2012/1/3 Jonathan Katz <[email protected]> > On Mon, 2 Jan 2012, lodewijk andré de la porte wrote: > > The reason for regular change is very good. It's that the low-intensity >> brute forcing of a password requires a certain stretch of time. Put the >> change interval low enough and you're safer from them. >> >> We've had someone talk on-list about a significant amount of failed remote >> ssh login attempts. Should he chose not to force user to change their >> passwords they wouldn't. And the likelyhood of a successfull login >> would improve with the years (given coordination) to somewhere above the >> admin's comfort zone. >> > > I just don't buy this argument; am I missing something? > > Say passwords are chosen uniformly from a space of size N. If you never > change your password, then an adversary is guaranteed to guess your > password in N attempts, and in expectation guesses your password in N/2 > attempts. > > If you change passwords constantly, and an adversary guesses a random > password (with replacement) each password-guessing attempt, then in > expectation the adversary guesses your password in N attempts. Not much of > an advantage. >
Yes it only doubles the security. I hate admitting I overestimated something. It looks better on paper though, infinite maximum. And it still limits time exposed on breach, which may be useful but likely isn't. Nope. I can't really think of why it'd substantially help. Twice could be good, but a single character would do that too. Ugh. Time to rage on anyone who stupendously uses password timeouts.
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
