How strong should a password be?
On PBKDF2 iterations.
#cryptography #security #passwords
@atoponce "there is no sane parameters for password hashing that provide anything like the security levels expected in modern cryptography."
This! Oh so much this!
If the attacker gets the password hashes you have lost a substantial amount of security, and no number of rounds (or even memory hardness) is going to make up for it. Using a memory hard slow hash function with a good number of rounds is still best practice, but it cannot be the lynchpin of your security.
@atoponce my favorite thought experiment on this is the following, looking first at Google's login infrastructure there are 2^33 people in the world, a reasonable requirement would be for all of them to be able to login to your system in a single day. That means the system has enough computing power to brute force a 33 bit password in a single day, no matter what parameters you choose (as a very much lower bound, since this assumes that the login is only computing hashes and none of that actual serving stuff).
Now your system might not literally be Google's login servers, but chances are that you don't want to have a system the size of Google's login servers to serve only a handful of people either (plus, while brute forcing is lazily parallel, the whole point of a slow hash function is to not be parallelizable, so those handful people that you're serving with your several data centers worth of compute power will likely have to wait hours to actually log into their system).
This means that as an absolutely lower bound, you should assume 33 bit passwords can always be broken in a day, independent of the hash function you use. (And likely much much less time)
@sophieschmieg That's a clean and simple way to put it. I dig it!
I usually refer them to my GitHub Gist, which hopefully is laid out cleanly, but still verbose
#Password managers like #LastPass are not being truthful about password strength when it comes to passwords you invented to keep everything safe inside.
Their #security #DataBreach started this conversation and it is time to dispel a critical misunderstanding in password security within #infosec. Human passwords are biased. That makes them weaker than any mathematical strength formula can predict.
Just like cryptography, biases are used against you online and offline.
Do your passwords still consist of memorable words and a suffix?
Fascinating read on how to pick better pass phrases, by looking at how they are hacked.