zeronights2013 testing of password policy
DESCRIPTION
http://2013.zeronights.org/fasttrack#dedovTRANSCRIPT
Testing of Password Policy
Anton Dedov
ZeroNights 2013
Who Am I
• Software Developer and Security Engineer@ Parallels Automation
• Open source developer• Mail: [email protected]• Twitter: @brutemorse
3
Motivation
• It is hard for application developers to choose between existing password meters reasonably.
• Worse, some implement their own [or customize existing] without understanding of security and psychological implications.
• Need some framework/criteria that would help reasonable choice.
NAÏVE SECURITY MODEL
100 K10 K
100 K
Untargeted Online Attacks
2.5 K 5 K
• 1 guess per user / day• 2 days to find first password• 100 days to find 50 passwords
User baseCommon passwords
• 1 guess per user / day• 10 days to find first password• 1.5yr to find 50 passwords
Targeted Online Attacks
• 10 failed attempts 1 hour block• 240 attempts per user / day• 7200 attempts per user / month• 86400 attempts per user / year• More IP-s scale linearly
7
Offline Attacks
• Huge dictionaries• Specialized hardware and clusters• No time/complexity limitations except
– Enforced password quality– Hash speed– Salt uniqueness
TESTING PASSWORD METERS
Candidates
• Plesk• jquery.complexify• zxcvbn• libpwquality• passwdqc
Method
• Apply meters to password bases• Dictionary attacks with JtR• Rule-based attacks with JtR• Collect essential parameters
11
Apply Meters
• Requirement: meter should provide unambiguous signal about if password is accepted or not.
• Passwdqc tells straight “OK” or “Bad”.• Others return score. Minimal accepted score
documented.
12
Password Bases
• Real customers• RockYou all• CMIYC-2010 not cracked• Random passphrases• Random 10-char passwords
Red for attacks; blue for psychological acceptance.
13
Dictionaries
Dictionary Size, wordsTiny English 817RockYou top 1438Common-passwords 3546English 54316Tiny English crossed / 8 chars 72100
14
Rules
Rule FactorJtR defaults ~ 40JtR jumbo ~ 5500m3g9tr0n-2048512 = 3510m3g9tr0n-2048517 ~ 860
15
Cracking Sessions
Tiny
None 817 words
JtR default 41K words
JtR jumbo 4M words
m3g9tr0n-2048512 2.8M words
m3g9tr0n-2048517 707K words
16
Cracking Sessions
• 25 attacks per password base per meter• Min dictionary size 817• Max dictionary size 396M
RockYou dictionary was not used against RockYou password base.
17
Parameters
• M – passwords approved by meter
• D – attack dictionary size
• C – # of guessed passwords during attack
• Attack effectiveness
• Attack economy
18
For dictionaries < 100KMax guess rate 0.007%
Online Attacks Effectiveness
19
Max Attack Effectiveness
passwdqc plesk zxcvbn complexify pwquality
rockyou 0.000011 0.000002 0.00013 0.000049 0.000224
cus-tomer1
0.00021 0.000089 0.000315 0.00046 0.00029
cus-tomer2
0.000304 0.00013 0.000182 0.000546 0.000794
0.0100%
0.0300%
0.0500%
0.0700%
0.0900%
0.1100%
0.1300%
20
Max Attack Economy
_x0007_rockyou customer1 customer2
passwdqc 0.001224 0.001224 0.001224
plesk 0.001224 0.001224 0.001224
zxcvbn 0.64185 0.002782 0.001224
complexify 0.198816 0.001224 0.001224
pwquality 0.621545 0.002782 0.001224
10.0000%30.0000%50.0000%70.0000%90.0000%
110.0000%130.0000%150.0000%
21
Average Attack Economy
_x0007_rockyou customer1 customer2
passwdqc 0.00013705 0.00009228 0.00009388
plesk 0.00007885 0.00009156 0.00009176
zxcvbn 0.0340334 0.00017972 0.00009568
complexify 0.010375 0.0000946 0.00010108
pwquality 0.03215435 0.00017748 0.00009328
0.5000%1.5000%2.5000%3.5000%4.5000%5.5000%6.5000%7.5000%8.5000%
Guesses Totals
Meter RockYou Customer 1 Customer 2plesk 0.08% 0.28% 0.28%passwdqc 0.18% 0.23% 0.12%zxcvbn 0.54% 0.26% 0.06%complexify 0.54% 1.06% 0.40%libpwquality 1.16% 0.50% 0.45%
23
Guesses Totals
passwdqc plesk zxcvbn complexify pwquality0.00%
0.50%
1.00%
1.50%
2.00%
2.50%
rockyou-allcustomer2customer1
Psy. Acceptance: User Passwords
Meter RockYou Customer 1 Customer 2plesk 0.21% 3.45% 5.53%passwdqc 1.60% 14.90% 40.62%zxcvbn 5.43% 16.29% 43.16%complexify 2.03% 7.05% 27.18%libpwquality 4.32% 11.88% 34.27%
25
Psy. Acceptance: User Passwords
passwdqc plesk zxcvbn complexify pwquality0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
customer2customer1rockyou-all
26
Psy. Acceptance: Hard Passwords
Meter CMYIC-2010 Pass-Phrases Random10 chars
plesk 24% 0% 42%passwdqc 59% 99.98% 100%zxcvbn 42% 99.76% 99.99%complexify 3% 99.94% 0%libpwquality 10% 99.82% 81%
27
Psy. Acceptance: Hard Passwords
passwdqc plesk zxcvbn complexify pwquality0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%
70.00%
80.00%
90.00%
100.00%
CMIYC2010-uncrackedphrases-rand39random10
28
The “editors” choice
Security Psychologypasswdqc zxcvbnplesk passwdqczxcvbn libpwqualityjquery.complexify jquery.complexifylibpwquality plesk
Conclusions
• Test your security tools for security• Avoid write your own security tools• All tested meters protect from online attacks• Also seem protect from offline attacks
(for slow hashes and unique salts)• But most tend to deny more passwords than it
is necessary, including known to be hard ones• Passwdqc and zxcvbn look best
30
Where to go?
• Bigger dictionaries and brute force• Testing on real people to
– Learn evolution of “common passwords” lists– Test psychological acceptance empirically
• More meters?
31
Special thanks
Alexander PeslyakSolar Designer
Bonus: time to process RockYou…(MBP 2011)
0:00 1:12 2:24 3:36 4:48 6:00 7:12
0:15
0:26
0:13
5:47
3:15
zxcvbnpwqualitypleskpasswdqccomplexify
Hours