On 30/10/11 11:28, William Allen Simpson wrote: > I'm going to pick on Neil a little, because I know he can take it,
Yes, I can ;-) > but it applies to just about everybody else in this thread. > > For shame. My main point here is that (given some simple assumptions about how the site is administered) this is largely a theoretical problem, not a practical one, and there are far bigger problems that need fixing more urgently. This is not to say that a few more characters in the password, or a long term move to a more secure mechanism using much longer tokens, wouldn't be a good idea, but I don't think it's nearly as big a deal as you currently think, and we have more serious problems than this (see below) which need fixing first. [snip] > I really wish folks would at least read a Wikipedia article before > making such calculations. :-( > > No, you've listed the number of combinations, not the entropy. > > No, 40-bits of strength means 2**20 attempts on average. Same order of > magnitude as WEP. You remember WEP, the security designed to be > easily crackable? > > https://secure.wikimedia.org/wikipedia/en/wiki/Wired_Equivalent_Privacy No, you're thinking of a birthday attack, which does indeed takes ~ sqrt(n) guesses on average. A simple brute-force guessing attack, which this would be, takes n/2 guesses on average. In this case, 62^7 ~= 2^41, so you're looking at roughly 2^40 guesses to hit a collision, not 2^20. A bit of rate-limiting on the password recovery mechanism should be enough to limit this to a reasonable level of security: even with the current 7-character temporary passwords, if the mechanism has a site-wide limit to (say) one forced password reset attempt per second, one account will end up being successfully brute-forced roughly every 30,000 years. Of course, this would mean that the mechanism could easily be DDoS'd, but that's really no big deal either -- the password reset mechanism is hardly core infrastructure, and, could trivially be tweaked to be more secure -- and yes, adding a few more characters to the password wouldn't hurt. However, this is way, way, way lower risk than the current risk of brute-forcing low-hanging-fruit user passwords: for every user with a password generated by base64-encoding the output of /dev/random, there will be _thousands_ with passwords like "secret99" and "trustno1". -- Neil _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
