[Cracklib-devel] Security baseline for cracklib (when passwords should be accepted or rejected?)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi all!

I've done some integration testing with cracklib and discovered
that the passwords are rejected or accepted quite arbitrarily.
At least I don't see any pattern in it.

For example, using English word list, password "1winning1" will
be accepted as secure, but passwords ".):winning,!\" or
"*~[winning#>;" will be rejected as insecure.

The word "winning" has about 10 bits of guessing entropy[1,2,3],
so the above passwords have at most 16 (more realistically 12),
40 and 40 bits of guessing entropy respectively. That's a very
large gap between false positive (IMO) and false negative.

What was the security level to be achieved? What is the
acceptable error from this baseline?

NIST SP 800-63-1 allows for password based authentication with
passwords that have 14 or 20 bits of entropy (for systems
needing Level 1 or Level 2 security respectively). While making
it possible to check if a password has more entropy than that
would be nice, I think those two values would be a good starting
point. So, I think that adding a configuration file that allows
to set the desirable entropy of passwords would be a good new
feature. Adding a new API that allows the programmer to specify
the minimal amount of guessing entropy the password needs to
have would be a good addition to that.

 1: NIST SP 800-63-1, section A.2.2
 2: "Testing Metrics for Password Creation Policies by Attacking
    Large Sets of Revealed Passwords" by Weir et al. (2010)
 3: "The science of guessing: analyzing an anonymized corpus of 70
    million passwords" by Joseph Bonneau

-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
http://wiki.brq.redhat.com/hkario
Email: hk...@re...
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic