[ale] OT - making really strong pass phrases - was New encryption technology using a piece of paper

Michael H. Warfield mhw at WittsEnd.com
Tue Sep 6 23:44:52 EDT 2011


On Tue, 2011-09-06 at 23:15 -0400, Tim Watts wrote: 
> Interesting stuff. Unless I'm misunderstanding this, these times only
> apply under the assumed conditions (multiple 1-4 char words etc.). If
> the off-line attackers only have say a 256-bit hash of your
> password/phrase then they have no rational basis to make these
> assumptions. Depending on the attacker's degree of motivation and
> sophistication they might just try pure brute force. If they have vast
> resources I suppose they could run multiple server farms each applying a
> different crack strategy in parallel. More than likely I would think,
> they're going to allocate a only certain amount of time for each
> password (or the database as a whole) applying ever more sophisticated
> crack strategies ranging from simple human patterns to pure brute force.

No...  Actually Those do take that into account.  100 trillion guesses
per second is not an "on-line" brute force attack.  That's trivial to
slow down with routine defenses that are already in place.  That a hash
pounding attack and one can presume one that is taking place after the
rainbow tables have taken out all the low hanging fruit.  The multiple
machines in a botnet is merely a way of doing it "distributed".  You
could even do a "seti at home" type scenario.  Some circles have
referred to this as a "Chinese TV cracking attack" (scenario - every TV
in China has a code cracking chip like a GPU and they distribute the
code cracking load out over all the TV's in China- it's a thought game
in crypto circles).

> None of this, of course, is arguing against preparing for the worst
> case. But I wonder: if they have limited resources (time, hardware) how
> could the attackers decide that a quasi-brute force strategy (e.g.
> assume 1-6 OPIE words) is more likely to be effective than say a pure
> brute force one? My sense is that they can't and so their choice is kind
> of another random element in the attack.

As has been stated...  Less that 6 is pretty useless.  Think 6 or more.
And it's not "quasi-brute force".  Brute force is brute force, you
merely decide on your attack dictionary.  Nobody even attempts an
exhaustive brute force on-line since time delay defenses and multiple
failure blocks pretty well make that vector useless.  Current brute
force attacks focus on truly lame passwords.  Rainbow tables make mince
meat of most hashes for 8 character passwords or less but that's a
different sort of brute force.  I don't think there are any effective
rainbow tables for things of 12 characters and 1024 bit salts (typical
modern sha1 type hashes in shadow files).  Some web sites still don't
practice good password management practices, though, and either don't
salt their hashes or the store passwords in the clear in unencrypted
database tables.

> Also, let's not forget that those times are upper bounds. There's always
> the chance they could get it on the 1st try or anywhere in between!

It's all in the math and probabilities.

Quantum theory predicts that due to quantum blurring and tunneling there
is a minuscule chance that a baseball I throw at a brick wall will
tunnel through it an appear on the other side without damaging the wall
or interacting with the bricks.  The probability is computable and works
out to something like if you are doing this 10 times per second it
should happen once in 10 times the lifetime of the universe.  Not the
way to bet. 

Regards,
Mike

> On Tue, 2011-09-06 at 20:27 -0400, Ron Frazier wrote:
> > Michael W.,
> > 
> > OK.  I'm impressed.  Assuming I did the math right, crack time is 98 
> > thousand years with a 1000 pc botnet.
> > 
> > You've pretty much convinced me to use long simple pass phrases if I 
> > have a choice, unless the website or application won't accept it.
> > 
> > Thanks for the info.  Thanks also to Michael T. and others who joined in 
> > the discussion.
> > 
> > Here are some numbers I thought everyone might like to consider.  
> > Estimated offline crack time based on 1000 pc botnet running at 100 
> > trillion guesses per second.  Using a 2048 word lexicon and simple pass 
> > phrase, giving 11 bits of entropy / word.  Bigger answers are all in 
> > days.  To get these numbers (in days), take the power of 2 (# of 
> > permutations) and divide by 8.64 x 10^18.
> > 
> > 2 words - 2^22 permutations - 42 NANOSECONDS
> > 3 words - 2^33 permutations - 86 MICROSECONDS
> > 4 words - 2^44 permutations - 176 MILLISECONDS
> > 5 words - 2^55 permutations - 360 SECONDS
> > 6 words - 2^66 permutations - 8.54 days
> > 7 words - 2^77 permutations - 17.49 thousand days = 47.92 years
> > 8 words - 2^88 permutations - 35.82 million days = 98.14 thousand years
> > 9 words - 2^99 permutations - 73.36 billion days = 200.98 million years
> > 
> > My take away from this is: if you want protection from a botnet, don't 
> > even consider a pass phrase less than 6 words if using a 2048 word 
> > lexicon.  If you only want protection from a fast attack by a single 
> > machine or small GPU array, multiply these crack times by 1000.  Pass 
> > phrases 5 words and less for this purpose are almost worthless.
> > 
> > Sincerely,
> > 
> > Ron
> > 
> > 
> > On 9/6/2011 5:17 PM, Michael H. Warfield wrote:
> > > Ah...  That's the whole point.  Yes you can go down this road and add
> > > complexity (and misery) to the process but you can accomplish the same
> > > task by adding words that are easy to read and process and much easier
> > > to support.
> > >
> > > Do the math again for 8 words.  88 bits of entropy.
> > >
> > >    
> > 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110906/c9da4870/attachment.bin 


More information about the Ale mailing list