Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!husc6!cmcl2!adm!xadmx!Kemp@dockmaster.arpa From: Kemp@dockmaster.arpa Newsgroups: comp.unix.wizards Subject: Re: password protection Message-ID: <17994@adm.BRL.MIL> Date: 31 Dec 88 18:50:59 GMT Sender: news@adm.BRL.MIL Lines: 57 > From: Barry Shein in V6#064 > . . . [some specifications for non-trivial passwords] . . . > > Something has to be tacit, every time someone says that eight chars > from a 64 or 100 char set should be sufficient someone else jumps up > and says "not if they're all lower-case!", assume when we say "from > 100 chars" we mean we'll make it hard to search less, not "from 100 > chars or any number less down to one". I can't quite parse that last sentence, but I assume you are saying "educate users to use mixed-case, digits, and punctuation in their 8 (or 7) character passwords". That's a useful idea, but it's not sufficient. Your math is *bogus*. Entropy has been discussed here a few times, but I will beat on it again. The maximum amount of information a standard unix password may contain is 56 bits (8 symbols, each from a set of 128 characters). BUT, that is only true if for each symbol, every character from the set is *equally* likely. If you are going to base your math on a 100 character set (or more precisely the 94 graphic ASCII characters), you are going to have to have users pick passwords like &Q8nz)~B and aaaabbbb. The first one isn't going to be used because humans can't remember it, and no one will pick the second one because it "isn't random enough". As soon as you start adding a priori knowledge about how passwords are constructed, you reduce the amount of information they can contain. If you set an army of undergraduates to generating zillions of passwords based on your rules (mixed case and punctuation, no dictionary words, etc), I would be extremely surprised if you came out with as much as 40 bits of information per password. The only way I know of to get reasonably high work factor passwords out of humans is to hash 'pass phrases' down to 56 bits, as has been suggested several times, most recently by "David L. Jobusch" in v6#064. > And let's let the conversation about more exotic methods (password > aging, shadow password files, anything beyond influencing a reasonable > choice of a good password in the first place which some of us claim is > sufficient) proceed from there instead of going round and round in > circles. Again, you miss the point. As a security issue, password aging is virtually orthogonal to password selection. This has also been explained several times here or in RISKS. Passwords may be obtained illicitly in many ways besides cryptanalytic attack, such as listening to your comm line or your ethernet, looking over your shoulder, searching your desk for scraps of paper, running a password grabber, bribing a system administrator, searching your dumpster for punched cards :-), analysing the reflections of an invisible laser beam aimed at your keyboard :-) :-), etc. The point is, an unauthorized person has your password and you don't know (s)he has it. How long do you want him/her to have it. If your answer is "a century", that's fine. On systems with anything of value to protect, six months might be a better answer. Dave Kemp