|
|
16 July 2014 | independent.co.uk
Internet users who are sick of endlessly memorising passwords would be much better off reusing the same one over and over, according to surprising research published by Microsoft.
Complex, unique passwords should only be used to access highly sensitive data such as a person's bank account, says the academic paper published by Microsoft Research, the R&D arm of the software firm. Simpler passwords should then be recycled for low-risk websites, the researchers argue.
... ... ...
The savvy web user should make a list of the websites they regularly visit and divide them into sensitive and non-sensitive piles, the paper says, devoting as much brainpower as possible to creating complex passwords for the former and as little as possible to the latter.
... "Despite violating long-standing password guidance, writing passwords down is, if properly done, increasingly accepted as a coping mechanism," they write.
"Other strategies to cope with the human impossibility of using strong passwords everywhere without re-use include single sign-on, use of email-based password reset mechanisms, and password managers."
The research was conducted by Dinei Florêncio and Cormac Herley from Microsoft Research and Paul C. van Oorschot from Carleton University in Canada.
Experimental Break-Ins Reveal Vulnerability In Internet, UNIX Computer Security (January 14, 1999) - Duke University computer science researchers found that using an experimental computer, they could "crack"within an average 3.75 hours the encryption that protects such privately held information as credit card account numbers on the Internet. > full story
Theapg
, or automatic password generator, intrigued me, since it supports thepwdgen
protocol, defined by RFC 972. Yes, I know I need to get out more often, but I find it interesting that this protocol has been available since 1986, yet most people have never heard of it or had the opportunity to use it in a network.Let's install this application and see how useful it is:
% cd /usr/ports/security/apg % make install clean
The port will actually install three utilities: the
apg
client, theapgd
server, and the Bloom filter manager,apgbfm
. Each utility has an associated manpage, all chock-full of examples and useful URLs for additional reading.One of those URLs leads to NIST, the National Institute of Standards and Technology. NIST is known for its security best practices or FIPS (Federal Information Processing Standards). The other URL that is worth checking out explains that Bloom filter.
OPIE is a freely redistributable kit that will drop into most *IX systems and replace your login and FTP daemon with versions that use OTP for user authentication. It also includes an OTP generator and a library to make it easy to add OTP authentication to existing clients and servers.
- JOTP Calculator - A java applet OTP (S/Key) calculator. The applet downloads onto the client machine and calculates locally.
- The S/KEY One-Time Password System - Scholarly paper by Neil Haller on the original S/Key system. Links to many citations from the original paper.
- SkeyCalc - OTP (S/Key) calculator for MacOS X, MacOS X Server and NEXTSTEP. RFC-2289 compliant. Site includes software downloads, documentation and an introduction to the technology.
- PalmKey - OTP (S/Key) calculator for palm pilots. Site includes information about both source and binary distributions.
- OTPC 9000 - An OTP (S/Key) calculator for Nokia 9000 cellular phones. Includes S/Key information and resources.
- David Baldwin - Author of an Apple Newton OTP (S/Key) calculator. Site includes information about the author, and a link to his FTP site.
- DynaPass - Provides primary or secondary authentication by regularly distributing passwords (or parts of passwords) through wireless phones. Time locked access.
- IETF One Time Password Authentication Charter - Current specifications for the official internet standard (a continuation of the BellCore S/Key standard). Composition and membership information included.
- PyOTP - A simple Python library, currently under development, to generate OTP (S/Key) responses. RFC-2289 compliant. Includes links to development and release information.
- S/Key Introduction - A technical description of the S/Key algorithm.
- RFC2289 - A One-Time Password System - The current internet standard, as descended from the original S/Key specification.
- pilOTP - OTP (S/Key) client for the Palm platform. Includes screen captures, and general information as well as software downloads.
The current version of OPIE is 2.4. I also distribute a number of contributed programs and have made a few patches to make existing programs use OTP through the OPIE library.
I'm not wearing my OPIE hat much anymore. A new release is planned, but is progressing very slowly due to lack of time to spend on it right now. I also plan to cut bug-fix releases periodically. Contributed code that changes OPIE for the better is always welcome.
Copyright 1997-2001, Craig Metz. All Rights Reserved. And Stuff.
# Copyright 2000 George Shaffer ([email protected]) # Anyone may use or modify this code for any purpose PROVIDED # that as long as it is recognizably derived from this code, # that the copyright notice, this comment and the immediately # following comments on passwords remain intact and unchanged. # No warrantees of any kind are expressed or implied. # Please feel free to change anything from this point forward. # I experimented at considerable length to find seed logic that # was very random on Windows NT which generates a very small # universe of process ID numbers ($$) compared to Unix. srand(time() ^ ($$ + $$ << 21)); # USER CHANGEABLE CONSTANTS FOLLOW # Change $howMany to change the number of generated passwords. $howMany = 10; # Increase the default 7 to change the generated password size # and extra letters will be added to the end. Decrease and # you'll lose some or all of the second string of letters. # Depending on the value of $addConsonants the actual # password length may range from $siz to $siz + 2. # Size interacts with other choices. If $addConsonants is false # size will be fixed length and is achieved by truncation after # checking for upper case and digits so short sizes (3 - 5) may # not have the variability you desire. $siz = 7; # A $siz less than 3 creates an endless loop. $siz = 3 if ($siz < 3); # Change $addConsonats to 0 to prevent some extra consonants # from being tacked on to letter sequences. Leave $addConsonants # at 1 to sometimes add an extra consonant to letter sequences. # If left at 1 the password size will vary from $siz to $siz+2. $addConsonants = 1; # Change $firstUpper to 0 to prevent the first character of each # letter sequence from being upper case. Leave it as 1 if you # want some of the first characters to be upper case. $firstUpper = 1; # Change $mixedCase to 1 to mix the case of all letters. # $mixedCase is not random as subsequent checks force at # least one upper and one lower case letter in each password. # Leave it at 0 so all letters will be lower case or only # the first or each letter sequence may be upper case. $mixedCase = 0; # By changing $symbolOdds from 0 to 10 you change the likelihood # of having two numbers or a number and a symbol. At 0 you will # always get 2 digits. At 1 you will usually only get one digit # but will sometimes get a second digit or a symbol. At 10 you # will always get two numbers or a number and a symbol with the # about even chances that one of the two characters will be a # symbol. The odds are affected by what characters are added to # or removed from the $sym initialization string. # The default is 7. $symbolOdds = 7; # Change $across to a 1 to print passwords across the screen. # Leave $across as a 0 to print a single column down the screen. $across = 0; # Add or remove symbols to make passwords easier or harder # to type. Delete the second set of digits to increase # the relative frequency of symbols and punctuation. # Add some vowels or consonants to really change the patterns # but these will also get much harder to remember. # If you change the symbol list you need to change the matching # regular expression near the bottom of the program. $sym = "~`!@#$%^&*()-_+=,.<>"; $numb = "12345678901234567890" . $sym; $lnumb = length($numb); # USER CHANGEABLE CONSTANTS END - Changing the constants as # specified above has been fairly well tested. Any changes # below here and you are changing the logic of the program. # You should be familiar with programming if you make changes # after this point. # Unless you plan to change the logic in the loop below, # leave this next alone and control case with $firstUpper and # $mixedCase above. $mixedCase supercedes if both are true. $upr = "BCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz"; $cons = "bcdfghjklmnpqrstvwxyz"; if ($mixedCase) { $vowel = "AEIOUaeiou"; $cons = $upr; } else { $vowel = "aeiou"; } $upr = $cons unless ($firstUpper); $lvowel = length($vowel); $lcons = length($cons); $lupr = length($upr); $realSize = $siz; $realSize += 2 if ($addConsonants); ($across) ? ($down = " ") : ($down = "\n"); $linelen = 0; for ($j=0; $j<=$howMany; $j++) { $pass = ""; $k = 0; for ($i=0; $i<=$siz; $i++) { # The basic password structure is cvc99cvc. Depending on # how $cons and $upr have been initialized above case will # be all lower, first upper or random. if ($i==0 or $i==2 or $i==5 or $i==7) { if ($i==0 or $i==5) { $pass .= substr($upr,int(rand($lupr)),1); } else { $pass .= substr($cons,int(rand($lcons)),1); } # The next will conditionally add up to 2 consonants # pseudo randomly after the four "standard" consonants. if ($addConsonants and (int(rand(4)) == 3) and $k < 2) { $pass .= substr($cons,int(rand($lcons)),1); $k++; } } # Pad the password with letters if $siz is over 7. if ($i > 7) { if (int(rand(26)) <= 5) { $pass .= substr($vowel,int(rand($lvowel)),1); } else { $pass .= substr($cons,int(rand($lcons)),1); } } # Put the vowels in cvc99cvc. Case depends on how $vowel # was initialized above. $pass .= substr($vowel,int(rand($lvowel)),1) if ($i==1 or $i==6); # Change $symbolOdds initialization above to affect the # number of numbers and symbols and their ratio. if ($i==3 or $i==4) { # If $symbolOdds is non zero take any character # from the $numb string which has digits, symbols # and punctuation. if ($symbolOdds) { $pass .= substr($numb,int(rand($lnumb)),1) if (int(rand(10)) <= $symbolOdds); } else { # If $symbolOdds is zero keep trying until a # a digit is found. $n = ""; until ($n =~ /[0-9]/) { $n = substr($numb,int(rand($lnumb)),1); } $pass .= $n; } } } # Plan to use this password unless . . . $skipThisOne = 0; # Don't include two consecutive symbols or puntuation. $skipThisOne = 1 if ($pass =~ /[~`!@#$%^&*()\-_+=,.<>]{2}/); # Include at least one digit. $skipThisOne = 1 unless ($pass =~ /[0-9]/); # Include at least one lower case letter. $skipThisOne = 1 unless ($pass =~ /[a-z]/); # Conditionally insure at least one upper case character. $skipThisOne = 1 if (!($pass =~ /[A-Z]/) and ($firstUpper or $mixedCase)); # If any test fails get another password. if ($skipThisOne) { $j--; next; } # Check the password length. $pass = substr($pass,0,$realSize) if (length($pass) > $realSize); # Print the passwords in a single column or across # the screen based on $down which is set based on the # the value of $across. if ($down ne "\n") { # Don't wrap passwords or trailing whitespace. if ($linelen + length($pass) + length($down) > 79) { print "\n"; $linelen = 0; } $linelen += length($pass) + length($down); } print "$pass$down"; } # Be sure to end the last line with an end of line. print "\n" if $down ne "\n";
OTP was developed at Bellcore (now Telcordia). Originally, it was a freely available software program known as S/Key. If you're interested, you can read the original paper on S/Key.Bellcore went on to trademark the term S/Key in order to develop a commercial product. Software development continued elsewhere under the name One-time Passwords In Everything (OPIE). OTP eventually evolved into hardware products as well. For an overview of the development of both software and hardware OTP, see this overview (PDF).
One-time passwords serve the purpose of authentication by providing unique identification for a user, while eliminating the threat of password replays. The pseudo-random nature of such mechanisms protects against loss of the device (if a physical one-time password generator utilizing a Personal Identification Number (PIN) is used) and/or eavesdropping (if the password is good for only that session and each re-authentication requires use of the device)--both good things, but not required to meet the requirement. However, the authenticators produced by the one-time password generator should not be guessable.The vendor must be able to assure the configuration management of the one-time password mechanism as with the rest of the product (e.g., with a business arrangement with the one-time password device vendor) according to RAMP and or configuration management requirements.
At C1-B1, black box testing is sufficient, since the interface is usually simple. At B2+, the internals must be documented. If the TCB maintains a copy of the one-time password on permanent storage, interpretation #0120 may apply (depending on the specific characteristics of the one-time password).
Password generators, challenge-response devices, and software-managed lists of single-use passwords are all examples of single-use authentication mechanisms.
For B2 and above, if physical possession of the one-time password device is required, the SFUG should contain guidance to users as to how to assure that the device being used for authentication is the device issued.
OTPW - a one-time password login package Unlike S/KEY [Hal94, HM96], OTPW is not based on the Lamport scheme [Lam77] in which every one-time password is the one-way hash value of its successor. Password lists based on the Lamport scheme have the problem that if the attacker can see one of the last passwords on the list, then all previous passwords can be calculated from it. We also do not store the encrypted passwords as suggested by Rubin [Rub96], in order to keep the host free of files with secrets. Both proposals aimed to save memory in the host system. Instead, we store the one-way hash value of every single password in a potentially widely readable file in the user's home directory. For instance, hash values of 300 passwords (a typical A4 page) require only a four kilobyte long .otpw file, a typically negligible amount of storage space.
The passwords are carefully generated random numbers. The random number generator is based on the RIPEMD-160 secure hash function [DBP96, ISO03]. The random number generator is seeded by hashing together the output of various shell commands. These provide unpredictability in the form of a system random number seed, access times of important system files, usage history of the host, and more. The random state is the 160-bit output of the hash function. The random state is iterated after each use by concatenating the old state with the current high-resolution timer output and hashing the result again. The first 72 bits of the hash output are encoded with a modified base64 [FB96] scheme to produce readable passwords, while the remaining 88 bits represent the undisclosed internal state of the random number generator.