NIST has unfortunately been the source of a lot of bad advice which has actively harmed password security the last decade. (e.g. [1])
Cargo culting is generally a good thing in crypto because, you know, don’t roll your own. But in this case we’re talking about policy. And this policy is as user hostile (if not worse) than the prior NIST advice on password expiry.
If you want to stop password spraying, protect your hashes. There’s no proof that blacklisting half a billion specific secrets will make cracking any more difficult. Making it neigh impossible for users to register with your service, well I guess if you have no users you have no passwords to lose.
But the point is a blacklist this extensive is just as likely to make passwords easier to crack, not harder, and will come with a direct cost to the company implementing it. I understand well the goal, I’m entirely unconvinced this helps achieve it.
I would be interested to hear Gosney’s (cracker extraordinaire) and Cormac’s (Microsoft Research) take on this.
> If you want to stop password spraying, protect your hashes.
Again, it's not about your hashes, it's about the attacker having access to your users' credentials.
Users re-use credentials accross services and you have no control on how (in)securely they are stored there.
Blacklisting (I don't have an opinion on how big the blacklist should be) what is known to be widely used accross services sounds sensible... and there is definitely an argument to be made about blacklisting what is known to be widely available/effective for attackers.
Cargo culting is generally a good thing in crypto because, you know, don’t roll your own. But in this case we’re talking about policy. And this policy is as user hostile (if not worse) than the prior NIST advice on password expiry.
If you want to stop password spraying, protect your hashes. There’s no proof that blacklisting half a billion specific secrets will make cracking any more difficult. Making it neigh impossible for users to register with your service, well I guess if you have no users you have no passwords to lose.
But the point is a blacklist this extensive is just as likely to make passwords easier to crack, not harder, and will come with a direct cost to the company implementing it. I understand well the goal, I’m entirely unconvinced this helps achieve it.
I would be interested to hear Gosney’s (cracker extraordinaire) and Cormac’s (Microsoft Research) take on this.
[1] - https://www.engadget.com/amp/2017/08/08/nist-new-password-gu...