Hacker News new | comments | show | ask | jobs | submit login
Moore’s Law won’t kill passwords (lightbluetouchpaper.org)
36 points by jessaustin 1830 days ago | hide | past | web | favorite | 24 comments

The problem with passwords is the human element.

People pick predictable passwords. Thanks to compromises of large sets of random passwords, we know far more about how to predict passwords than we ever did in the past. That means that, given a new password database, we can crack more passwords with a shorter search.

But it gets worse. A long time ago, people interacted with very few systems with very few passwords needed. Today people interact with many systems, and most still use very few passwords. (Yes, I know all of the ways to make more passwords feasible. The fact is that people don't do that.) Therefore if you target a low security system, you frequently get access to much more worthwhile accounts on another system entirely.

Because of both problems (particularly the second), passwords alone are not sufficient for anything that actually needs reasonable security.

As far as password cracking is concerned, it has a HUGE bottleneck as discussed here, http://security.stackexchange.com/a/25392

The only threat to safety will be the human element as btilly suggested.

Passwords are lousy. Really lousy. As you point out the problem isn't with the security of them (when properly applied) but because it's all just so klunky and annoying and different websites have different implementations.

I know at least two websites that ask for a username, a password, and they also give a capcha. I have some websites that won't let Chrome save my password.

Really, I want a hardware thing with a long secure passphrase, that has all my other usernames and passwords (12 character alpha numeric with upper and lower case) in it, that confirms my identity to all these different websites. (Can I do this with Yubikey? or anything else?)

Yubikey works well but its only valuable when more number of websites support it.

Similar project without the hardware is mozilla's persona, which is an open standard if im not wrong and it is better than signin using fb or gmail, as it wont be sharing any user data with website.

If Moore's Law won't kill passwords, something else should. My motto for computer security is that if it's only protected by a password, it is not safe.

What the world needs is a future proof de-facto way of two factor (or more) authentication.

I think the article completely misses the point. The password hashes we have now are often considered to take millions of years to be bruteforced, which is a wrong assumption.

We don't really know what the future tech will be like. Most changes are evolutionary, but who knows, maybe tomorrow we'll have a quantum CPU with a trillion times more computational power.

Nobody seriously talks about "millions of years to bruteforce", especially when applied to passwords. People consider the monetary and/or energy costs. There are practical limits to both.

Quantum computers don't work this way.

Solving 1024-bit key in SHA (or sth) will take as much as 512-bit key using a comparable traditional computer. So it's still hard, and will always be.

The problem is different for encryption schemes relying on hardness of integer factorization.

> So it's still hard, and will always be

That's a pretty bold claim, considering we're just beginning to understand quantum phenomena. Plus you have zero clue about what else awaits us in the future.

To go off a tangent: Quantum computers are not real, yet, but we already have a handle on the complexity class of problems they will be able to solve in polynomial time.

(We do not know everything about that class, yet. But we strongly suspect that it is neither a superset nor a subset of NP.)

Brute force on quantum computer will require around 2^(n/2) invocations of algorithm, compared to 2^n on classical computer. Not a huge problem.


I was under the impression that QNP (the class of problems solvable by a quantum non-deterministic Turing machine in P-time) is a (non strict) subset of NP. Things might have changed since I last checked though.

Did you mean superset instead of subset?

Anyway for my statement I was only interested deterministic polynomial time (perhaps with access to randomness) with or without quantum capabilities.

"Why Philosophers Should Care About Computational Complexity" (http://arxiv.org/abs/1108.1791v3) is a good read about this---amongst other things.

I did mean subset, apparently a quantum computer could not solve every NP-complete problem in polynomial time. factorisation seems to be one of the candidates to benefit from quantum computation (thanks to Shor's algorithm), but SAT (for instance) would not, at least based on current state-of-art

Yes, I know.

So I guess if you meant subset, then you didn't mean to write "quantum ___non-deterministic___ Turing machine in P-time"?

If you remove the human element, then we could all use 64-character passwords and it would be effectively impossible to brute force, even with quantum computers.

Of course, we are human.

It's not just a computational expense of one password hashing that has to be considered, the possibility of having the hashes precomputed can't be ignored. In such a light, we definitely have to start using longer passwords or passphrases regardless of the expense of computing one hash. Otherwise the search space is simply too small.

Pre-computed? You mean rainbow tables right? They have gone the way of the dinosaur with salts. Bcrypt has a big fat salt making it mightily impractical to use rainbow tables as the space required is so large.

Sadly, many systems for many years will still use unsalted MD5s. Rainbow tables will still have a place in the cracker's toolkit for some time.

Another problem with rainbow tables is that their size depends on the password length, and with current technology they become impractical almost as soon as brute forcing, and much sooner than smart dictionary attacks (e.g. hybrids where you take a dictionary and for each entry try every possible way to add 3 random characters).

I'm talking about what's on the systems we use, not about what's the theoretical best case for us. I do envy those living in their ivory towers, downvoting for a laugh.

The systems we use now use salts. If they don't they are doing it seriously wrong.

That's why all password hashing algorithms include salt parameter. Problem solved.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact