1. Document
   1. source
   2. SP800xx draft publicaton released in April for comment
   3. 38 pages, moderate length
2. Structure
   1. 1. Exec Sum
      1. This publication provides recommendations for password management, which is the process of defining, implementing, and maintaining password policies throughout an enterprise.
      2. Effective password management reduces the risk of compromise of password-based authentication systems.
      3. Organizations should be aware of the drawbacks of using password-based authentication.
      4. organizations should make long-term plans for replacing or supplementing password-based authentication with stronger forms of authentication for resources with higher security needs.
      5. recommends
         1. Create a password policy that specifies all of the organization’s password management-related requirements.
         2. Protect passwords from attacks that capture passwords.
         3. Configure password mechanisms to reduce the likelihood of successful password guessing and cracking.
         4. Determine requirements for password expiration based on balancing security needs and usability.
   2. 2. Intro
      1. A password is a secret (typically a character string) that a claimant uses to authenticate its identity.
      2. example of single-factor authentication
      3. different types
         1. PIN
         2. passphrase
            1. This is a relatively long password consisting of a series of words, such as a phrase or a full sentence. An example of a passphrase is “Iamdefinitelyyour#1fan”.
            2. The motivation for passphrases is that they can be longer than single-word passwords but easier to remember than a sequence of arbitrary letters, digits, and special characters,
      4. policy should address
         1. password storage and transmission
         2. password composition
         3. password issuance
         4. reset procedures.
   3. Password Capturing
      1. acquiring a password from storage, transmission, or user knowledge and behavior.
      2. password complexity controls ineffective if capturing is possible
      3. Storage
         1. Organizations should carefully consider how well passwords and password hashes stored by applications are protected.
         2. For example, web browsers, email clients, and other applications can store passwords on behalf of users, but it is often not apparent how well-secured these passwords are.
            1. Also, in most cases these applications automatically fill in passwords as needed without verifying the user’s identity, which permits an attacker who can gain access to such a computer to use the passwords immediately.
            2. Organizations should decide which types of applications, if any, should be permitted to store passwords and password hashes based on a consideration of the risks of doing so versus the convenience provided to users
         3. In addition to being stored on a host’s storage media (e.g., hard drive), passwords and password hashes are also stored temporarily in a host’s memory, swap files, and similar locations.
            1. utilities to extract passwords from certain operating systems are publicly available.
            2. For particularly high-risk hosts, organizations should consider evaluating their temporary password storage to ensure that passwords and hashes are in temporary storage for only a short time and are properly cleared from temporary storage once they are no longer needed.
            3. mentioned in DBIR
      4. Transmission
         1. Sniffing
            1. Sniffing may occur as passive eavesdropping or active interception, such as a man-in-the-middle attack with an attacker serving as an intermediary through which messages between two other systems pass.
            2. Most sniffers offer the ability to decode and analyze the data gathered if the sniffer knows the packet structure.
            3. Sniffers can gather usernames and passwords that are sent unencrypted by protocols such as Telnet, File Transfer Protocol (FTP), Post Office Protocol 3 (POP3), and Hypertext Transfer Protocol (HTTP).
            4. Many passwords and password hashes are transmitted over internal and external networks to provide authentication capabilities between hosts.
            5. The main threat to transmitted passwords and hashes is sniffing, which involves using a wired or wireless sniffer to listen to network traffic.
            6. Mitigate
            7. Encrypting the passwords or the communications containing the passwords, such as using Transport Layer Security (TLS) or tunneling the communications through a virtual private network (VPN).
            8. For Federal agencies, the encryption mechanisms used to protect password confidentiality must use FIPS-approved algorithms and implementations.
            9. Transmitting cryptographic password hashes instead of plaintext passwords.
            10. Switching from protocols that do not protect passwords to protocols that do. Examples are switching from telnet to Secure Shell (SSH) and from HTTP to HTTP Secure (HTTPS).
            11. Using network segregation and fully switched networks to protect passwords transmitted on internal networks. Note that these methods reduce, but do not eliminate, the possibility of sniffing.
            12. Replacing a password implementation that exposes the passwords to sniffing with a more secure password-based authentication protocol, such as Kerberos.
         2. Replay
            1. Another threat against password transmission is replay attacks, which involve an attacker resending captured traffic in the hopes of getting the same response as the original traffic.
            2. For example, if an attacker can sniff packets that contain encrypted authentication credentials, the attacker may be able to re-send the encrypted credentials—without ever decrypting them—and be authenticated by the recipient if the authentication protocol is vulnerable to replay attacks.
      5. User Knowledge and Behavior
         1. Passwords may be captured by taking advantage of user knowledge and behavior.
         2. shoulder surfing
         3. Password entry can also be monitored by attackers through technical means.
            1. keylogger
            2. For example, a keystroke logger, also known as a keylogger, is a form of malware that monitors the keyboard for action events, such as a key being pressed, and provides the observed keystrokes to an attacker.
            3. Many Trojan horses and some other forms of malware can also monitor user activity to gather usernames, passwords, and other sensitive pieces of information for attackers.
            4. DBIR
            5. Users may also reveal their passwords to attackers because of social engineering.
            6. For example, an attacker could pretend to be a help desk agent, call a user, and ask the user to provide a password to assist the agent in troubleshooting a problem.
            7. The goal behind many phishing attacks is to collect usernames, passwords, and other sensitive information from users.
            8. Social engineering may also target help desk agents, system administrators, and other IT staff with access to privileged accounts,
            9. Another problem with users revealing passwords is that a malicious insider, such as a disgruntled current or former employee, may know valid passwords and share them with other parties.
            10. Terry Childs
   4. Password Cracking and Guessing
      1. Guessing
         1. online
         2. Guessing involves repeatedly attempting to authenticate using default passwords, dictionary words, and other possible passwords.
            1. In a brute force attack, the attacker attempts to guess the password using all possible combinations of characters from a given character set and for passwords up to a given length.
            2. In a dictionary attack, the attacker attempts to guess the password using a list of possible passwords. The list may contain numbers, letters, and symbols, but is not an exhaustive list of all possible passwords or combinations that could create a password.
            3. In a hybrid attack, the attacker uses a dictionary that contains possible passwords and then uses variations through brute force methods of the original passwords in the dictionary to create new potential passwords.
            4. mitigate
            5. First, ensure that passwords are sufficiently complex so that attackers cannot readily guess them.
            6. change defaults
            7. The second method recommended for mitigating guessing attacks is to configure OS and application password authentication mechanisms to limit the frequency of authentication attempts.
            8. Lock out a user account after a number of consecutive failed authentication attempts (often performed within a particular time period, such as the past hour). For example, after a user has failed to provide the correct password 50 times in a row, ignore all additional authentication attempts to the user account for 15 minutes.
            9. Locking out an account after only a few failed attempts has a significant impact on legitimate users and tends to cause them to choose simpler passwords or store their passwords insecurely, thus weakening security
            10. Have a fixed or exponentially increasing delay after each failed authentication attempt. After the first failure, for example, there could be a five-second delay; after the second failure, a 10-second delay; after the third failure, a 20-second delay, and so on.
      2. Cracking
         1. offline
         2. Cracking is the process of an attacker recovering cryptographic password hashes and using various analysis methods to attempt to identify a character string that will produce one of these hashes, thereby being the equivalent of the password to the targeted system.
         3. Cracking involves attempting to discover a character string that will produce the same encrypted hash as the target password
         4. rainbow tables
            1. Attackers using cracking techniques often employ rainbow tables, which are lookup tables that contain pre-computed password hashes.
            2. These tables allow an attacker to attempt to crack a password without having to regenerate hashes if the attacker is attempting to crack multiple accounts.
            3. They can take large amounts of storage and can take a long time to create (although the latter issue may not be important if the attacker can acquire copies of existing tables or reuse tables that the attacker previously created).
            4. are there public tables?
            5. mitigation
            6. salting
            7. Salting is the inclusion of a random value in the password hashing process that greatly decreases the likelihood of identical passwords returning the same hash. If two users choose the same password, salting can make it highly unlikely that their hashes are the same.
            8. larger salts effectively make the use of rainbow tables infeasible.
            9. stretching
            10. spin
            11. Stretching involves hashing each password and its salt thousands of times.
            12. This makes the creation of the rainbow tables correspondingly more time-consuming, while having little effect on the amount of effort needed by the organization’s systems to verify password authentication attempts.
         5. general mitigation
            1. All forms of cracking can be mitigated by making passwords strong,
            2. using one-way password hash algorithms,
            3. and protecting the confidentiality of password hashes.
            4. Changing passwords periodically also slightly reduces the risk posed by cracking.
            5. really
      3. Password Strength
         1. determined by length and complexity
         2. ok table page 3-7
         3. keyspace increases somewhat as the complexity increases and more rapidly as the length increases.
         4. length seems to be the dominating factor in determining password strength.
         5. The keyspace numbers shown in Table 3-1 reflect ideal passwords—passwords in which all possible characters are equally likely to be used for each position of the password.
            1. passphrase better solution?
         6. Entropy
            1. A similar problem exists with users that select simple passphrases, such as well-known titles—although such passphrases may be long, they consist of concatenated dictionary words and thus have low entropy. Entropy in an information system is the measure of the disorder or randomness in the system. Passwords that do not have sufficient entropy are more likely to be recovered through brute force attacks.
            2. not mention own publications
      4. User Password Selection
   5. Password Replacing
      1. when lost then
         1. recovery
         2. reset