MS Employee Calls for No More Passwords

BobPaul writes "On his blog, Robert Hensing of the Microsoft PSS Security Team makes a really convincing argument for the abolishment of complicated passwords. He argues that precomputed hash tables, network sniffing, and programs like LoftCrack make passwords obsolete and dangerous in the windows environment. What does he recommend in their place? Passphrases: sentences and quotes that are easy to remember but may be more than 30 or 40 characters in length. With many companies requiring frequent password changes, (and we know exactly where that leads) this is a simple idea I'm surprised more people haven't been doing this more often."

Offer Void on pre-2000 MS operating systems.

[LostCluster]

One thing I just read in my MCSE study book... Windows 2000 and up support 127-character passwords, but Windows NT, Windows 9x and Windows ME only support 14-characters in a password. A user who has a Windows password greater than 14 characters simply cannot using the older operating systems even if they otherwise should be able to.

Therefore, if you have any legacy systems to support, these password tips don't apply to you, and that's got to be part of the reason there hasn't been much of a movement to suggest that users use longer passwords.

People are lazy

[hedronist]

One of the main obstacles to better security is that people are fundamentally lazy. Typing 30 or 40 characters is difficult to do, and it takes time, so people won't do it. Or if forced to do it, they will whine about it -- a lot.

I have convinced a majority of my friends & family to at least stop using dictionary words and names of pets. Instead, I have them pick some favorite line from a movie or book and then use the first letter of each word. It's easy to remember, so they don't stick it on the bottom of their keyboard. It also is not a word in the dictionary so at least Crack & friends can't be used to guess it.

For example, if one of my friends is a Dead Head, he might use "stlasom.oticbs" If you're a Dead Head you'll probably be able to guess the lyric. But you *won't* be able to find it in a dictionary.

Re:Offer Void on pre-2000 MS operating systems.

[Anonymous Coward]

NTLM level 1 was the reason for this. NTLM2 has been retrofitted into all of those unsupported out of date OSes. If you're running 9x or NT kernel ... you have bigger problems.

Irresponsible journalism

[flopsy mopsalon]

The headline to this story is an example of the kind of journalistic sensationalsism that is leading this country down the road to ruin and chaos. It gives the exciting implication that a Microsoft employee is proposing the abolition of the commonly-used password verification system and perhaps its replacement with some new and cutting edge technological method such as biometrics or one-way phrenosenticism.

Instead, the Microsoft employee is merely suggesting the use of longer passwords. I am shocked and appalled that a respectable forum such as Slashdot is stooping to "sexing up" its material in this manner.

For generation of strong and easy to remember ...

[Homology]

passphrases, just visit The Diceware Passphrase Home Page [diceware.com] :

This page offers a better way to create a strong, yet easy to remember passphrase for use with encryption and security programs. Weak passwords and passphrases are one of the most common flaws in computer security. Take a few minutes and learn how to do it right. The information presented here can be used by anyone. No background in cryptography or mathematics is required. Just follow the simple steps below.

It's not LoftCrack

[TheCabal]

it's l0phtcrack

Re:Biometrics

[lachlan76]

Read this. [dansdata.com] There is no problem faking them.

Not to mention that fingerprints are left EVERYWHERE.

Re:Biometrics

[iocat]

When you do a pass-phrase, each of the 10 "digits" you remember are words. Assuming you don't have dyslexia or other language-center-damaging brain issues, you don't have to remember the correct position of every letter of each word as though it was some random digit, because your brain encodes "Now is the time for all good men to come to their country's aid" much differently than "suh ob wjf nait fdn ap; qomf ..." -- you get the picture.

It's a lot easier to remember a series of words than a series of digits that have no obvious relationship to each other.

Passphrases are MUCH easier

[aardwolf204]

The company I work for has a password policy like this:

1. Must contain at least 8 characters
2. Must contain at least 2 lowercase letters
3. Must contain at least 2 capital letters
4. Must contain at least 2 numbers

Since a lot of people cant grok this we start to see passwords like 34erdfCV. If you are using a QWERTY keyboard take a look at that password and tell me whats wrong with it.

Since I saw this article in a MS Security newsletter I've started using passphrases. Here is an example of my Windows Server 2003 administrator login (local only, not going to help you). "Rent is due on the 5th". Now I see many comments already talking about how that is so much harder to type than "34erdfCV" but I beg to differ. For me at least it is much easier to type a coherent sentense than a bunch of random letters and numbers.

This password is not only easy to type, but it is very secure. I'm sure some mathematician is going to come down on my with a bunch of stats about how I'm wrong and what not but just the fact that the LM hash is not stored when you use a password larger than 14 characters helps significantly. Sure you can tell windows not to store a LM hash by editing the registry but do you really expect all employees of a mid size company to follow directions that start out like "Click Start, then Run. Type 'regedit' and click OK"?

Now of course this isn't going to defend you against the ol' linux bootdisk trick, or that awesome "NT Password Recovery" bootdisk, which is basically linux which allows you to overwrite the password, but thats what NTFS and encryption is for. And if you've got physical access all bets are off anyway. At least you know they wont be able to run a rainbow table lookup on your LM hash and figure it out in a few seconds.

Also, passphrases are easier to remember, harder to guess, harder to figure out by watching someone type them, and if your really that dense you can just pick up a book off your shelf, turn to a page, type in the first sentense and remember the book and page number.

And there is an added bonus to having a passphrase over 14 characters that you are all completely missing here. When the hot chick in accounting sees you keying in some enormously long password she will think your smart and savy and will want to have hot sex with you right there in the server room.

Well, maybe not the hot chick and sex part.

Now, what would be a good long slashdot post without a question for you to ponder. If you havent figured yet I'm the sysadmin at this company and am trying my hardest to find a way to "sell" this passphrase idea. It seems that the easiest thing to do in IT is configure complex servers and firewalls and support ID10T's. The hard part is "selling" common sense stuff like SSL and passphrases.

"You mean we're going to have to add an 's' to the end of 'http', do you really expect 100 people to change their bookmarks! They've been using those bookmarks all year!"

Insight from other admins very welcome.

Re:Biometrics

[bentcd]

Biometrics can certainly be spoofed. How easy this is depends entirely upon the equipment being used for recording and verifying it.

Here's a link to a Norwegian article about one successful breach:
http://www.tu.no/nyheter/ikt/article30692.ece [www.tu.no]
The article links to this Swedish one on the same story:
http://www.nyteknik.se/pub/ipsart.asp?art_id=37392 [nyteknik.se]
and this concerning some Japanese experiments:
http://www.rootsecure.net/content/downloads/pdf_do wnloads/fingerprint_scanners.pdf [rootsecure.net]

(mind the /.-inserted spaces in those links if you're copying them)

Re:Biometrics

[dexterpexter]

Yes. Actually, I did a fair amount of research in biometrics and found that for most systems, you don't even need to make fake fingers or gloves. In fact, many biometric systems will work with simply a black and white photocopy of the person's fingerprint with a heated hand (your own) behind it while its held up to the scanner. It depends on whether is static-based or image-based. Same goes for retina scanners. Some systems can be fooled with a high-quality picture of an eye.

Even worse, some fingerprint-based biometric sensors that were being toted as secure were able to be broken by simply blowing warm breath on the reader, much like when you go up to a cold, glassy window and fog it with your breath. The biometric sensors, for one reason or another, read the previous fingerprint.

Again, it all depends on which system is in question, but my research found that most biometric systems were able to be broken, sans bloody, cut-off fingers or jelly replicas. Of course, they are toted as super-secure.

That is why the fundamental rule for using biometrics for authentication is as follows:
Biometrics aren't meant to replace passwords/passphrases. They are meant to be used as an added layer of security in addition to the password.

(As a side note, if you wanted to do more than just get the copy of fingerprints, invite someone out for beer and french fries at the local bar and bring some scotch tape with you. When they are done and leave, take their greasy, finger-print covered glass and apply the scotch tape to it. You will lift the oily fingerprint. Depending on how the system works, you can now use watery ink to get a negative of the fingerprint. Print this onto the old boards they used to hand-make printed circuit boards, etch the board with chemicals, and come out with a fairly 3-D version of the fingerprint. Now, make your standard flat, thin jelly mold and, when set, wrap it on your finger. Viola!)

Re:Offer Void on pre-2000 MS operating systems.

[penguinboy]

Works just fine on password-size challenged systems.

One of the article's points (and a topic of discussion in the security field for some time now) is the practice of pre-computing the hash of every possible password up to a certain length - a.k.a. "rainbow tables". Against this kind of attack, every password of a given length is equally secure.

Long passphrases, however, (15-20 characters or more) should be safe at least until the advent of quantum computing.

Re:Biometrics

[miskatonic alumnus]

Second, it's difficult to remember passphrases! Phone numbers (In the US, at least) are limited to 10 digits because research shows the average person can only memorize 10 digits, as a result...we tend to write things down

Nonsense. I recall the phrase "Whan that April with his showres soote" from 20 years ago when I read it for the first and last time. 3 years before that I memorized pi to 21 decimal places --- I still know them. How about "Now is the winter of our discontent"? or "The lord is my shepherd. I shall not be in want"? or thousands of others?

Memorizing a phrase -- particularly a phrase that means something to you, is not as difficult as memorizing the first 3 entries in the phone book.

Re:Offer Void on pre-2000 MS operating systems.

[jacksonj04]

I've just tested this on my 2003 Active Directory with an account with a 127 character password. Changing the last character caused the password to be rejected, so unless it uses 126 characters and dumps the last one then it seems to be a true 127 character password.

Took a bloody age to authenticate though.

absolutely!

[dexterpexter]

Yep. I first learned about it in my forensics coursework.

For more information on this, this [google.com] Google search produced some good sites explaining tihs.

Also, in just conducting that search, I learned that 2000 and XP is apparently immune from this particular problem, according to this site [securityfocus.com].

"With LM, password hashes were split into two separate 7-character hashes. This actually made passwords more vulnerable because a brute-force attack could be performed on each half of the password at the same time. So passwords that were 9 characters long were broken into one 7-character hash and one 2-character hash. Obviously, cracking a 2-character hash did not take long, and the 7-character portion could usually be cracked within hours. Often, the smaller portion could actually be used to assist in the cracking of the longer portion. Because of this, many security professionals determined that optimal password lengths were 7 or 14 characters, corresponding to the two 7-character hashes.
...
But things are different with newer versions of Windows. Windows 2000 and XP passwords can now be up to 127 characters in length and so 14 characters is no longer a limit. Furthermore, one little known fact discovered by Urity of SecurityFriday.com is that if a password is fifteen characters or longer, Windows does not even store the LanMan hash correctly. This actually protects you from brute-force attacks against the weak algorithm used in those hashes. If your password is 15 characters or longer, Windows stores the constant AAD3B435B51404EEAAD3B435B51404EE as your LM hash, which is equivalent to a null password. And since your password is obviously not null, attempts to crack that hash will fail.

With this in mind, going longer than 14 characters may be good advice. But if you want to enforce very long passwords using group policy or security templates, don't bother - neither will allow you to set a minimum password length greater than 14 characters."

Re:two obvious problems with this idea

[Beryllium Sphere(tm)]

>dictionary attacks are still very possible

Correct and insightful.

What I use for high-security applications and recommend to clients is a genuinely random passphrase. You generate it one word at a time without regard to grammar by using 5 dice and the list of 6**5 short words at the Diceware [diceware.com] page. Then you make up some kind of story to go with a phrase like "cleft cam synod yr" (hey, challenges are good for you) so you can remember it.

Bruce Schneier wrote that passwords are dead because normal people can't memorize enough randomness to defeat a brute force attack. I took that as a challenge and memorized a 10-word Diceware passphrase, which has about 129 bits of entropy. Of course that doesn't prove Schneier wrong, just that I'm abnormal :-)

Broken implementation, not broken technology

[dmiller]

Microsoft calls for password replacement because of "precomputed hash tables"? This very amusing, because it is pretty much only Microsoft who is vulnerable to these attacks. Why? they store only the hash of the password. Because there is a (nearly) one-to-one correspondance between password and hash, attackers can build up tables of precomputed hashes and use these to directly look up the passwords.

Everybody else mixes random salt bytes into passwords prior to hashing. Unix was doing this over 20 years ago. Modern systems use long (16+ character) salts that make precomputed hash tables infeasible for many years to come.

Some platforms use a better system [openbsd.org] still, that makes it more difficult for password guessers now and well into the future.

The only intrinsic problem with passwords is that people choose dumb ones, but again this can easily be fixed with a little technology [openwall.com]

It's getting crazy out there...

[Whatchamacallit]

Changing passwords frequently and forcing users to choose new passwords as well having way too many passwords. I'm up to about 30 for the corporate network. Some I only use once in a while and they are generally expired when I do.

Come up with a tool to help users choose a quality password and have them change it less frequently. OS X has a password strength indicator which is accessible from the change keychain password dialog box. Click the little i button next to the ? button. It will measure the quality of your password.

We are working on SSO - Single Sign On because the users swamped the outsourced help desk with thousands of extra calls every month due to passwords getting locked out. Most users have an average of 12-20 passwords with admins having many more.

SSO should reduce the number of passwords to 4-5. We will also be implementing something like an RSA hardware key at the same time, this gives you two distinct checks.

Personally, I like the idea of a USB based device that works like a smartcard. Plug it in and type a high quality pass-phrase and then you can access everything and never type another password. Time it out with the screensaver. Auto-lock everything if you unplug the USB device.

If the USB key is lost, replace it and invalidate the keys that were on it. Of course, this sucks if the device is lost and you are traveling.

IBM's running an ad with a biometric scanner built into their ThinkPad's. Now that's an idea, the user can't lose their USB key or RSA token that way, just the whole laptop!

The Guy The Microsoft Plagerist Copied is Right

[FreeUser]

Well, he isn't actually a plagerist, but now that I've got your attention, I should point out the Phil Zimmerman has been advocating passphrases since the first version of PGP came out in the early nineties IIRC, and even he is probably not the first. I've certainly been using them for about that long wherever possible.

That won't stop Microsoft from taking credit for this "new, revolutionary idea in computer security," or the Microsoft apologists accusing everyone else from "copying Microsoft instead of innovating" when it becomes more common practice among everyone, some percentage of which will include Linux and OS X users. Nevermind the PAM modules supporting this have been around forever, or that pretty much anyone with half a brain using GnuPG or PGP has been doing this forever either.

Encrypted Key Exchange protocols

[XNormal]

Public key cryptography does not necessarily mean using hardware tokens. Key exchange protocols use public key algorithms without hardware tokens or public key infrastructure by seeding the key exchange algorithm with a password. If the client and the server's passwords match they have a strong shared secret for the session. If they don't - no information has leaked.

These methods are immune to sniffing and offline dictionary attacks and don't require long passphrases to be secure. You just need a password that can't be guessed in the number of attempts allowed by the server.

Examples of such protocols include Bellovin and Merritt's EKE and David Jablon's SPEKE. The Stanford SRP algorithm is related. These methods have been around since 1992. Unfortunately, all of them are patented and none of them is in widespread use. The patent status of SRP is unclear as it may infringe the EKE patent.

Re: It's no joke!

[rush22]

Gummi bears defeat fingerprint sensors [theregister.co.uk]

Keepass

[KhalidBoussouara]

I currently use Keepass [sourceforge.net] for remebering all my passwords. All I need to remember is 1 master password. Currently it is 16 charachters and includes more than just letters and numbers. I use it mainly for message board passwords, IM, email, websites, etc. Plus it's open source so you should be ok unless you have a keylogger installed.

Re:No one will ever break my password!

[Subrafta]

Dude, change your password:

One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them.

Hoch SeHmeH wa' Qeb 'ej bIH maghmeH wa' Qeb,
Hoch qemmeH 'ej ramDaq bIH baghmeH wa' Qeb

H0(h $3Hm3H w4' Q3b '3j b1H m49hm3H w4' Q3b,
H0(h q3mm3H '3j r4mÐ4q b1H b49hm3H w4' Q3b

Re:Biometrics

[dexterpexter]

I apologize. I grabbed onto the parent poster's word retina and went with it. There is such a thing as a retina scanner, but it's actually Retina (with a capital R) scanner made by eEye. That is what one gets for trying to post something too quickly without putting much thought into it first...you mix words without even noticing. And, on the great Slashdot, once you hit "submit" you can't change it, and reposting it correctly will get marked redundant (and rightfully so...for nonrepudiation.)

You are correct that it is iris scanning.

Now, there isn't much I can say about your attitude about my simple mistake except that I have written papers regarding biometric systems (and I promise they had much more thought and care put into them than my quick Slashdot post) and I apologize because that really did make me look like an ass. (Cue the AC trolls making stupid ass comments)
But I do think you were a bit harsh over a simple mistake. We can discuss this like professionals without having to be snitty. (Although admittedly...that was a pretty silly thing I wrote.)

Also, one correction (or, I guess, addition?): not all eye-based "biometrics" systems (at least, that are sold as such) look at the actual physical metrics of the eye. I can promise you that a good part of them actually only take a single image (camera/image-based) and compares them with a stored image, much like the old facial systems did. With a high-resolution scan of the eye, these have been easily fooled. (They are also terrible as far as false negatives.)

I find that the biggest problem with biometrics (and I am not against using them as a complementary authentication system) is getting the vendors to be honest about how their particular system works. Frankly, though, in businesses you market everything as though it has gold legs on it, so I can't really blame them.) When their sales hype of "Ooooo, Biometric!" works, people don't give much ado to the fact that an image on a piece of paper or a fogged glass can work. These aren't Star Trek solutions, these are proven-in-the-lab red team analysis of these systems. Now, while mom and pop shops probably don't have to worry about someone following them to the bar to lift fingerprints, yes, there are "high-security" situations where espionage is a concern.

I bid you good day.

Password Safe

[Anonymous Coward]

Just install Password Safe http://passwordsafe.sourceforge.net/ [sourceforge.net] and generate a new, random 20 character password (Hash That!) for each login. If you don't like Windows-only software, there's Password Gorilla http://www.fpx.de/fp/Software/Gorilla/ [www.fpx.de] (runs everywhere), My Password Safe http://www.semanticgap.com/myps/ [semanticgap.com] (Linux/Qt) or pwsafe http://nsd.dyndns.org/pwsafe/ [dyndns.org] (command line).

Don't forget to use a good, long passphrase as the database's Master Password.