Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20210218191618.GA15226@openwall.com>
Date: Thu, 18 Feb 2021 20:16:18 +0100
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com, passwdqc-users@...ts.openwall.com
Subject: passwdqc 2.0.0

Hi,

This is to announce passwdqc 2.0.0, a new version of our
password/passphrase strength checking and enforcement tool set:

https://www.openwall.com/passwdqc/

There's also a corresponding update of passwdqc for Windows:

https://www.openwall.com/passwdqc/windows/

The upstream repository for passwdqc has recently been moved to Git and
onto GitHub, and all of the changes since the previously announced
release (1.4.0 in December 2019) have been made in Git:

https://github.com/openwall/passwdqc

The major change, corresponding to the major version number update, is
addition of support for external wordlist, denylist, and binary filter
files.  With these, passwdqc can be configured to deny passwords and
passphrases that are based on lines of a tiny external text file (the
"wordlist" option), directly appear in a tiny external text file (the
"denylist" option), or/and directly appear in a maybe huge binary
filter file (the "filter" option).

While usage of larger external text files is inefficient, the binary
filters are very efficient.

Under the hood passwdqc binary filters are improved cuckoo filters, a
modern probabilistic data structure.  They never produce false negatives
(that is, all passwords that are meant to be denied will always be).
They occasionally produce false positives (that is, a previously unseen
password might be unintentionally denied), but with our settings and
algorithm this probability is negligible (fewer than 1 in a billion).
Looking up a password against a filter requires at most two tiny random
disk reads, which is very quick and lightweight for the server.

The binary filters can be created and otherwise managed with the newly
added pwqfilter(1) program.  It can create a binary filter from a list
of plaintexts or from MD4 or NTLM hashes.  The latter are supported in a
way that enables importing of HIBP (Pwned Passwords) database revisions
into passwdqc binary filters.  A lot of effort went into optimizing
pwqfilter for speed, compactness of the resulting filters, and lower
false positive rate.  For example, creating a 98.00% load factor cuckoo
filter from the pwned-passwords-ntlm-ordered-by-hash-v7.txt file, which
is 21 GiB (22 GB) and contains 613+ million lines, takes around 8
minutes on i7-4770K with 32 GiB RAM.  The resulting binary filter file
is 2.3 GiB (2.5 GB), and (with the right optimization option to
pwqfilter) it has a false positive rate of around 1 in 1.15 billion.
With a lower target load factor, the file can be created much quicker
and have an even lower false positive rate, but it would then be larger.

As you can see from the website, we also use this as an opportunity to
sell pre-generated binary filter files.  Given that the pwqfilter
program is free, users have a choice between generating filters on their
own and purchasing ours - or maybe both, for different input data sets.
(If the use of binary filters is desired in a given environment at all.)

pwqfilter works on arbitrary plain text strings or hex-encoded hashes,
and it can also be reused in lieu of grep(1) for many purposes, even
unrelated to passphrases and security.  Considering such possible reuse
and similarity to grep, pwqfilter includes several command-line options
that match grep's, doesn't use command-line option names that would
conflict with grep's, and its exit codes are compatible with grep's.

For applications where false positives would be highly undesirable,
much lower false positive rates like 1 in a billion billion can be
achieved by using much lower target load factors like those below 44%.
(A classic cuckoo filter wouldn't achieve that much improvement in false
positive rate at lower load, but ours is adaptive.  Might be worth
writing an Openwall article on.)

To separate the major change above from other changes, a few
intermediate releases have also been made, without them having been
announced separately.  I'll summarize other significant changes here:

Changes since 1.5.0 to 2.0.0:

Added support for external wordlist, denylist, and binary filter.
(Described above in much detail, won't repeat here.)

Merged changes needed for building with Visual Studio on Windows.  This
includes a refactoring of the random passphrase generator code to make
it shared between platforms.  In other words, the main passwdqc project,
which is free software, now includes changes (freely licensed, indeed)
that had been made to its source files in the non-free Windows product
(without hurting portability).  This simplifies further maintenance for
us and might be handy for someone else wanting to reuse passwdqc source
code in a Visual Studio or another native Windows project (maybe even
competing with ours).

Changes since 1.4.1 to 1.5.0:

Updated the included wordlist to avoid some inappropriate words in
randomly generated passphrases while not removing any words from the
"word-based" check, and also to have plenty of extra words for
subsequent removal of more words that might be considered inappropriate
from the initial 4096 that are used for randomly generated passphrases.
Most of the added words came from EFF Diceware, BIP-0039, and our own
processing of Project Gutenberg Australia books.  (This change has
already resulted in constructive discussion and a likely upcoming
contribution on the very first GitHub issue.  Arguably, without a prior
change like this our project was not ready for GitHub: we'd be getting
pull requests removing words from the list of exactly 4096, which we'd
have to be closing without action, causing frustration for everyone.)

Changes since 1.4.0 to 1.4.1:

Set default for "max" to 72 (was 40).  The previous setting was based on
a reading of RFC 1939, which in practice did not matter.  The new one is
based on bcrypt's truncation at 72, which actually still matters.

Documented "similar" in pwqcheck(1) help message and manual page.  This
is a setting that was supported before and documented for other passwdqc
components before, but was apparently erroneously omitted from here.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.