Check for exposed password during password change #4604
Comments
|
I'm always unsure about this functionality. I hope that the people on the other side are good people - but if not, then we would fill their password lists with our passwords. |
|
The search is done on a range of SHA1 hashes. Meaning you don't submit your plaintext password to I had the same question as you, so I digged into the library code before opening this issue. |
|
Hm I don't quite understand the benefit. Of course, it's not good to use very often used passwords or always the same PW/email combination. But if you forbid all (That's more than half a billion!) leaked passwords, you just tell the attackers which they can skip. In case the attackers can access the database, it is not good to have hashes that occur in a rainbow table. But Friendica now uses a good algorithms (I hope) and there will always be another hash from one password. This also means that the hash can not be backtracked to the password. Right? Moreover, users will probably go crazy if they are not allowed to use so many passwords and stay with those generated by Friendica. the idea is good, but too much of the good. I'm only in favour of blocking the most popular passwords. |
|
When a password has been exposed, it means it's available in plaintext in a datadump that haveibeenpwned got a hold of. I know a former password of mine has been exposed as such in a data dump from the Electronic Arts Origin service for example. As a result I don't use it any more anywhere. But what if you don't check haveibeenpwned regularly? This isn't about hash strength in database (which is now ensured by PHP native This isn't about bruteforce attacks either because this service won't mitigate this issue. Although even with half a billion passwords unavailable, the attack surface still is incredibly vast. The raw number of passwords combinations with just 6 characters from latin lowercase letters, latin uppercase letters and numbers is 56,800,235,584. Half a billion passwords is an insignificant part of it, and that's just 6 characters with no special ones. The goal of using this library is to force a would-be hacker to go the hardest route, the longest one. To make illegally accessing accounts on Friendica more expensive than softer targets. Database breach can be mitigated by strong hashes. Man-In-The-Middle attacks can be mitigated by HTTPS. Bruteforce logins can be handled with firewall settings, but someone else having your email and password from another service data breach can't be mitigated, except by using this service. |
You're right, it's not as much as it sounds. |
|
It gets even better with more characters:
If it isn't dizzying enough, you can even add the number of combinations from different number of characters. This is why password dumps and password dictionaries are very useful, anything that can help reduce the attack surface is valuable. By preventing users to use already exposed passwords, it actually increases the attack surface by limiting it to the vast space of uncommon and/or unexposed passwords. |
|
You already cleared up my doubts. |
|
I’m glad I could, thanks for the question! |
Today I stumbled on https://github.com/DivineOmega/password_exposed, a library that exposes a handy function to check if a given password has been part of the leaks recorded by https://haveibeenpwned.com
I believe it would be a better check than any password length or string complexity requirement.
Last but not least, the library requirements (PHP >= 5.6) nicely matches Friendica's.
The text was updated successfully, but these errors were encountered: