On Mon, 2 Jan 2012, lodewijk andr?? de la porte wrote:
The reason for regular change is very good. It's that the low-intensity
brute forcing of a password requires a certain stretch of time. Put the
change interval low enough and you're safer from them.
We've had someone talk on-list about a significant amount of failed remote
ssh login attempts. Should he chose not to force user to change their
passwords they wouldn't. And the likelyhood of a successfull login
would improve with the years (given coordination) to somewhere above the
admin's comfort zone.
I just don't buy this argument; am I missing something?
Say passwords are chosen uniformly from a space of size N. If you never
change your password, then an adversary is guaranteed to guess your
password in N attempts, and in expectation guesses your password in N/2
attempts.
If you change passwords constantly, and an adversary guesses a random
password (with replacement) each password-guessing attempt, then in
expectation the adversary guesses your password in N attempts. Not much of
an advantage.
(This seems like such a trivial point I hesitated to post it, but I
haven't seen it come up explicitly at any point in this thread.)
The point you raise below (about limiting exposure once a password *is*
guessed) remains valid, though for common-use passwords (where an
adversary can simply lock the legitimate user out of the account once the
password is guessed) I wonder how much benefit there really is.
The timeframe in which a password has to change also limits the maximum
time exposed once someone has cracked it. This is relevant when the
adversary needs multiple opportunity's to coincide. The amount of time
it'll have access without triggering resource-counting or other
"suspicious behavior" alarms becomes limited, as changing a password would
either lock him or the legitimate user out.
For most systems though, it's a complete waste of time.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
