?

Log in

No account? Create an account
Passwords - Arvind Narayanan's journal [entries|archive|friends|userinfo]

Passwords [Aug. 29th, 2006|06:53 am]
Arvind Narayanan
[Tags|, ]

I changed my work password a while back because of the stupid policy, and promptly forgot it. I was on the line with the help desk last evening for several minutes, listening to music, and hung up because I had a damn presentation to complete (still do) and didn't have the patience. I knew that my new password was at a Hamming distance 1 from my old one, so I brute forced it!

Assuming I'm not alone in the way I pick passwords, there are two interesting questions: 1) what percentage of people change their passwords in a way that's easy to guess given the knowledge of their old password 2) if you have an existing large password database, can you crack significantly more passwords from a new server than if you didn't? There are so many nice experiments I can think of running if I had access to a password database. Oh well.

Anyway, the paper "A Method for Making Password-Based Key Exchange Resilient to Server Compromise" at this year's Crypto by Craig Gentry, Philip MacKenzie, and Zulfikar Ramzan* describes how to do remote authentication using low-entropy passwords. Unless a serious bug is found (this paper itself fixes a bug in a 2002 version) this should be the only way that anyone that cares about security should do password authentication over the Internet. I believe the protocol is already an RFC. How long before we start seeing adoption? My guess is that no one's going to change unless they get attacked.

*None of the three authors is in academia, which kind of explains why the paper is not online :(
LinkReply

Comments:
[User Picture]From: arvindn
2006-08-29 11:22 pm (UTC)
"Craig is actually a grad student at Stanford right now."

<slaps forehead> Of course. Sorry.

"Unfortunately, you still have to rewrite all the existing software".

Right. As I understand it, this may or may not involve client (human) participation. Ironically, if the server currently stores the password in the clear, then the upgrade probably does not impact the client. Weird.
(Reply) (Parent) (Thread)