... > I did some testing of pwgen-2.06's "pronounceable" passwords, and I > think they might be weaker than you had expected (depends on what you > had expected, which I obviously don't know). It was just pointed out to me off-list that the man page for pwgen specifically mentions that this kind of passwords "should not be used in places where the password could be attacked via an off-line brute-force attack." I had missed that detail or at least I did not recall it. This kind of documentation certainly mitigates the problem to some extent. Yet I think this gives users the perception that only the keyspace is smaller, not that the generated passwords are distributed non-uniformly. In fact, most users would not even think of the latter risk. The passwords look much stronger than they actually are, and I think this is a problem. They look like almost random sequences of 8 characters, whereas the level of security for 6% to 20% of them is similar to that of dictionary words with minor mangling. Sure, there's a trade-off, but non-uniform distribution didn't have to be part of it. That's an implementation shortcoming. > Specifically, not only the keyspace is significantly smaller than that > for "secure" passwords (which I'm sure you were aware of), but also the > distribution is highly non-uniform. My guess is that this results from > different phonemes containing the same characters. So certain > substrings can be produced in more than one way, and then some > characters turn out to be more probable than some others (especially as > it relates to their conditional probabilities given certain preceding > characters). Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.