A poll, aimed in particular at people who think they understand the technologies around password cracking. Assume that there is at least one password that you need to be strong and need to remember & type not-infrequently. How many characters is enough for you to feel comfortable in 2024? Assume any char you can type easily is available.
[May need a follow-up poll if the majority is at >=12]
[Boost if you’re interested in the result]
@timbray Hive Systems has a pretty neat table showing password cracking of bcrypt
http://www.hivesystems.com/library
password: cybersecurityforeveryone
@gigantos @timbray That table assumes that (the password cracker assumes that) each password character is randomly chosen from the available character set, which is not the case for most passwords *or* password crackers. Dates are common, "1" at the end is common, capitalizing the first letter is common, etc.
For example: https://www.openwall.com/john/doc/MODES.shtml "this mode deals with trigraph frequencies, separately for each character position and for each password length" (and that's after the wordlist-mangling modes, which are often successful). I assume proprietary password crackers have even fancier modes.
@timbray @gigantos Ah gotcha... In my case neither the password nor its hash are stored anywhere.
User enters a password, a bcrypt hash is generated, which is used as the key to attempt to AES decrypt a password vault file. And either the hash worked or it didn't. No storing anything except an AES encrypted file per user.
Does that make sense? It's described here: https://david.dlma.com/blog/internet-security
@mdione @dblume @timbray The way I understand it, this is on some level identical to /etc/shadow or a database with bcrypt. The attacker still needs to handle one user at the time, and no work can be shared between each user. As you say, you can achieve a similar effect by using more rounds.
One difference though is the size of the data you need to exfiltrate.
@mdione @gigantos @timbray Yep, but in practice the vaults are usually less than a few MB big, so not very big. And there are never many at one install, it intentionally doesn't scale to be large enough for any install to be a tasty target.
A goal was less "surface" for attack. All there is to get would be a few encrypted vaults. I liked the idea of not storing hashes.
There's a README that illustrates the design here: https://github.com/dblume/tiny-vault
So many implicit assumptions... Here's a couple:
- Is this the hardware hackers use? These days hackers spin up GPUs in the cloud, so the times are meaningless
- If my password is "1Monkey$Wrench" it is 14 characters long and contains lower, upper, numbers and specials. According to this table it should take 805bn years and falls within the "good password" criteria. However, because it's made of English words I bet it would take... many orders of magnitude less than that.
@arikb @timbray this table is for fully random passwords, if you don't use a cryptographic random generator for the letters, it will be less hard to break than what is said here.
Also, it is for hardware that is relatively cheaply available for rent (12x RTX4090), if you are determined.
And it is for standard good practice bcrypt.
@gigantos @timbray Considering that the table covers passwords as short as 4 characters, I would say it's hinting at self selected PIN / passwords. I know no password manager that will generate random passwords shorter than 12 characters by default.
And as for the hardware, you can have as many GPUs as you want for the right amount of money by using a cloud computing provider. The speed of cracking is therefore directly proportional to the amount of money invested.
Tim Bray
gigantos
Alyssa Voronin
SnowFox
David Blume
Marcos Dione
Michal Bryxí 🌱
Ben Ford 
Arik