Tim BrayOct 2, 2024

A poll, aimed in particular at people who think they understand the technologies around password cracking. Assume that there is at least one password that you need to be strong and need to remember & type not-infrequently. How many characters is enough for you to feel comfortable in 2024? Assume any char you can type easily is available.
[May need a follow-up poll if the majority is at >=12]
[Boost if you’re interested in the result]

#infosec

9
3.3%
10
6.2%
11
2.2%
>=12
88.3%
Poll ended at .
Show threadgigantosOct 2, 2024

@timbray Hive Systems has a pretty neat table showing password cracking of bcrypt

http://www.hivesystems.com/library
password: cybersecurityforeveryone

Show threadDavid BlumeOct 3, 2024
@gigantos @timbray That Hive Systems tables doesn't say how many workfactor rounds their Bcrypt table is for. We can increase rounds as technology advances. (Which I'm doing this week.) Also, I lock out any access after just a few failed attempts, and they're locked out for minutes. You couldn't get more than 2000 attempts in a day from anywhere in the world if you tried. You'd DDoS the server or burn it up calculating Bcrypt hashes before anything else happens.
Show threadTim BrayOct 3, 2024
@dblume @gigantos The conventional threat model is the hashed form of the password has been stolen and can be worked on offline.
Show threadDavid BlumeOct 3, 2024

@timbray @gigantos Ah gotcha... In my case neither the password nor its hash are stored anywhere.

User enters a password, a bcrypt hash is generated, which is used as the key to attempt to AES decrypt a password vault file. And either the hash worked or it didn't. No storing anything except an AES encrypted file per user.

Does that make sense? It's described here: https://david.dlma.com/blog/internet-security

Internet Security

David Blume's personal blog.

David's Place
Show threadMarcos DioneOct 9, 2024
@dblume @timbray @gigantos so, instead of cracking several hashes in one file (/etc/shadow or equivalent), the attacker needs to crack several files. The result is the hashed password, so it needs to crack that too, so it's only duplicating the cracking effort? Sounds like you could achieve the same with more hashing rounds?
Show threadgigantosOct 9, 2024

@mdione @dblume @timbray The way I understand it, this is on some level identical to /etc/shadow or a database with bcrypt. The attacker still needs to handle one user at the time, and no work can be shared between each user. As you say, you can achieve a similar effect by using more rounds.

One difference though is the size of the data you need to exfiltrate.

Show threadMarcos DioneOct 9, 2024
@gigantos @dblume @timbray ... if the vault files are big enough, right.
Show threadDavid Blume

@mdione @gigantos @timbray Yep, but in practice the vaults are usually less than a few MB big, so not very big. And there are never many at one install, it intentionally doesn't scale to be large enough for any install to be a tasty target.

A goal was less "surface" for attack. All there is to get would be a few encrypted vaults. I liked the idea of not storing hashes.

There's a README that illustrates the design here: https://github.com/dblume/tiny-vault

GitHub - dblume/tiny-vault: A tiny online password vault

A tiny online password vault. Contribute to dblume/tiny-vault development by creating an account on GitHub.

GitHub
Oct 11, 2024 at 11:05pmWeb