mirror of
https://git.sr.ht/~seirdy/seirdy.one
synced 2024-11-27 14:12:09 +00:00
Fixed misconception about salting/hashing
Clarify that salting + hashing isn't reversible by a naive brute-force attack.
This commit is contained in:
parent
56410531fe
commit
f22692d836
2 changed files with 21 additions and 17 deletions
|
@ -26,18 +26,15 @@ How strong should your password be for it to be safe from a brute-force attack b
|
||||||
|
|
||||||
### Quantifying password strength.
|
### Quantifying password strength.
|
||||||
|
|
||||||
|
Note: a previous version of this section wasn't clear and accurate. I've since removed the offending bits and added a clarification about salting/hashing to the "Caveats and estimates" section.
|
||||||
|
|
||||||
A good measure of password strength is *entropy bits.* The entropy bits in a password is a base-2 logarithm of the number of guesses required to brute-force it.¹
|
A good measure of password strength is *entropy bits.* The entropy bits in a password is a base-2 logarithm of the number of guesses required to brute-force it.¹
|
||||||
|
|
||||||
A brute-force attack that executes 2ⁿ guesses is certain to crack a password with n entropy bits, and has a one-in-two chance of cracking a password with n+1 entropy bits.
|
A brute-force attack that executes 2ⁿ guesses is certain to crack a password with n entropy bits, and has a one-in-two chance of cracking a password with n+1 entropy bits.
|
||||||
|
|
||||||
For scale, AES 256 encryption is currently the industry standard for strong symmetric encryption.
|
For scale, AES-256 encryption is currently the industry standard for strong symmetric encryption, and uses key lengths of 256-bits. An exhaustive key search over a 256-bit key space would be up against its 2²⁵⁶ possible permutations.
|
||||||
|
|
||||||
=> https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Advanced Encryption Standard (Wikipedia)
|
=> https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
|
||||||
|
|
||||||
As the name suggests, its keys have 256 bits of entropy. Be aware that AES keys are typically derived from key derivation functions that salt and hash passwords, so a brute-force attack to discover the password from an AES key would be against such a function. Perhaps I could address that in a future article.
|
|
||||||
|
|
||||||
=> https://en.wikipedia.org/wiki/Key_derivation_function Key derivation function (Wikipedia)
|
|
||||||
=> https://en.wikipedia.org/wiki/Salt_(cryptography) Salt (cryptography) (Wikipedia)
|
|
||||||
|
|
||||||
To calculate the entropy of a password, I recommend using a tool such as zxcvbn or KeePassXC.
|
To calculate the entropy of a password, I recommend using a tool such as zxcvbn or KeePassXC.
|
||||||
|
|
||||||
|
@ -58,6 +55,10 @@ If P(n, e) ≥ 1, the MOAC will certainly guess your password before running out
|
||||||
|
|
||||||
I don't have a strong physics background.
|
I don't have a strong physics background.
|
||||||
|
|
||||||
|
A brute-force attack will just guess a single password until the right one is found. Brute-force attacks won't "decrypt" stored passwords, because they're not supposed to be stored encrypted; they're salted and hashed.
|
||||||
|
|
||||||
|
=> https://en.wikipedia.org/wiki/Salt_(cryptography) Salt (cryptography) (Wikipedia)
|
||||||
|
|
||||||
When estimating, we'll prefer higher estimates that increase the odds of it guessing a password; after all, the point of this exercise is to establish an *upper* limit on password strength. We'll also simplify: for instance, the MOAC will not waste any heat, and the only way it can guess a password is through brute-forcing. Focusing on too many details would defeat the point of this thought experiment.
|
When estimating, we'll prefer higher estimates that increase the odds of it guessing a password; after all, the point of this exercise is to establish an *upper* limit on password strength. We'll also simplify: for instance, the MOAC will not waste any heat, and the only way it can guess a password is through brute-forcing. Focusing on too many details would defeat the point of this thought experiment.
|
||||||
|
|
||||||
I won't address any particular encryption algorithms; this is just a pure and simple brute-force attack given precomputed password entropy. Furthermore, quantum computers can use Grover's algorithm for an exponential speed-up; to account for quantum computers using Grover's algorithm, calculate P(n/2, e) instead.
|
I won't address any particular encryption algorithms; this is just a pure and simple brute-force attack given precomputed password entropy. Furthermore, quantum computers can use Grover's algorithm for an exponential speed-up; to account for quantum computers using Grover's algorithm, calculate P(n/2, e) instead.
|
||||||
|
@ -277,7 +278,7 @@ A publication⁵ by Seth Lloyd from MIT further explores limits to computation s
|
||||||
|
|
||||||
## Acknowledgements
|
## Acknowledgements
|
||||||
|
|
||||||
Thanks to Barna Zsombor and Ryan Coyler for helping me over IRC with my shaky physics and pointing out the caveats of my approach. u/RisenSteam on Reddit also corrected my reference to AES-256 encryption by bringing up salts.
|
Thanks to Barna Zsombor and Ryan Coyler for helping me over IRC with my shaky physics and pointing out the caveats of my approach. u/RisenSteam on Reddit also corrected an incorrect reference to AES-256 encryption by bringing up salts.
|
||||||
|
|
||||||
My notes from Thermal Physics weren't enough to write this; various Wikipedia articles were also quite helpful, most of which were linked in the body of the article.
|
My notes from Thermal Physics weren't enough to write this; various Wikipedia articles were also quite helpful, most of which were linked in the body of the article.
|
||||||
|
|
||||||
|
|
|
@ -59,6 +59,8 @@ MOAC?
|
||||||
|
|
||||||
### Quantifying password strength.
|
### Quantifying password strength.
|
||||||
|
|
||||||
|
*A previous version of this section wasn't clear and accurate. I've since removed the offending bits and added a clarification about salting/hashing to the [Caveats and estimates]({{<ref "#caveats-and-estimates" >}}) section.*
|
||||||
|
|
||||||
A good measure of password strength is **entropy bits.** The entropy bits in a
|
A good measure of password strength is **entropy bits.** The entropy bits in a
|
||||||
password is a base-2 logarithm of the number of guesses required to brute-force
|
password is a base-2 logarithm of the number of guesses required to brute-force
|
||||||
it.[^1]
|
it.[^1]
|
||||||
|
@ -68,13 +70,9 @@ password with *n* entropy bits, and has a one-in-two chance of cracking a passwo
|
||||||
with *n*+1 entropy bits.
|
with *n*+1 entropy bits.
|
||||||
|
|
||||||
For scale, [AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)
|
For scale, [AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard)
|
||||||
encryption is currently the industry standard for strong symmetric encryption. As the
|
encryption is currently the industry standard for strong symmetric encryption, and
|
||||||
name suggests, its keys have 256 bits of entropy. Be aware that AES keys are
|
uses key lengths of 256-bits. An exhaustive key search over a 256-bit key space would
|
||||||
typically derived from [key derivation
|
be up against its 2<sup>256</sup> possible permutations.
|
||||||
functions](https://en.wikipedia.org/wiki/Key_derivation_function) that
|
|
||||||
[salt](https://en.wikipedia.org/wiki/Salt_(cryptography)) and hash passwords, so a
|
|
||||||
brute-force attack to discover the password from an AES key would be against such a
|
|
||||||
function. Perhaps I could address that in a future article.
|
|
||||||
|
|
||||||
To calculate the entropy of a password, I recommend using a tool such as
|
To calculate the entropy of a password, I recommend using a tool such as
|
||||||
[zxcvbn](https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/wheeler)
|
[zxcvbn](https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/wheeler)
|
||||||
|
@ -97,6 +95,11 @@ Caveats and estimates
|
||||||
|
|
||||||
I don't have a strong physics background.
|
I don't have a strong physics background.
|
||||||
|
|
||||||
|
A brute-force attack will just guess a single password until the right one is found.
|
||||||
|
Brute-force attacks won't "decrypt" stored passwords, because they're not supposed to
|
||||||
|
be stored encrypted; they're typically
|
||||||
|
[salted](https://en.wikipedia.org/wiki/Salt_(cryptography)) and hashed.
|
||||||
|
|
||||||
When estimating, we'll prefer higher estimates that increase the odds of it guessing
|
When estimating, we'll prefer higher estimates that increase the odds of it guessing
|
||||||
a password; after all, the point of this exercise is to establish an *upper* limit on
|
a password; after all, the point of this exercise is to establish an *upper* limit on
|
||||||
password strength. We'll also simplify: for instance, the MOAC will not waste any
|
password strength. We'll also simplify: for instance, the MOAC will not waste any
|
||||||
|
@ -343,8 +346,8 @@ Acknowledgements
|
||||||
|
|
||||||
Thanks to [Barna Zsombor](http://bzsombor.web.elte.hu/) and [Ryan
|
Thanks to [Barna Zsombor](http://bzsombor.web.elte.hu/) and [Ryan
|
||||||
Coyler](https://rcolyer.net/) for helping me over IRC with my shaky physics and
|
Coyler](https://rcolyer.net/) for helping me over IRC with my shaky physics and
|
||||||
pointing out the caveats of my approach. u/RisenSteam on Reddit also corrected my
|
pointing out the caveats of my approach. u/RisenSteam on Reddit also corrected an
|
||||||
reference to AES-256 encryption by bringing up salts.
|
incorrect reference to AES-256 encryption by bringing up salts.
|
||||||
|
|
||||||
My notes from Thermal Physics weren't enough to write this; various Wikipedia
|
My notes from Thermal Physics weren't enough to write this; various Wikipedia
|
||||||
articles were also quite helpful, most of which were linked in the body of the
|
articles were also quite helpful, most of which were linked in the body of the
|
||||||
|
|
Loading…
Reference in a new issue