Security Policy: Difference between revisions

Jump to navigation Jump to search

Security Policy (view source)

Revision as of 20:53, 23 March 2007

1,490 bytes removed ,  23 March 2007
m
→‎Strength of Authentication Mechanism
Line 8: Line 8:




===Strength of Authentication Mechanism===
In FIPS mode, the NSS cryptographic module imposes the following requirements on the password.
* The password must be at least '''seven''' characters long.
* The password must consist of characters from '''three or more character classes'''. We define five character classes: digits (0-9), ASCII lowercase letters, ASCII uppercase letters, ASCII non-alphanumeric characters (such as space and punctuation marks), and non-ASCII characters.  If an ASCII uppercase letter is the first character of the password, the uppercase letter is not counted toward its character class.  Similarly, if a digit is the last character of the password, the digit is not counted toward its character class.
To estimate the probability that a random guess of the password will succeed, we assume that
* the characters of the password are '''independent''' with each other, and
* the probability of guessing an individual character of the password is < '''1/10'''.
Since the password is >= 7 characters long, the probability that a random guess of the password will succeed is < (1/10)^7 = 1/10,000,000.
After each failed authentication attempt in FIPS mode, the NSS cryptographic module inserts a one-second delay before returning to the caller, allowing at most 60 authentication attempts during a one-minute period. Therefore, the probability of a successful random guess of the password during a one-minute period is < 60 * 1/10,000,000 = 0.6 * (1/100,000).




Glen
219

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/52833"

Navigation menu