Re: Password Cracking

From: Lohkee (Lohkee@worldnet.att.net)
Date: 01/23/03 

From: "Lohkee" <Lohkee@worldnet.att.net>
Date: Thu, 23 Jan 2003 01:19:43 GMT

"DaveK" <DaveK@dontspamme.petitmorte.noireallydontlikethepinkstuff.net>
wrote in message news:0ZzX9.1011$RZ.11802@newsfep4-win.server.ntli.net...
> "Lohkee" <Lohkee@worldnet.att.net> wrote in message
> news:zdhX9.6179$zF6.517582@bgtnsc04-news.ops.worldnet.att.net...
> >
> > "DaveK" <DaveK@dontspamme.petitmorte.noireallydontlikethepinkstuff.net>
> > wrote in message news:n3bX9.119$6U3.391@newsfep4-gui.server.ntli.net...
> > > "Lohkee" <Lohkee@worldnet.att.net> wrote in message
> > > news:2PEW9.3154$zF6.273943@bgtnsc04-news.ops.worldnet.att.net...
> > >
> > > ---snip---
> > > >The goal, and sole justification for password cracking exercises, is
to
> > > >reduce risk by enforcing the use of strong passwords via the
> > identification
> > > >and subsequent elimination of those that are weak.
> > > ---snip---
> > >
> > > Well, I would have said "The goal for password cracking exercises is
> to
> > > reduce risk by reducing the use of weak passwords through identifying
as
> > > many of them as possible". Then I would have gone on to raise all the
> > good
> > > points that you make about security in depth, and using lockouts and
all
> > the
> > > other options available to you, rather than go on about the inability
of
> > > one single security tool to perform a task that it isn't actually
meant
> to
> > > be able to do.
> >
> >
> > The problem is that cracking passwords does not reduce risk.

>
> That is your assertion, but since it stands or falls by your claim that
an
> exhaustive brute force search is only slightly more difficult than a
> dictionary attack, I am justified in claiming that cracking passwords
*does*
> reduce risk IF it turns out that BF is in fact MUCH MUCH MUCH harder than
a
> dictionary attack. We shall return to this at the end of the post and
find
> out whether you're right or wrong.
>

How exactly does a strong password reduce risk (given that risk is what
happens *after* the vulnerability has been exploited, i.e., the password has
been cracked? My assertion, by the way, is NOT based on PW strength - it is
based on the fact that no matter how strong a password is there is always
the possibility that it will be compromised (HINT: call the ower and just
ask for the damn thing - has been known to work on more than one occasion)
and that risk is reduced by controlling the aftermath.

> > > I think you misunderstand what password crackers are about. They
> *can*
> > > prove a password to be weak. But they cannot prove it to be strong.
> The
> > > password crackers I've seen don't make any attempt to 'categorize'
> > > passwords: that's a false inference that *you* have made based on
*your*
> > > misunderstandings. They simply reveal the ones they can uncover, in
the
> > > order in which they uncover them.
> >
> >
> > Which are by inference "weak."
>
> Yes, that's what I said. An easily cracked password is weak. It can be
> proven weak.

You contradict yourself! Password crackers do not prove anyhting at all
other than "They simply reveal the ones they can uncover, in the
order in which they uncover them." If we use "strong" passswords on our
wordlist would you then argue that what was once weak (cracked under the old
wordlist) is now strong - or at least not weak by your above statemnent -
and what was once strong is now weak (because the new wordlist will crack
them)? If not, then what exactly ARE you trying to say.

>
> You, on the other hand, are insisting that, therefore, the passwords not
> easily cracked must be regarded as strong.

You statement is absolutelty FALSE. I have stated, and maintain, that
password strength is a function of the number of possiblities in the pool.
The greater the number, the "stronger" a given password - a FACT which is
easily proven by mathamatical analysis, although I must admit, I do wish
lottery people would use your method.

>
> That is a logic error of the form:
>
> p => q therefore ~p => ~q
>
> where p = "the password is easily cracked", q = "the password is weak".
As
> anyone with the least knowledge of logical reasoning will tell you, the
only
> valid inference you can really make here is
>
> p => q therefore ~q => ~p
>
> or in other words, if a password is not weak, that implies it will not
> easily be cracked.

The error is that you are operating under a misstatement of my position,
make the above meaningless.

>
> > I would also suggest looking a some PW
> > cracking vendors websites, and the verbiage they use.
>
> So what? Adverts are full of lies and bull***. You really can't quote
> them in the effort to sustain a logical argument. You have committed the
> most elementary fallacy in the entire universe of logic. The fact that
some
> marketing idiot in a suit has made the same error does not suddenly
> invalidate everything the human race has ever known about logical
reasoning.

We are not talking about claims of performance, rather categorizations of
strength or weakness, ones, I might add, are in common use throughout the
professional security community.

>
> > > You cannot draw *any* conclusion if the password cracker fails to
> > uncover
> > > a password, you can only draw a conclusion when it succeeds.
> > Specifically,
> > > you can deduce that there is at least one setup (combinations of
> hardware
> > > power and dictionary wordlist size) under which the password is easily
> > > cracked. However, you cannot prove a negative so easily if it fails
to
> > > crack the password.
> >
> > Aren't you simply repeating the point made in the paper?
>
> I am indeed repeating one of your points, since I don't disagree with
> everything you say, but I'm not drawing the same false inferences from it
> that you did.

HUH!

>
> > > ---snip---
> > > The point here is that it is a given any password of eight characters
or
> > > less can be cracked within a very reasonable amount of time. A
> dictionary
> > > attack might do it in nine minutes but is unpredictable. A brute force
> > > attack might take nine days but is completely predictable.
> > > ---snip---
> > >
> > > You just made those figures up, didn't you? Have you ever tried to
> run
> > a
> > > *real* brute force search to completion? Here, let me give you some
> > *REAL*
> > > numbers rather than guesses you just pulled out of thin air:
> > >
> > > JtR running on a 1 Ghz athlon based machine cracking ntlm passwords
> > achieves
> > > about 880,000 keys tested per second.
> > >
> > > An 8-char password based on upper/lower case characters, numerics, and
> > > symbols (let's say 95 possible chars, as you have in your other post)
> > >
> > > 95^8 = 6634204312890625
> > >
> > > 6634204312890625 / 880000 = 7538868537
> > >
> > > 7538868537 / (60 * 60 * 24) = 87255.4
> > >
> > > That's NOT nine days, that's ninety thousand days. That's five orders
> of
> > > magnitude away from nine days. You have overexaggerated the ease of a
> > brute
> > > force attack by a factor of roughly a hundred thousand. If you have
to
> > use
> > > such faked statistics to make your case, I say you haven't made it.
> >
> > I have exaggerated nothing.
>
> Yes, you did. You said an exhaustive bf-search of an 8 char keyspace
> might take nine days instead of nine minutes. That's an exaggeration of
how
> relatively easy it is, by a factor of about a hundred thousand, as I
showed.
> You haven't done any calculations or mathematics or measurements to
justify
> those numbers. You just made them up out of your imagination.

CORRRECTION - I gave you a reference to an analysis written by the winners
of the RSA DES challange. Why repeat the same math over again? The point
was merely to show what is possible.

>
> > In fact, I may have *understated* the case.
> > You statements are driven by your equipment and *very* limited view of
the
> > world.
>
> My statements are driven by what is known as "empirical measurements".
> Yours are driven by what is known as "made up bull***". If you didn't
just
> invent those figures, tell us where they came from. My figures come from
a
> very run-of-the mill system, but now we have some figures to play with, we
> can say things like "Well, we'd need to have ten thousand of these
systems,
> and they'd each need to be running at 10 gigs instead of one, and then
we'd
> be on target for nine days". You just assume that such a target is
possible
> and practical without even attempting to estimate the requirements that
> would need to be met for it to be possible. It's not a "limited" view of
> the world to only pay attention to things that really exist. Hell, there
> *might* be a computer out there on an alien UFO that could do it in a
> nanosecond. But it has nothing to do with our discussion. Please refer
> only to real things, not imaginary ones.

Feeling a little defensive are we?

> > Before making such claims it would be wise to think about the
> > possibilities. You might do a search on DESCHALL and see what they were
> able
> > to accomplish using much older equipment years ago.
>
> Woah, stop the fscking presses, 56-bit DES no longer considered
> uncrackable! That would be why most modern password schemes use something
> vastly more difficult to crack.
>

Look dumb*** - we are not talking about cracking encryption - we are
talking about a brute force (time and speed). Their attack on DES clearly
shows that your figues are based on calculations that are a far cry from
what is possible. THAT was the point.

> > Also, I would suspect a
> > 1Ghz Athlon pales in comaprison to a system with multiple processors,
>
> You don't do maths any better than you do logic, do you? You can't
climb
> an exponential hill by linear increments. Sure, get a system with two or
> four processors: it'll run not quite twice or four times as fast. You
> haven't even made a dent in a factor of a hundred thousand yet, though.
> Remember, we're talking about making passwords that are secure in the real
> world against real threats, not against imaginary uberhackers with brains
> the size of a planet. Precisely how many hackers in history so far have
had
> multi-thousand workstation networks devoted 100% to cracking passwords?
>

> Answer: None.

And you know (and can prove/demonstrate your proof to the group)?

>
> > particularly one that is running an operating system that does not eat
up
> > most of the system resources. Just a guess though.
>
> Well, that's where you and I differ. I'm a scientist and engineer by
> training, and I believe in making real world measurements of real systems,
> which can then be extrapolated to theoretical systems. I test and
measure.
> You just make stuff up out of your imagination and assume it has to be
true
> because you want it to be. That's the dictionary definition of
> "self-delusion", you know. What on earth is wrong with you, that you just
> come up with a guess for how long a bruteforce attack ought to take based
on
> no evidence and no tests, and have such certainty of your own baseless
> assertion that you fail to perceive the very plain mathematical facts I
have
> laid out for you ?
>

Let me see, you have a crappy machine and therefore extrapolute that so to
does everyone else . . . . see the problem here?? But wait, there is more!
You also manage to extrapulate that distributed attacks do not exist (no
doubt based on your superior - which is in itself a pretty dumbass
assumption on your part - training). Not satisfied with this, our great
scientist discounts pre-computed pw/hash pair databases, mixture of the
above, etc., etc., etc.
No doubt, you must have been at the top of your class!

Lohkee!

>
>
> DaveK
> --
> moderator of
> alt.talk.rec.soc.biz.news.comp.humanities.meow.misc.moderated.meow
> Burn your ID card! http://www.optional-identity.org.uk/
> Help support the campaign, copy this into your .sig!
> Proud Member of the Exclusive "I have been plonked by Davee because he
> thinks I'm interesting" List Member #<insert number here>
> Master of Many Meowing Minions
> Holder of the exhalted PF Chang's Crab Wonton Award for kook spankage
above
> and beyond the call of hilarity.
> PGP Key-ID: 0x0FB504D1 Fingerprint 04B7 2E8C 0245 680E 6484 C441 CEC7
D2BD
>
>

Quantcast