Which one of these password policies are more secure?How to securely hash passwords?In 2018, what is the...
When can a QA tester start his job?
How much mayhem could I cause as a sentient fish?
What is the wife of a henpecked husband called?
Why publish a research paper when a blog post or a lecture slide can have more citation count than a journal paper?
Why do neural networks need so many training examples to perform?
Quickly creating a sparse array
What are the exceptions to Natural Selection?
Is it a fallacy if someone claims they need an explanation for every word of your argument to the point where they don't understand common terms?
In Linux what happens if 1000 files in a directory are moved to another location while another 300 files were added to the source directory?
What is the most fuel efficient way out of the Solar System?
A starship is travelling at 0.9c and collides with a small rock. Will it leave a clean hole through, or will more happen?
Has any human ever had the choice to leave Earth permanently?
Calculate the number of points of an elliptic curve in medium Weierstrass form over finite field
Should I reinstall Linux when changing the laptop's CPU?
What to look for when criticizing poetry?
How do you funnel food off a cutting board?
Can a hotel cancel a confirmed reservation?
Cat is tipping over bed-side lamps during the night
Use two 8s and two 3s to make the number 24
Is it possible to grant users sftp access without shell access? If yes, how is it implemented?
Gear reduction on large turbofans
Play Zip, Zap, Zop
use of 4/2 chord more compelling than root position?
kill -0 <PID> は何をするのでしょうか?
Which one of these password policies are more secure?
How to securely hash passwords?In 2018, what is the recommended hash to store passwords: bcrypt, scrypt, Argon2?Long Passwords: How are they more secure?Is there more to password hashing?Is this cross-site password model secure?How secure is it to use passwords consisting of one common part and one site specific prefix?How come a controlledly generated password is more secure than a purely randomly generated oneSend password through unsecured connectionDo password policies make passwords weaker?Multiple password fields for one loginIs it a bad idea to use base-64 encoded strings for passwords?Password policies for randomly generating passwords
What is more secure, having one password of length 9 (salted and hashed) or having two different passwords, each of length 8 (salted and hashed using two different salts)?
passwords password-management password-policy
New contributor
add a comment |
What is more secure, having one password of length 9 (salted and hashed) or having two different passwords, each of length 8 (salted and hashed using two different salts)?
passwords password-management password-policy
New contributor
You should not be using salted hashes in 2019. See security.stackexchange.com/questions/211/… and security.stackexchange.com/questions/193351/…
– Polynomial
4 hours ago
1
To clarify for the uninitiated, Polynomial is discouraging simple salting of "fast" hashes (like MD5) that are not suitable for password storage, or rolling your own salted hashes. Even modern "hashes" (actually complex cryptographic operations, not simple hashes - but still colloquially called "hashes" by most people in conversation) are also salted. Salting is good. Salting alone, of an otherwise bad/fast hash, is slightly better than not salting ... but not by much.
– Royce Williams
2 hours ago
add a comment |
What is more secure, having one password of length 9 (salted and hashed) or having two different passwords, each of length 8 (salted and hashed using two different salts)?
passwords password-management password-policy
New contributor
What is more secure, having one password of length 9 (salted and hashed) or having two different passwords, each of length 8 (salted and hashed using two different salts)?
passwords password-management password-policy
passwords password-management password-policy
New contributor
New contributor
New contributor
asked 4 hours ago
CarlosCarlos
111
111
New contributor
New contributor
You should not be using salted hashes in 2019. See security.stackexchange.com/questions/211/… and security.stackexchange.com/questions/193351/…
– Polynomial
4 hours ago
1
To clarify for the uninitiated, Polynomial is discouraging simple salting of "fast" hashes (like MD5) that are not suitable for password storage, or rolling your own salted hashes. Even modern "hashes" (actually complex cryptographic operations, not simple hashes - but still colloquially called "hashes" by most people in conversation) are also salted. Salting is good. Salting alone, of an otherwise bad/fast hash, is slightly better than not salting ... but not by much.
– Royce Williams
2 hours ago
add a comment |
You should not be using salted hashes in 2019. See security.stackexchange.com/questions/211/… and security.stackexchange.com/questions/193351/…
– Polynomial
4 hours ago
1
To clarify for the uninitiated, Polynomial is discouraging simple salting of "fast" hashes (like MD5) that are not suitable for password storage, or rolling your own salted hashes. Even modern "hashes" (actually complex cryptographic operations, not simple hashes - but still colloquially called "hashes" by most people in conversation) are also salted. Salting is good. Salting alone, of an otherwise bad/fast hash, is slightly better than not salting ... but not by much.
– Royce Williams
2 hours ago
You should not be using salted hashes in 2019. See security.stackexchange.com/questions/211/… and security.stackexchange.com/questions/193351/…
– Polynomial
4 hours ago
You should not be using salted hashes in 2019. See security.stackexchange.com/questions/211/… and security.stackexchange.com/questions/193351/…
– Polynomial
4 hours ago
1
1
To clarify for the uninitiated, Polynomial is discouraging simple salting of "fast" hashes (like MD5) that are not suitable for password storage, or rolling your own salted hashes. Even modern "hashes" (actually complex cryptographic operations, not simple hashes - but still colloquially called "hashes" by most people in conversation) are also salted. Salting is good. Salting alone, of an otherwise bad/fast hash, is slightly better than not salting ... but not by much.
– Royce Williams
2 hours ago
To clarify for the uninitiated, Polynomial is discouraging simple salting of "fast" hashes (like MD5) that are not suitable for password storage, or rolling your own salted hashes. Even modern "hashes" (actually complex cryptographic operations, not simple hashes - but still colloquially called "hashes" by most people in conversation) are also salted. Salting is good. Salting alone, of an otherwise bad/fast hash, is slightly better than not salting ... but not by much.
– Royce Williams
2 hours ago
add a comment |
2 Answers
2
active
oldest
votes
Splitting the password is almost certainly worse. It allows an eight character rainbow table to be created. It implies that all passwords in the system will be in 8 character parts. (This is exactly how NT LANMAN passwords were broken.) In your case, it would simply require two rainbow tables.
The nine character password system has no such visible flaw, implying that if you entered a proper 14 character password it would be safely stored as a single hash.
Salting them would automatically exclude the use of rainbow tables. But the method described would indeed reduce the strength of longer passwords, for exactly the reasons you've noted.
– Royce Williams
2 hours ago
Er, unless it was a trivially weak (short) salt. :)
– Royce Williams
2 hours ago
add a comment |
As John Deters has noted, 2x8 is almost certainly worse - but the reasons why take a little explaining.
There were a couple of problems with LANMAN hashes (the classic case of breaking a password in half):
Since passwords tend to be human-generated and somewhat short, if a single password was only a little longer than the first half (say, 8 characters), then cracking the second half would take dramatically less time - and could even give away what the first half was likely to be)
LANMAN was just so darned fast (for the attacker to attempt, in hash operations per second)
LANMAN cut the passwords in two at an unfortunate length (7), that was quite susceptible to full exhaustion (and even moreso on modern GPUs)
However, your question is a little different from the LANMAN case, for a couple of reasons:
- it does not state that the 2x8 passwords are actually a single password broken in half (they could be independently generated, and random)
- it explicitly states that the two passwords are of length 8 (rather than, say, one of length 8 and the other of length 1, the famous LANMAN worst case)
- the question would be uninteresting if the passwords were human-generated, (because in practice they would usually fall to easy attacks long before the attacker would have to resort to brute force)
- unless your salts are trivially small, building rainbow tables would be infeasible, which is the purpose of salting (unlike LANMAN hashes, which were entirely unsalted)
So it's an interesting question - one that's largely answered by looking at the associated math.
For the sake of the thought experiment, let's make some assumptions:
- both the 9x1 and 8x2 approaches are salted and hashed using the same
salt lengths and algorithms - worst case for the attacker (the passwords are randomly generated from the printable ASCII character set (95 chars), with reasonably long salts)
- modern hardware and speeds are fair game
- the hash algorithm may or may not be parallelism-friendly
Given all of the above, I'd roughly expect:
- The 1x9 hash would be 100% exhausted in 95^9 (6.302 × 10^17) hashing operations (which might be parallelized well or poorly).
- The 2x8 hashes would be jointly 100% exhausted in (95^8)x2 (1.326 × 10^16) hashing operations (and no matter the algorithm, could easily be naively parallelized simply by cracking each hash on a different system - but can often be parallelized very efficiently on a single system as well, depending on the algorithm).
In other words:
- that 9th character adds 95 times the work to exhaust, and might be hard to parallelize
- Two 8-character passwords only doubles the amount of work needed, and can be trivially parallelized
Another way to think about it is that adding one more character roughly creates the same work as having to crack 95 8-character passwords! (If this isn't intuitive, start with simple cases comparing smaller cases like 1x1 vs 1x2, until you understand it).
So all other things being equal, 1x9 should almost always be better than 2x8.
And really, this is not only a simple illustration of the power of parallelization, it should also make it obvious why allowing longer password lengths is so crucial. Each additional character in the model above adds 95 times work to the overall keyspace. So adding two characters adds 95^2 - or 9025 times - the work. Brute force quickly becomes infeasible, even for very fast and unsalted hashes.
This would make an excellent homework question. ;)
Agreed with your conclusion. I would of explained this in a very similar manner.
– Overmind
24 mins ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Carlos is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204450%2fwhich-one-of-these-password-policies-are-more-secure%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Splitting the password is almost certainly worse. It allows an eight character rainbow table to be created. It implies that all passwords in the system will be in 8 character parts. (This is exactly how NT LANMAN passwords were broken.) In your case, it would simply require two rainbow tables.
The nine character password system has no such visible flaw, implying that if you entered a proper 14 character password it would be safely stored as a single hash.
Salting them would automatically exclude the use of rainbow tables. But the method described would indeed reduce the strength of longer passwords, for exactly the reasons you've noted.
– Royce Williams
2 hours ago
Er, unless it was a trivially weak (short) salt. :)
– Royce Williams
2 hours ago
add a comment |
Splitting the password is almost certainly worse. It allows an eight character rainbow table to be created. It implies that all passwords in the system will be in 8 character parts. (This is exactly how NT LANMAN passwords were broken.) In your case, it would simply require two rainbow tables.
The nine character password system has no such visible flaw, implying that if you entered a proper 14 character password it would be safely stored as a single hash.
Salting them would automatically exclude the use of rainbow tables. But the method described would indeed reduce the strength of longer passwords, for exactly the reasons you've noted.
– Royce Williams
2 hours ago
Er, unless it was a trivially weak (short) salt. :)
– Royce Williams
2 hours ago
add a comment |
Splitting the password is almost certainly worse. It allows an eight character rainbow table to be created. It implies that all passwords in the system will be in 8 character parts. (This is exactly how NT LANMAN passwords were broken.) In your case, it would simply require two rainbow tables.
The nine character password system has no such visible flaw, implying that if you entered a proper 14 character password it would be safely stored as a single hash.
Splitting the password is almost certainly worse. It allows an eight character rainbow table to be created. It implies that all passwords in the system will be in 8 character parts. (This is exactly how NT LANMAN passwords were broken.) In your case, it would simply require two rainbow tables.
The nine character password system has no such visible flaw, implying that if you entered a proper 14 character password it would be safely stored as a single hash.
answered 4 hours ago
John DetersJohn Deters
27.7k24191
27.7k24191
Salting them would automatically exclude the use of rainbow tables. But the method described would indeed reduce the strength of longer passwords, for exactly the reasons you've noted.
– Royce Williams
2 hours ago
Er, unless it was a trivially weak (short) salt. :)
– Royce Williams
2 hours ago
add a comment |
Salting them would automatically exclude the use of rainbow tables. But the method described would indeed reduce the strength of longer passwords, for exactly the reasons you've noted.
– Royce Williams
2 hours ago
Er, unless it was a trivially weak (short) salt. :)
– Royce Williams
2 hours ago
Salting them would automatically exclude the use of rainbow tables. But the method described would indeed reduce the strength of longer passwords, for exactly the reasons you've noted.
– Royce Williams
2 hours ago
Salting them would automatically exclude the use of rainbow tables. But the method described would indeed reduce the strength of longer passwords, for exactly the reasons you've noted.
– Royce Williams
2 hours ago
Er, unless it was a trivially weak (short) salt. :)
– Royce Williams
2 hours ago
Er, unless it was a trivially weak (short) salt. :)
– Royce Williams
2 hours ago
add a comment |
As John Deters has noted, 2x8 is almost certainly worse - but the reasons why take a little explaining.
There were a couple of problems with LANMAN hashes (the classic case of breaking a password in half):
Since passwords tend to be human-generated and somewhat short, if a single password was only a little longer than the first half (say, 8 characters), then cracking the second half would take dramatically less time - and could even give away what the first half was likely to be)
LANMAN was just so darned fast (for the attacker to attempt, in hash operations per second)
LANMAN cut the passwords in two at an unfortunate length (7), that was quite susceptible to full exhaustion (and even moreso on modern GPUs)
However, your question is a little different from the LANMAN case, for a couple of reasons:
- it does not state that the 2x8 passwords are actually a single password broken in half (they could be independently generated, and random)
- it explicitly states that the two passwords are of length 8 (rather than, say, one of length 8 and the other of length 1, the famous LANMAN worst case)
- the question would be uninteresting if the passwords were human-generated, (because in practice they would usually fall to easy attacks long before the attacker would have to resort to brute force)
- unless your salts are trivially small, building rainbow tables would be infeasible, which is the purpose of salting (unlike LANMAN hashes, which were entirely unsalted)
So it's an interesting question - one that's largely answered by looking at the associated math.
For the sake of the thought experiment, let's make some assumptions:
- both the 9x1 and 8x2 approaches are salted and hashed using the same
salt lengths and algorithms - worst case for the attacker (the passwords are randomly generated from the printable ASCII character set (95 chars), with reasonably long salts)
- modern hardware and speeds are fair game
- the hash algorithm may or may not be parallelism-friendly
Given all of the above, I'd roughly expect:
- The 1x9 hash would be 100% exhausted in 95^9 (6.302 × 10^17) hashing operations (which might be parallelized well or poorly).
- The 2x8 hashes would be jointly 100% exhausted in (95^8)x2 (1.326 × 10^16) hashing operations (and no matter the algorithm, could easily be naively parallelized simply by cracking each hash on a different system - but can often be parallelized very efficiently on a single system as well, depending on the algorithm).
In other words:
- that 9th character adds 95 times the work to exhaust, and might be hard to parallelize
- Two 8-character passwords only doubles the amount of work needed, and can be trivially parallelized
Another way to think about it is that adding one more character roughly creates the same work as having to crack 95 8-character passwords! (If this isn't intuitive, start with simple cases comparing smaller cases like 1x1 vs 1x2, until you understand it).
So all other things being equal, 1x9 should almost always be better than 2x8.
And really, this is not only a simple illustration of the power of parallelization, it should also make it obvious why allowing longer password lengths is so crucial. Each additional character in the model above adds 95 times work to the overall keyspace. So adding two characters adds 95^2 - or 9025 times - the work. Brute force quickly becomes infeasible, even for very fast and unsalted hashes.
This would make an excellent homework question. ;)
Agreed with your conclusion. I would of explained this in a very similar manner.
– Overmind
24 mins ago
add a comment |
As John Deters has noted, 2x8 is almost certainly worse - but the reasons why take a little explaining.
There were a couple of problems with LANMAN hashes (the classic case of breaking a password in half):
Since passwords tend to be human-generated and somewhat short, if a single password was only a little longer than the first half (say, 8 characters), then cracking the second half would take dramatically less time - and could even give away what the first half was likely to be)
LANMAN was just so darned fast (for the attacker to attempt, in hash operations per second)
LANMAN cut the passwords in two at an unfortunate length (7), that was quite susceptible to full exhaustion (and even moreso on modern GPUs)
However, your question is a little different from the LANMAN case, for a couple of reasons:
- it does not state that the 2x8 passwords are actually a single password broken in half (they could be independently generated, and random)
- it explicitly states that the two passwords are of length 8 (rather than, say, one of length 8 and the other of length 1, the famous LANMAN worst case)
- the question would be uninteresting if the passwords were human-generated, (because in practice they would usually fall to easy attacks long before the attacker would have to resort to brute force)
- unless your salts are trivially small, building rainbow tables would be infeasible, which is the purpose of salting (unlike LANMAN hashes, which were entirely unsalted)
So it's an interesting question - one that's largely answered by looking at the associated math.
For the sake of the thought experiment, let's make some assumptions:
- both the 9x1 and 8x2 approaches are salted and hashed using the same
salt lengths and algorithms - worst case for the attacker (the passwords are randomly generated from the printable ASCII character set (95 chars), with reasonably long salts)
- modern hardware and speeds are fair game
- the hash algorithm may or may not be parallelism-friendly
Given all of the above, I'd roughly expect:
- The 1x9 hash would be 100% exhausted in 95^9 (6.302 × 10^17) hashing operations (which might be parallelized well or poorly).
- The 2x8 hashes would be jointly 100% exhausted in (95^8)x2 (1.326 × 10^16) hashing operations (and no matter the algorithm, could easily be naively parallelized simply by cracking each hash on a different system - but can often be parallelized very efficiently on a single system as well, depending on the algorithm).
In other words:
- that 9th character adds 95 times the work to exhaust, and might be hard to parallelize
- Two 8-character passwords only doubles the amount of work needed, and can be trivially parallelized
Another way to think about it is that adding one more character roughly creates the same work as having to crack 95 8-character passwords! (If this isn't intuitive, start with simple cases comparing smaller cases like 1x1 vs 1x2, until you understand it).
So all other things being equal, 1x9 should almost always be better than 2x8.
And really, this is not only a simple illustration of the power of parallelization, it should also make it obvious why allowing longer password lengths is so crucial. Each additional character in the model above adds 95 times work to the overall keyspace. So adding two characters adds 95^2 - or 9025 times - the work. Brute force quickly becomes infeasible, even for very fast and unsalted hashes.
This would make an excellent homework question. ;)
Agreed with your conclusion. I would of explained this in a very similar manner.
– Overmind
24 mins ago
add a comment |
As John Deters has noted, 2x8 is almost certainly worse - but the reasons why take a little explaining.
There were a couple of problems with LANMAN hashes (the classic case of breaking a password in half):
Since passwords tend to be human-generated and somewhat short, if a single password was only a little longer than the first half (say, 8 characters), then cracking the second half would take dramatically less time - and could even give away what the first half was likely to be)
LANMAN was just so darned fast (for the attacker to attempt, in hash operations per second)
LANMAN cut the passwords in two at an unfortunate length (7), that was quite susceptible to full exhaustion (and even moreso on modern GPUs)
However, your question is a little different from the LANMAN case, for a couple of reasons:
- it does not state that the 2x8 passwords are actually a single password broken in half (they could be independently generated, and random)
- it explicitly states that the two passwords are of length 8 (rather than, say, one of length 8 and the other of length 1, the famous LANMAN worst case)
- the question would be uninteresting if the passwords were human-generated, (because in practice they would usually fall to easy attacks long before the attacker would have to resort to brute force)
- unless your salts are trivially small, building rainbow tables would be infeasible, which is the purpose of salting (unlike LANMAN hashes, which were entirely unsalted)
So it's an interesting question - one that's largely answered by looking at the associated math.
For the sake of the thought experiment, let's make some assumptions:
- both the 9x1 and 8x2 approaches are salted and hashed using the same
salt lengths and algorithms - worst case for the attacker (the passwords are randomly generated from the printable ASCII character set (95 chars), with reasonably long salts)
- modern hardware and speeds are fair game
- the hash algorithm may or may not be parallelism-friendly
Given all of the above, I'd roughly expect:
- The 1x9 hash would be 100% exhausted in 95^9 (6.302 × 10^17) hashing operations (which might be parallelized well or poorly).
- The 2x8 hashes would be jointly 100% exhausted in (95^8)x2 (1.326 × 10^16) hashing operations (and no matter the algorithm, could easily be naively parallelized simply by cracking each hash on a different system - but can often be parallelized very efficiently on a single system as well, depending on the algorithm).
In other words:
- that 9th character adds 95 times the work to exhaust, and might be hard to parallelize
- Two 8-character passwords only doubles the amount of work needed, and can be trivially parallelized
Another way to think about it is that adding one more character roughly creates the same work as having to crack 95 8-character passwords! (If this isn't intuitive, start with simple cases comparing smaller cases like 1x1 vs 1x2, until you understand it).
So all other things being equal, 1x9 should almost always be better than 2x8.
And really, this is not only a simple illustration of the power of parallelization, it should also make it obvious why allowing longer password lengths is so crucial. Each additional character in the model above adds 95 times work to the overall keyspace. So adding two characters adds 95^2 - or 9025 times - the work. Brute force quickly becomes infeasible, even for very fast and unsalted hashes.
This would make an excellent homework question. ;)
As John Deters has noted, 2x8 is almost certainly worse - but the reasons why take a little explaining.
There were a couple of problems with LANMAN hashes (the classic case of breaking a password in half):
Since passwords tend to be human-generated and somewhat short, if a single password was only a little longer than the first half (say, 8 characters), then cracking the second half would take dramatically less time - and could even give away what the first half was likely to be)
LANMAN was just so darned fast (for the attacker to attempt, in hash operations per second)
LANMAN cut the passwords in two at an unfortunate length (7), that was quite susceptible to full exhaustion (and even moreso on modern GPUs)
However, your question is a little different from the LANMAN case, for a couple of reasons:
- it does not state that the 2x8 passwords are actually a single password broken in half (they could be independently generated, and random)
- it explicitly states that the two passwords are of length 8 (rather than, say, one of length 8 and the other of length 1, the famous LANMAN worst case)
- the question would be uninteresting if the passwords were human-generated, (because in practice they would usually fall to easy attacks long before the attacker would have to resort to brute force)
- unless your salts are trivially small, building rainbow tables would be infeasible, which is the purpose of salting (unlike LANMAN hashes, which were entirely unsalted)
So it's an interesting question - one that's largely answered by looking at the associated math.
For the sake of the thought experiment, let's make some assumptions:
- both the 9x1 and 8x2 approaches are salted and hashed using the same
salt lengths and algorithms - worst case for the attacker (the passwords are randomly generated from the printable ASCII character set (95 chars), with reasonably long salts)
- modern hardware and speeds are fair game
- the hash algorithm may or may not be parallelism-friendly
Given all of the above, I'd roughly expect:
- The 1x9 hash would be 100% exhausted in 95^9 (6.302 × 10^17) hashing operations (which might be parallelized well or poorly).
- The 2x8 hashes would be jointly 100% exhausted in (95^8)x2 (1.326 × 10^16) hashing operations (and no matter the algorithm, could easily be naively parallelized simply by cracking each hash on a different system - but can often be parallelized very efficiently on a single system as well, depending on the algorithm).
In other words:
- that 9th character adds 95 times the work to exhaust, and might be hard to parallelize
- Two 8-character passwords only doubles the amount of work needed, and can be trivially parallelized
Another way to think about it is that adding one more character roughly creates the same work as having to crack 95 8-character passwords! (If this isn't intuitive, start with simple cases comparing smaller cases like 1x1 vs 1x2, until you understand it).
So all other things being equal, 1x9 should almost always be better than 2x8.
And really, this is not only a simple illustration of the power of parallelization, it should also make it obvious why allowing longer password lengths is so crucial. Each additional character in the model above adds 95 times work to the overall keyspace. So adding two characters adds 95^2 - or 9025 times - the work. Brute force quickly becomes infeasible, even for very fast and unsalted hashes.
This would make an excellent homework question. ;)
edited 55 mins ago
answered 2 hours ago
Royce WilliamsRoyce Williams
5,31211641
5,31211641
Agreed with your conclusion. I would of explained this in a very similar manner.
– Overmind
24 mins ago
add a comment |
Agreed with your conclusion. I would of explained this in a very similar manner.
– Overmind
24 mins ago
Agreed with your conclusion. I would of explained this in a very similar manner.
– Overmind
24 mins ago
Agreed with your conclusion. I would of explained this in a very similar manner.
– Overmind
24 mins ago
add a comment |
Carlos is a new contributor. Be nice, and check out our Code of Conduct.
Carlos is a new contributor. Be nice, and check out our Code of Conduct.
Carlos is a new contributor. Be nice, and check out our Code of Conduct.
Carlos is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f204450%2fwhich-one-of-these-password-policies-are-more-secure%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You should not be using salted hashes in 2019. See security.stackexchange.com/questions/211/… and security.stackexchange.com/questions/193351/…
– Polynomial
4 hours ago
1
To clarify for the uninitiated, Polynomial is discouraging simple salting of "fast" hashes (like MD5) that are not suitable for password storage, or rolling your own salted hashes. Even modern "hashes" (actually complex cryptographic operations, not simple hashes - but still colloquially called "hashes" by most people in conversation) are also salted. Salting is good. Salting alone, of an otherwise bad/fast hash, is slightly better than not salting ... but not by much.
– Royce Williams
2 hours ago