Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-id: <0FC33D55-2EE3-4AB8-BA24-20D26422CB98@me.com>
Date: Fri, 23 Mar 2018 09:46:06 -0400
From: Arnold Reinhold <agr@...com>
To: passwords@...ts.openwall.com
Subject: Re: Submitting Partial Password Hashes to Pwned Password
 Lookup

On Mar 16, 2018, at 11:24 AM, e@...tmx.net wrote:
> 
> On 03/15/2018 05:24 PM, Arnold Reinhold wrote:
>> Telling people the password they have selected has been cracked in the past, when in all likelihood they will then select a password that is just as weak, doesn’t seem a very effective tactic.
> 
> 
> this bold claim is so stupid on so many levels, i can't even.

Maybe I wasn’t clear enough or perhaps I am missing something, but in my experience most users have some method or rubric for picking passwords. If an IT system rejects a proposed password because it is on a list of 300 million passwords that have already been cracked, they are likely to keep using the same rubric to pick and submit a different password until they find one that is not on the list. There is little reason to think the final password will be materially stronger than the password initially rejected. I was contrasting this tactic with the 63b suggestion to hash passwords using a hardware protected secret, which fundamentally changes the risk equation by eliminating the use of the hash as an oracle for password guessing. I was not intending to criticize filtering with much shorter lists of very common passwords, such as 123456 or password1, which might be vulnerable to trial login attacks, even with failed-attempt throttling. 

Arnold Reinhold

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.