Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120117215311.GA26319@openwall.com>
Date: Wed, 18 Jan 2012 01:53:11 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: pwgen: non-uniform distribution of passwords

Kurt,

On Tue, Jan 17, 2012 at 02:14:17PM -0700, Kurt Seifried wrote:
> I'm of the mind that documenting issues is good but documenting issues
> doesn't always make them go away.
> 
> E.g. documenting a default usrname/password where it can be easily
> changed is reasonable. Documenting a default username/password that
> cannot be changed doesn't really help to the same degree.
> 
> In this case we have something that tells you not to use an unsafe
> option but isn't exceedingly noticeable or clear (if it came up every
> time you used that option there would be a stringer case for no CVE).
> I'm sitting on the fence for this one (I can see it going either way),
> wouldn't mind some more opinions from the smart people on this list.

CVE assignments also don't always make issues go away.

I might update/revise my analysis on this issue in a few days.

Specifically, I now suspect that a (large) part of the apparent
non-uniformity of the distribution was in fact an artifact of my
analysis approach.  I only analyzed sets of 1 million of pwgen'ed
passwords, so I could not directly check the distribution of full
passwords (1 million is too little, even compared to the small keyspace
of these passwords), whereas JtR only uses trigraph frequencies.

I am now generating 1 billion of pwgen'ed passwords, which should take a
couple of days to complete.  (I could speed this up with some changes to
pwgen or by using multiple machines, but I see no need for that.  2 days
is fine with me.)  Based on the 30 million generated so far, it appears
that maybe the primary problem is in fact small keyspace (on the order
of 28 bits, it seems) rather than non-uniform distribution - but this is
also a preliminary conclusion.  Let's wait for the 1 billion, which
should be enough for a more reliable conclusion if the keyspace is in
fact this small.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.