[ale] evernote security breach

Michael H. Warfield mhw at WittsEnd.com
Mon Mar 4 15:25:32 EST 2013 

ABSOLUTELY DO NOT DO THIS!

Rainbow tables exist for many crypto systems (DES, NTLM) that will crack
an arbitrary 8 character password with no guessing involved.  A rainbow
table consists of all the possible hashes and their corresponding
passwords.  It takes less that 1TB of disk space and then it's just a
table lookup.

On Mon, 2013-03-04 at 15:00 -0500, John Pilman wrote:
> Here is something I borrowed from Christopher Night. I don't know how to
> link to it directly since it was posted on Google+.
> """
> To generate 10 good passwords on Linux:

> tr -cd a-z < /dev/urandom | fold -b8 | head

No password that is only 8 characters long can be considered "good"
under any circumstance in the modern world unless it's back up with
two-factor auth.  Anyone who tells you they can generated "good" 8
character passwords that are resistant to off-line hash attacks is a
lier or ignorant or a fraud or all of the above.  Between rainbow tables
and distributed GPU based password engines, any arbitrary 8 character
passwords are toast.

> This chooses 8 lowercase letters at random. Some password systems will tell
> you these passwords are weak because they're short and don't contain
> numbers, capitals, or punctuation, but the fact that they're generated by a
> computer rather than by a human more than makes up for this fact. These
> 8-letter passwords have 38 bits of entropy, which NIST estimates to be as
> strong as a user-chosen password (that includes numbers, capitals, and
> punctuation) of 22 characters. This should be enough for just about anyone.

> If you need extremely high-entropy passwords for something, you can change
> "a-z" to a bigger selection of characters and/or increase the length of the
> password:

> tr -cd [:print:] < /dev/urandom | fold -b14 | head

20 years ago 8 characters might have been sufficient.  As recent as 10
years ago 12 were considered so.  NIST standards typically lag behind on
things and people quote NIST standards that have been out of date for
over a decade (hell, I still see people claiming you need to overwrite
things 7 times to erase a disk when NIST and DoD revoked that
recommendation back in 2001).

> These 14-character passwords have 92 bits of entropy, which according to
> the NIST estimate is the same as a user-generated password of 76 characters.
> """

Reference?  I'd like to see the date on that and ascertain that it's a
standard and not just a discussion paper from NIST (sort of the same as
the difference between standards track RFC's and informational RFC's at
the IETF).

Several years ago I had the (cough) privilege of reviewing some DHS docs
on passwords.  IIRC correctly, even 14 characters was considered weak.
But, then again, they were also recommending forced password changes on
a routine basis, which is silly nonsense from a security standpoint.
The forced password aging did not make the final document after I
pointed out how illogical it was and why it failed to address anything
on an attack tree graph.  I suppose I could have used softer language
when pointing out just how STUPID that recommendation was.  Oh well.  My
file gets thicker.

> ...John

Regards,
Mike

> On Mon, Mar 4, 2013 at 1:33 PM, Richard Bronosky <richard at bronosky.com>wrote:
> 
> > I use XKCD passwords http://xkcd.com/936/
> >
> > I've been pleasantly surprised to find most of the services I care about
> > don't complain about my 30+ character passwords. I really wish they would
> > be smarter about entropy measurement rather than just insisting on some
> > stupid rules be satisfied.
> >
> >
> >
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://mail.ale.org/pipermail/ale/attachments/20130304/4a0dcb10/attachment.sig>

More information about the Ale mailing list