Scribd Logo
Upload

Welcome to Scribd!

  • NIST SP 800-63 Password Checker

    Uploaded by

    Jhon Sierra
    43 views2 pages
    This document summarizes a password compliance checker tool that evaluates password strength based on the guidelines in NIST SP 800-63. The tool allows adjusting password policy parameters like required entropy, allowed failed logins, and password lifespan. It then displays whether the configured policies meet level 1 or 2 assurance requirements of the NIST standard.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    XLS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes a password compliance checker tool that evaluates password strength based on the guidelines in NIST SP 800-63. The tool allows adjusting password policy parameters like required entropy, allowed failed logins, and password lifespan. It then displays whether the configured policies meet level 1 or 2 assurance requirements of the NIST standard.

    Copyright:

    © All Rights Reserved
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xls, pdf, or txt
    43 views2 pages

    NIST SP 800-63 Password Checker

    Uploaded by

    Jhon Sierra
    This document summarizes a password compliance checker tool that evaluates password strength based on the guidelines in NIST SP 800-63. The tool allows adjusting password policy parameters like required entropy, allowed failed logins, and password lifespan. It then displays whether the configured policies meet level 1 or 2 assurance requirements of the NIST standard.

    Copyright:

    © All Rights Reserved
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xls, pdf, or txt
    of 2

    Password compliance checker

    http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf Created by: Chris Nowell Characters 8 Uppler, Lower, non-alphanumeric? Y Dictionary Check? Y Lockout duration (hours) 24.00 Allowed failed logins in observation period 6 Password lifespan (in days) 730 (Take note of history kept. Without enforced history, users c Background and Instructions Many password policies (including those based on the NIST Special Publication 800-63) use the concept of "entropy" to determine password length and complexity. Entropy helps to define how much difficulty an adversary will encounter when trying to guess a password. An entropy of 10, for example, means that an adversary will have to go through about 2 to the power of 10 (or 1024) passwords until he guesses the password. We can limit the number of password attempts by locking out accounts for set periods of time when a certain allowed number of failed logins are observed. The compliance checker uses the number of permitted guesses and the password complexity. To see if a certain password implementation complies with NIST SP 800-63 password requirements, change the values in the yellow column accordingly. To change the password requirements from the NIST SP 800-63 policy, change the settings in the grey area. The results are displayed in the blue area. Only the first two of four assurance levels allow password-only authentication. For this reason, this tool only evaluates for level 1 and 2 complance. Entropy: Maximum Allowed Password Attempts: Level One Max Allowed Attempts: Level Two Max Allowed Attempts:

    Configuration Level 1 requires a one in Level 2 requires a one in Level 2 requires an entropy greater than Entropy Definition Entropy of first character is Entropy of next seven characters is Entropy of 9th to 20th characters Entropy of characters 21 and above Bonus for composition rules Bonus for 50,000-word dictionary check

    Without enforced history, users can reuse passwords.) 30 bits 4380 1048576 pass level 1 (unrestricted) 65536 pass level 2 (protected)

    1024 chance of guessing password during password lifespan 16384 chance of guessing password during password lifespan 10 bits

    4 2 1.5 1 6 6

    bits bits per character bits per character bits bits (only for passwords less than 20 characters)

    You might also like