Quick viewing(Text Mode)

Low-Budget Password Strength Estimation Dan Lowe Wheeler Dropbox

Low-Budget Password Strength Estimation Dan Lowe Wheeler Dropbox

Low-Budget Strength Estimation Dan Lowe Wheeler Dropbox

Twitter: Password Feedback Twitter: Password Feedback Verizon Wireless: Password Requirements Password Guessing: 35+ years of development

Ferocious algorithms Recurrent Neural Networks PCFGs Markov Models Mangled Dictionary Attacks

Massive datasets 100M+ leaked Google n-gram corpus : Frozen in 1979 Inconsistent Requirements

Bonneau and Preibusch, 2010: 150 sites, 142 distinct policies �

Wang and Wang, 2015: 50 sites, 50 distinct policies � Inconsistent Feedback

Input: correcthorsebatterystaple Inconsistent Feedback

Input: correcthorsebatterystaple Inconsistent Feedback

Input: correcthorsebatterystaple

See also: A large-scale evaluation of high-impact password strength meters, TISSEC ‘15 Proposal: adopt zxcvbn

# small client-side estimator, # runs in 3 milliseconds, # accurate within an online attack range > npm install zxcvbn var meets_policy = function(password) { return zxcvbn(password).guesses > 500; }; Proposal: keep UI simple

Feedback @ Dropbox

Requirements @ Uber Outline for today

Motivation

How zxcvbn works

Accuracy experiments Threat Model

Online guessing attack

• Assume any of today’s best guessing algorithms

6 • Upper bound: 10 guesses

What about offline?

• Policy-level enforcement: a questionable usability burden

• Better mitigations that don’t impact usability

See also:

An Administrator’s Guide to Password Research, USENIX LISA ‘14 Core estimator: minimum rank over top lists

Input: wheeler Core estimator: minimum rank over top lists

Input: wheeler

top passwords top surnames call-specific list 1. password 1. li 1. dan 2. 123456 2. khan 2. wheeler 3. 12345678 3. smith 3. dropbox 4. qwerty 4. johnson 4. drop 5. 123456789 5. jones 5. box 6. 111111 6. garcia 6. sync 7. dragon 7. brown 7. share 8. 123123 8. davis 8. collaborate 9. baseball 9. wheeler 9. rainbows 10. abc123 10. rodriguez 10. wow Core estimator: minimum rank over top lists

Input: wheeler

top passwords top surnames call-specific list 1. password 1. li 1. dan 2. 123456 2. khan 2. wheeler 3. 12345678 3. smith 3. dropbox 4. qwerty 4. johnson 4. drop 5. 123456789 5. jones 5. box 6. 111111 6. garcia 6. sync 7. dragon 7. brown 7. share 8. 123123 8. davis 8. collaborate 9. baseball 9. wheeler 9. rainbows 10. abc123 10. rodriguez 10. wow Core estimator: minimum rank over top lists

Input: wheeler

top passwords top surnames call-specific list 1. password 1. li 1. dan 2. 123456 2. khan 2. wheeler 3. 12345678 3. smith 3. dropbox 4. qwerty 4. johnson 4. drop 5. 123456789 5. jones 5. box 6. 111111 6. garcia 6. sync 7. dragon 7. brown 7. share 8. 123123 8. davis 8. collaborate 9. baseball 9. wheeler 9. rainbows 10. abc123 10. rodriguez 10. wow

Output: 2 guesses Word transformations

l33t: @ba1one ⟶ abalone

caps: abALOne ⟶ abalone

reversed: enolaba ⟶ abalone Keyboard patterns

Input: zxcftyuio Keyboard patterns

Input: zxcftyuio Keyboard patterns

Input: zxcftyuio

layout=QWERTY, length=9, turns=3 Keyboard patterns

Input: zxcftyuio

layout=QWERTY, length=9, turns=3

Output: ≈106 guesses Sequence Patterns

Input: бгезйлн Sequence Patterns

Input: бгезйлн Sequence Patterns

Input: бгезйлн

type=alphabet, length=7, codepoint_delta=2 Sequence Patterns

Input: бгезйлн

type=alphabet, length=7, codepoint_delta=2

Output: ≈102 guesses

Match ⟶ Estimate ⟶ Search

Input: lenovo2222 Match ⟶ Estimate ⟶ Search

Input: lenovo2222

lenovo (password)

eno (surname)

no (english)

no (reversed)

2222 (2/2/2022)

2222 (repeat) Match ⟶ Estimate ⟶ Search

Input: lenovo2222

lenovo (password) 11007 guesses

eno (surname) 3284 guesses

no (english) 11 guesses

no (reversed) 18 guesses

2222 (2/2/2022) 2190 guesses

2222 (repeat) 48 guesses Match ⟶ Estimate ⟶ Search

Input: lenovo2222

lenovo (password) 11007 guesses

eno (surname) 3284 guesses

no (english) 11 guesses

no (reversed) 18 guesses

2222 (2/2/2022) 2190 guesses

2222 (repeat) 48 guesses Match ⟶ Estimate ⟶ Search

Input: lenovo2222

lenovo (password) 11007 guesses

eno (surname) 3284 guesses

no (english) 11 guesses

no (reversed) 18 guesses

2222 (2/2/2022) 2190 guesses

2222 (repeat) 48 guesses

Output: ≈106 guesses Outline for today

Motivation

How zxcvbn works

Accuracy experiments Outline for today

Motivation

How zxcvbn works

Accuracy experiments

gold standard: real attacks trained on leaks

estimators studied: zxcvbn, KeePass, NIST entropy Gold standard: PGS

Minimum guess attempts over four attacks:

• Order-5 Markov Model (Ma et al. 2014) • Probabalistic Context-Free Grammar (Komanduri 2015) • Mangled Dictionary (Hashcat) • Mangled Dictionary (John the Ripper) Training data

Gold Standard Estimators: top 100k lists

RockYou ’09 leak RockYou ’09 leak

Yahoo ’12 leak Yahoo ’12 leak

MySpace ’06 leak Xato ’15 password corpus

Google Web Corpus English Wikipedia top 1-grams Top words: US TV + film Web2 dictionary (2006 Wiktionary study) Inflection dictionary Top names: 1990 US Census

≈20.5M unique tokens ≈340k unique tokens Test data

• 15k random sample, RockYou ’09

• Not included in PGS / estimator training data

Estimator size?

Truncate lists at: gzipped size

top 100k: ~1.5 MB

top 10k: ~245 kB

top 1k: ~29 kB

Minimum rank only?

Runtime Performance Conclusion

Just Say No! (to inconsistently arbitrary password strength estimation)

Estimating online attacks: minimum rank goes a long ways

Matching other patterns is helpful and cheap

Accuracy: highly sensitive to training data Give it a try!

MIT License, cross-platform, widely ported: https://github.com/dropbox/zxcvbn

Partial adopter list:

Top View