检查密码复杂性:与上一个X密码不同 [英] Checking password complexity: different from last X passwords
问题描述
新密码必须是 Y 与上一个 X不同的字符密码。
这将阻止人们使用密码,如 Password1!, Password2!等等。但是如果这样做,就不能使用以前使用过的密码 - 他们最好加密...对吧?
对于一个小的 Y 和一个相当短的密码,你可能仍然可以存储哈希和bruteforce所有 Y 新密码的字母变体,但这是不可行的 Y ,密码长度增长。
我原来的想法是这样的:因为当您更改密码时,您必须提供原始密码,散列新的密码,并以加密的形式存储旧密码。现在是可逆的。
所以假设一个活跃的密码总是散列,有没有更好的方法呢?而且还有这样的一个原因:增加还是减少应用程序的安全性?
我试图把它放在一个评论中,但是我认为这是足够重要的一个答案。
OP提出的方案是>不必然违反CWE-257。该提案不允许系统管理员(例如)恢复旧密码。
建议是使用新的密码作为加密所有这些旧的密码的密钥。如果您可以使用生活在客户端而不是服务器上的新密码验证,那么这比使用密码加密其他任何东西都安全。
所以更改密码小工具将是客户端代码。服务器将发送N个早期密码的加密列表,客户端可以使用用户当前密码进行解密,然后使用用户的新密码重新加密。服务器没有足够的信息来确定任何密码,无论是旧的还是新的密码。只有客户端有这样的信息,但是在任何情况下都是这样的...区别在于学习当前密码的攻击者也可以学习旧密码。因为学习你当前的密码已经是一场灾难,所以这并没有打击我,因为更糟糕。
真的,这并不能防止员工的攻击编写自己的密码更改实用程序来解决密码限制,因为在服务器端没有进行验证。但是,在我看来,这绝对不是违反CWE-257的。
这实际上是一个非常聪明的想法。
Most services, programs, etc. have various password complexity checks. Without delving into the efficacy of such checks, I thought of one that might be interesting, but also potentially problematic check:
"The new password must be Y characters different from the last X passwords."
This would prevent people from using passwords like Password1!, Password2!, and so on. But if that's done, one cannot hash the previously used password - they would be at best encrypted... Right?
For a small Y and a fairly short password, you could probably still store the hash and bruteforce all Y letter variations of the new password, but this gets unfeasible as Y and the password length grows.
My original idea is this: since when you change the password you must provide your original password, hash the new password and store and the old one in encrypted form. Now it's reversible.
So assuming an active password is always hashed, is there a better way to do this? And also does having this in place increase or decrease the security of the application?
I tried to put this in a comment, but I think this is important enough to put in an answer.
The scheme proposed by OP is not necessarily a violation of CWE-257. The proposal does not allow a system administrator (say) to recover the old passwords.
The proposal is to use the new password as the encryption key for all of the old passwords. If you can live with the "new password verification" living on the client and not the server, then this is no less secure than encrypting anything else using the password.
So the "change password" gadget would be client-side code. The server would send the encrypted list of N earlier passwords, which the client could decrypt with the user's current password and then re-encrypt with the user's new password. At no time does the server have enough information to determine any of the passwords, whether old or new. Only the client has this information, but it has that in any case... The difference being that an attacker who learned your current password could also learn your old passwords. Since learning your current password is already a disaster, this does not strike me as all that much worse.
True, this does not guard against the "attack" of an employee writing their own password change utility to get around the password restrictions, since the validation is not done on the server side. But in no way is this a violation of CWE-257, in my opinion.
It is actually a reasonably clever idea.
这篇关于检查密码复杂性:与上一个X密码不同的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
