Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


versioncomment
11/08/2021Added this table
2019/01/15Created

Introduction

Part of the Synapse HIPAA/PHI compliance evaluation (PLFM-5197) has been focused on the existing password policy used by Synapse (PLFM-5210).  This evaluation has highlighted the need to reevaluate our existing Synapse Password Policy.  The following is the result of that evaluation.

...

Note: The above recommendations closely mirror the recommendations from Microsoft [8717946896].

What is the current Synapse Password Policy?

...

The guessing resistance of user-chosen passwords is often estimated by modeling passwords as random choices from a uniform distribution. ...

The logarithm of the size of this uniform distribution in this model is often called entropy, in reference to Claude Shannon’s famous measure H1 of the minimum average number of bits needed to encode symbols drawn from a distribution. - [6717946896]

  The size of a uniform distribution (D) is simply the complexity (c) raised to the power of length (l):

...

There are two problems with this model.  The first problem is users do not choose random passwords.  Users are far more likely to choose passwords based on predictable patterns [1717946896,2717946896,3717946896,6717946896].  The second problem is attackers know these patterns and will model their attacks accordingly [4717946896,5717946896].  There is also evidence attackers develop specially tailored attacks to counter new tricks learned by users such as xkcd's CorrectHorseBatteryStaple suggestion[4717946896].


The password "correcthorsebatterystaple" perfectly illustrates disconnect between how we model password strength and real users passwords.  According to the entropy model "correcthoresbatterystaple" belongs to the domain with 117 bits of entropy (log2(26^25)).  That level of entropy assumes each letter of each word contributes to the overall size of the distribution.  This assumption works for a simple brute force attack.  However, if the attacker knows this trick they can try word combinations instead of letter combinations.  If the attacker uses the top 100 most common words in every possible combination with string of up to four words, then the actual size of the domain is actually 26 bits of entropy (log2(100^4)) instead of 117.  Since it is difficult to memorize four random words in a string, but easy to memorize a real phrase, users learning to choose  phrase for a password [11717946896].  Simple attacks can try the most common phrases, so the password "fromtimetotime" can be guessed in under 8 tries even though it has 66 bits of entropy.  More sophisticated attacks employ phrases from many sources including the Bible and Youtube [11].


If users are required to use special characters, they will often use simple leet substitutions such as changing "password" to "p@$$word".  If users are required to add digits they are likely to add them to the end so "password" becomes "password123" [4717946896].  If they are required to use capital letters they will put the capitals at the beginning of each word, so "fromtimetotime" becomes "FromTimeToTime".  Each of these patterns are easily exploitable by attackers so password entropy is not actually increased with the increased complexity requirement [4717946896].


The basic idea behind password strength meters, is they help users choose better passwords.  One study found that password meters can encourage users to pick passwords with increased entropy 9.  If passwords are randomly generated then increasing password entropy would certainly slow down hackers.  But since users choose passwords using predictable patterns, the increase in entropy does not translate to stronger passwords.  Password strength meters continue to classify short randomly generated passwords as weak and long user-chosen passwords as strong which is backwards.

...

As one group of researches points even weak passwords are secure when there is a limit on the number of failed attempts [10717946896].  This is why bank card PIN numbers are secure even though they only have 13 bits of entropy.  With an enforced exponential backoff for failed attempts an attacker will have less than a few dozen attempts per year.  With so few attempts only the most common passwords would be hacked.  A system that blocks users from selecting the most common passwords combined with exponential backoff would be secure even when users choose "weak" passwords.

...