Why limit password length?

This question is inspired by Is there any security risk in not setting a maximum password length?.

Specifically the accepted answer https://security.stackexchange.com/a/238033/9640 says limits are recommended to avoid exhausting the server.

Also it seems to me that if the server is hashing your password to a n digit hash, there is no security advantage to having a password that is longer than n digits. An entity that could reasonable brute force the n digit space, would not have to brute force the (n+1) digit space to brute force your (n+1) digit password. In practical terms, a 1000 digit password is not really more secure than a 500 digit password.

However, what about double hashing the password.

  1. The user enters a password of arbitrary length.
  2. The client hashes the password to a fixed length.
  3. The server can reject the client’s hash if it is not the fixed length (protecting the server from resource exhaustion).
  4. The server otherwise treats the client’s hash as the password and proceeds in the usual manner (it re-hashes it).

In this way, if you want a 10,000 character long password go for it. Your browser will invisibly to you, transform your 10,000 character long password to a 128 character long password (still very secure) and the only change in the server is that now the server knows that all passwords must be exactly 128 characters long so it can reject some logins more easily.

The primary benefit of this scheme is that no user will ever be told "your password is too long". I personally find this message to be disheartening. But I concede that this benefit is not monumental. So if there are any security holes that I am not seeing, this scheme is probably not worth it.

What’s the security risk in password recovery attempts

Last days I’ve received multiple password recovery attempts for a WordPress user. The user didn’t initiate these attempts.

I’m blocking the IP’s on the server, but I don’t see what the goal of the attacker is. I checked the mails the user receives, and they contain a valid password reset link (so no phishing attempt).

So I don’t really understand what the attacker is trying to achieve with these password recovery requests. Or are they just checking for vulnerabilities on that page?

Is there any security risk in not setting a maximum password length?

I’m a listener of the podcast "Security Now" where Steve Gibson, a security expert, often claims that there are no reasons to limit the number of characters a user can use in their passwords when they create an account on a website. I have never understood how it is even technically possible to allow an unlimited number of characters and how it could not be exploited to create a sort of buffer overflow.

I found a related question here, but mine is slightly different. The author of the other question explicitly mentions in their description that they understand why setting a maximum length of 100000000 characters would be a problem. I actually want to know why it would be a problem, is it like I have just said because of buffer overflows? But to be vulnerable to a buffer overflow, shouldn’t you have a sort of boundary which you can’t exceed in the first place, and thus if you didn’t limit the number of characters, would you even have this risk? And if you are thinking about starving a computer’s RAM or resources, could even a very large password be a problem?

So, I guess it is possible not to limit the number of characters in a password: all you’d have to do would be to not use the maxlength attribute or not have a password validation function on the server side. Would that be the secure way to do it? And if it is, is there any danger in allowing an unlimited number of characters for your passwords? On the other hand, NIST recommends developers to limit passwords to 256 characters. If they take the time to recommend a limitation, does it mean there has to be one?

Password entry: are “paste from password manager” and “eyeball to view passwords” mutually-exclusive features?


Context

NIST SP 800-63b gives the following guidance for password forms (aka login pages):

Verifiers SHOULD permit claimants to use “paste” functionality when entering a memorized secret. This facilitates the use of password managers, which are widely used and in many cases increase the likelihood that users will choose stronger memorized secrets.

In order to assist the claimant in successfully entering a memorized secret, the verifier SHOULD offer an option to display the secret — rather than a series of dots or asterisks — until it is entered. This allows the claimant to verify their entry if they are in a location where their screen is unlikely to be observed. The verifier MAY also permit the user’s device to display individual entered characters for a short time after each character is typed to verify correct entry. This is particularly applicable on mobile devices.

I had the argument made to me that these two features should not be implemented together because they would allow a user to circumvent a password manager’s protection and view the auto-populated password. I suspect this argument won’t hold water, but I’m curious about community opinions.

For TCG-Opal drives, which password is used to calculate KEK?

SEDs use a password to generate KEK by a KDF algorithm. The KEK is then used to encrypt the MEK (where MEK is internally generated in the drive). But TCG-Opal drives have 9 locking-ranges and each of these ranges use its own MEK (say MEK1 – MEK9). There are also 4 Admins and 8 Users, each has its own password (PIN). Which of these passwords are used to generate the KEK, or are there multiple KEKs ? The TCG core spec and the Opal SSC spec don’t detail the relation of a password to the MEK of any locking-range.

Is storing an encrypted 2FA backup on Bitwarden (a password manager) a good idea?

I am at the moment using Bitwarden and a separate 2FA app.

I am trying to figure out a way to be able to securely recover my access to credentials and 2FA in case my phone/laptop/other electronic devices get stolen or destroyed and am not sure if what I am doing is good enough.

The app I am using for 2FA allows for encrypted backups with a password. I use Bitwarden to manage my passwords and it also requires a 2FA code from the app.

Now I have a backup of the 2FA app on Bitwarden, where the master passwords for both are long and different (consisting of letters only). I modified the 2FA recovery code for Bitwarden (so that only I know how to read it) and store it on a piece of paper in my wallet and some other places.

My plan is if all goes wrong to gain access to Bitwarden through the recovery code and then download and restore the backup of the 2FA app, in order to regain access to the other places.

Do you think that is secure enough?

git reflog is showing plain text password used as a secret texts or files in Jenkins

We are using Jenkins Freestyle Project to the push the changes on the remote server. We are executing shell script on remote host using ssh for it. To pull the changes on remote host, we are using origin url with git username and git password. The credentials should not be visible in plain text in the url that’s why we have stored them in variables using ‘secret text(s) or file(s)’ option of ‘Build Environment’.

The git credentials are not visible to the users who are using Jenkins for other projects but the remote server is showing git credentials in plain text. Any user with ssh access of the remote server is able to run the git reflog command in the project directory.

Port 22 cannot be opened on the server where gitlab is deployed so we cannot use ssh keys method to create the build in Jenkins. We can use only http method to pull the changes.

Is there any way so we could implement to avoid showing the git credentials in plain text in the project directory.

How to apply custom filters for John The Ripper when cracking RAR3 archive password?

My problem is that I’m trying to crack RAR file with is encrypted with RAR3 encryption. Decided to try with John The Ripper. Here are clues I have from my friend.

  1. Max password length is 8
  2. Only capital letters or digits

And I need now filter to make John crack the password without trying to check small lowercase letters. On hashcat it’s easy to do but program do not support $ RAR3$ *1 type of hashes.