[148671] in cryptography@c2.net mail archive
Re: [Cryptography] Passwords are dying - get over it
daemon@ATHENA.MIT.EDU (Arnold Reinhold)
Tue Dec 24 16:57:51 2013
X-Original-To: cryptography@metzdowd.com
From: Arnold Reinhold <agr@me.com>
Date: Tue, 24 Dec 2013 16:36:58 -0500
To: Lars Luthman <mail@larsluthman.net>
Cc: Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 23 Dec 2013 11:14 Kent Borg wrote:
> Passwords can be pretty easy to type, or have lots of entropy in =
> them: but then they get long and hard to type without errors--and hard =
> to remember. For example, this has 128-bits of entropy in it (as it was =
> mechanically and created out of 128-bits of /dev/urandom by a reversible =
> coding):
> =
> e195-16-explore-xray-comet-8bd7-orinoco-reward-canvas-72-strong-spain-pok=
er
A 10 word Diceware=99 password has 129 bits of entropy. Not trivial to mem=
orize, but easier than your 13 words, and the individual words are shorter =
on average as well, e.g.:
field mint flue elk hock paris 1990 ax quake sutton
On 23 Dec 2013 19:10 Lars Luthman wrote:
> But how much key stretching do you want? Even with a billion rounds you
> don't add more than ~30 bits of work, which is less than what you get by
> adding three more words to a Diceware-like passphrase using a dictionary
> with 2000 words.
Key stretching is not just about rounds. It can also engage more of the tra=
nsistors on a typical client or server computer, forcing an hardware attack=
er to use more silicon area for each attack pipeline. A factor of a millio=
n in transistor count over a simple SHA hash is not unreasonable, and coupl=
ed with a million iterations, one could get to a 40-bit increase in attack =
cost. But even 30 bits of key stretching gain gives a 4 word Diceware passp=
hrase 81-bit strength and 5 words 94 bits. You get 120-bits with 7 Dicewar=
e words and 30 bits of stretching, close enough to full 128-bit strength, a=
nd three words fewer than are needed without any key stretching, e.g.:
hamlin jig cub naiad frey allyn pig
Those three fewer words can make the difference between a passphrase that a=
n ordinary person can remember and an burden most will shun. The vital role=
key stretching plays can be thought of as impedance matching crypto securi=
ty systems to human memory capabilities.
Arnold Reinhold
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
