lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Mar 2015 12:44:57 -0700
From: Bill Cox <waywardgeek@...il.com>
To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net>
Subject: Re: [PHC] Re: Password hashing by itself is not enough
On Fri, Mar 13, 2015 at 12:22 PM, Justin Cappos <jcappos@....edu> wrote:
>
>> Key management / Protector account management concerns aside, I think it
>> is reasonable to say the result (the resulting security posture) of a
>> secret key and PolyPass are fairly similar if not exactly the same?
>>
>
> Yes, it is effectively the same. In both cases, one needs to somehow
> recover the key before individual cracking passwords. So in both cases,
> there is something the attacker must obtain before performing traditional
> password cracking.
>
While I am a fan of PolyPass, it provides different security than a master
secret. If a small number of passwords is need, like 3, then an attacker
only needs to create 3 shill accounts before stealing the password DB. If
the number is very high, like 1000, then only very popular sites could
afford the login delay on startup (or alternatively the temporary lack of
protection on user accounts as suggested in the paper). Also, while a
master password could in theory even defeat the MiB, the MiB could simply
ask 1,000 of it's employees for their passwords, and an oppressive
government could simply demand passwords from 1,000 citizens. In contrast,
a master secret, if managed successfully, stops an attacker without access
to the secret cold. However, getting that secret is probably a simple
legal procedure in many cases.
Bill
Content of type "text/html" skipped
Powered by blists - more mailing lists