0936: "Password Strength"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

starfyredragon
Posts: 4
Joined: Wed Jul 15, 2009 6:02 pm UTC

Re: 0936: "Password Strength"

Postby starfyredragon » Sat Aug 13, 2011 6:53 pm UTC

rewolff wrote:I have always used my last name as the account name. So at one point in time I searched for a password that hashed to my first name. Since then I've been using passwords that can be considered "randomly" chosen from 8 lowercase letters". At over 37 bits of entropy these perform better than most "according-to-the-rules" passwords (which come in at about 28 bits as Randall calculated in his strip).

Still my form of password is usually rejected in high-security applications in favor of the less secure mixed case hard-to-remember convoluted stuff....

Re: Number of words: as a rule-of-thumb you learn about 1000 words per year, ending up at around 20000 at age 20. Out of a total of about 80000 to 100000 words in a modern language.


One of my words for today was "Mithridate".

laki
Posts: 4
Joined: Mon Feb 02, 2009 8:57 pm UTC

Re: 0936: "Password Strength"

Postby laki » Sat Aug 13, 2011 8:27 pm UTC

I really enjoyed this comic, but Randall raised a couple of points I'd like to highlight/correct. Entropy isn't a very good measure of password strength for human generated passwords. This isn't a problem with his second example since the words are randomly picked, but in the first example which was picked by the user, it falls apart. That's because he's looking at the entropy and assuming that the underlying probabilities are evenly distributed since he then treats the strength of the password as equivalent of a random key of 'n' length bits. Aka some words like 'password', 'princess', 'monkey' are much more common than 'troubador', so passwords using those words are cracked much more quickly. If you look at a password cracking session against a large number of passwords, the number of guesses required to crack each additional password almost looks like it increases exponentially, (note, it actually doesn't match it exactly but it looks like an exponential curve if you squint...). If you treat the entropy measurement as equivalent to a random key you would expect to find a cracking session that would look like a straight line. Now try to model an exponential curve using a straight line and you'll see where the problems with using that metric are ;)

I co-authored a paper that I presented at the ACM CCS 2010 conference on this very subject titled "Testing metrics for password creation policies by attacking large sets of revealed passwords", (the title says it all). You can download a copy from http://goo.gl/YxRk if you are interested in the details. I also wrote some blog posts on the subject at

http://reusablesec.blogspot.com/2010/10/new-paper-on-password-security-metrics.html
and
http://reusablesec.blogspot.com/2010/10/ccs-paper-part-2-password-entropy.html

I'd also like to point out that for a vast majority of people, password strength doesn't have much of an impact. Password strength is really only important in corporate networks where things like AD admin password hashes are cached on local machines, or the attacker is unable/unwilling to install a keystroke logger or pass the hash. What's much more important is password reuse. This can be seen in cases such as the Gawker hack where attackers immediately used cracked passwords against Twitter accounts, or the HBGary hack where the attacker compromised Aaron Barr's e-mail, bank account, I-Pad account, several internal servers, HBGary's corporate e-mail account, etc, since Aaron Barr used the same password everywhere. I'm not saying you have to use different passwords everywhere, (though keyvaults like lastpass or KeePass are certainly nice and allow you to do this), but you should really have at least four unique passwords. One for sites you don't care about, (like this forum), one for your social networking sites like facebook, one for your webmail account, and one for your financial sites. You might want to use a fifth unique password for online shopping sites as well. That way regardless of how the password is stored, or how weak the password is, it limits the damage caused when a site is compromised and your password is stolen.

Oh, and just for laughs, here is what is quite probably the largest collection of one line ASCII art porn on the internet, since some people choose those for their passwords:
https://sites.google.com/site/reusablesec/Home/custom-wordlists/nsfw_ascii_art.txt.gz
I created it specifically to show how passwords like that could be targeted by an attacker. I'd really hate to think what Google thinks of me based on my searches researching that dictionary ;)

Army1987
Posts: 8
Joined: Fri Aug 12, 2011 2:49 pm UTC

Re: 0936: "Password Strength"

Postby Army1987 » Sat Aug 13, 2011 11:11 pm UTC

gmalivuk wrote:
Army1987 wrote:(And still the security method says this is a “mediocre” password; under those constraints, how the *hell* am I supposed to make a stronger one?)
Well doubling the size of the word list adds one bit per word, for one thing. As would picking random letters to capitalize. (That might be harder to remember, but with the benefit of adding another bit per character.)

Well, I don't think the meter even checked whether that string was composed of concatenated English words, let alone tried to guess how big my wordlist was. I think it just supposed that a password entirely composed by letters must be unsafe, no matter how long it is.

User avatar
cjquines
Posts: 61
Joined: Thu Jul 21, 2011 5:30 am UTC

Re: 0936: "Password Strength"

Postby cjquines » Sun Aug 14, 2011 1:11 am UTC

Just use a foreign language. Problem solved!

therenaissanceman
Posts: 11
Joined: Sun Aug 14, 2011 1:45 am UTC

Re: 0936: "Password Strength"

Postby therenaissanceman » Sun Aug 14, 2011 1:50 am UTC

cjquines wrote:Just use a foreign language. Problem solved!


weeeeeeeeell, IMO, using a foreign language gives speakers of said language a heads-up. plus, if you were trying to use, say, Chinese, I doubt sites like Facebook would allow you to use Chinese characters in your password. but what do I know about password security? (obviously not much compared to laki)

User avatar
Plasma Mongoose
Posts: 209
Joined: Tue Feb 01, 2011 1:09 am UTC
Contact:

Re: 0936: "Password Strength"

Postby Plasma Mongoose » Sun Aug 14, 2011 3:04 am UTC

If you follow the rules below (assuming you haven't already) hackers and crackers will have a harder time breaking in.

Eleven Rules for Strong Passwords

1. Avoid using a single dictionary word as a password. These passwords are easy for hackers to figure out using an electronic dictionary.

2. Don’t use personal information. Any part of your name, birthday, Social Security number, hobbies or any other similar information for your loved ones is a bad idea.

3. Avoid common sequences, such as numbers or letters in sequential order or repetitive numbers or letters.

4. If the web site supports it, try to use special characters, such as $, #, and &. Most passwords are case sensitive, so consider using a mixture of upper case and lower case letters, as well as numbers.

5. Passwords become harder to crack with each character that you add, so longer passwords are better than shorter ones. A brute-force attack can easily defeat a password with seven or fewer characters.

6. To help you easily remember your password, consider using the first letter from each word in a sentence, a phrase, a poem, or a song title as a password. Be sure to add in numbers and/or special characters.

7. Consider using different strength passwords depending on what sort of accounts and applications you use; (relatively) weaker and easier to remember passwords for less imortant apps, stronger passwords for more important apps. This way, if one password is cracked, the other accounts won’t be in immediate danger. Do not use the same or variations of the same password for different applications.

8. While it sounds contrary to good sense, one easy way to remember your passwords is to write them down and keep them in a secure place. Never leave them in any obvious place or in plain sight.

9. Consider using a secure password manager.

10. If you are already a weak password, change it! Web sites have a variety of procedures that govern how you can change your password. Look for a link (such as "my account") somewhere on the site's homepage that goes to an area of the site that allows password and account management.

11. Whatever you do, do not use passwords such as password or user or the name of the app you want to protect, that is the sort of stupidity that nearly started World War Three for goodness sakes.


Chances are, you already know some if not all these rules, but if you don't, you might want to start following the advice set by the rules for your own sake.
A virus walks into a bar, the bartender says "We don't serve viruses in here".
The virus replaces the bartender and says "Now we do!"

JiminP
Posts: 10
Joined: Sat Apr 16, 2011 1:46 pm UTC

Re: 0936: "Password Strength"

Postby JiminP » Sun Aug 14, 2011 8:44 am UTC

Comment on 1000 guesses/sec : "Plausible attack on a weak remote web service. Yes, cracking a stolen hash is faster, but it's not what the average user should worry about."

Unfortunately, in South Korea, a big web site was hacked, so crackers may have hash of SSN and password of 5/7 of South Korean. On their harddisk.

:(
Image

angelickitty
Posts: 2
Joined: Sun Aug 14, 2011 9:33 am UTC

Re: 0936: "Password Strength"

Postby angelickitty » Sun Aug 14, 2011 9:39 am UTC

jpk wrote:I figured that was what you meant, just wanted to confirm.
I've always figured the correct way to handle passwords is to give people a handful of strong generated passwords to choose from, and let them learn them. Then, don't make them change them over and over, let them actually learn them. Changing passwords for security only makes sense if you know the password has been cracked. Changing the password every three months (or whatever) is idiotic: it enforces weak passwords, and no cracker is going to spend weeks on your password, so at any given time, they're dealing with only one (weak) password, unless you happen to hit it lucky and hit the three-month change while they're actually running their brute-force attack. Moronic.


honestly, i tend to think in most places, (specially work) the three month change is more because IT has become wise that yea, they say not to give a coworker your password because they have their own, but things will happen and someone will still give another their password because its a bad time to get it reset or something.. with the 3 months they are sooner or later forced back to their own. and definitly gets passwordws out of the hands of those who no longer work at the company after a while.

gormster
Posts: 231
Joined: Mon Jul 23, 2007 6:43 am UTC
Location: Sydney

Re: 0936: "Password Strength"

Postby gormster » Sun Aug 14, 2011 1:10 pm UTC

zecro wrote:It is 2011, people.

Are you seriously still not using a string made of randomly-generated
  • numbers
  • symbols
  • uppercase letters
  • lowercase letters
  • foreign script, if supported
with at least a length of 10?

Enter it enough times, and it will just become muscle memory.


http://xkcd.com/792/

Honestly, dude, it's like you don't even read xkcd.
Eddie Izzard wrote:And poetry! Poetry is a lot like music, only less notes and more words.

Jader7777
Posts: 1
Joined: Sun Aug 14, 2011 1:20 pm UTC

Re: 0936: "Password Strength"

Postby Jader7777 » Sun Aug 14, 2011 1:25 pm UTC

I'm so mad at you xkcd. Now that I know this I have to change everything. That's much harder than watching my bank accounts drain themselves.

User avatar
Scyrus
Posts: 124
Joined: Tue May 11, 2010 8:32 pm UTC
Location: Portugal

Re: 0936: "Password Strength"

Postby Scyrus » Sun Aug 14, 2011 5:29 pm UTC

I have a question then, how long/how hard would it be to crack a password that is simply the first letter of every word of an entire songs lyrics?? Assuming, of course, that there are no character limits and every character can be used, from the hacker's point of view. (Words in the lyrics are entirely lowercase or uppercase).


Just an example, a "Smells like Teen Spirit" by Nirvana password using this format would be: luogabyfiftlatpsoasaonikadwhhhhlhhhhlhhhhlhhhwtloildhwaneuifsachwaneuamaaammlyhhiwawidbaftgifbolghabaawutehhhhlhhhhlhhhhlhhhwtloildhwaneuifsachwaneuamaaammlyhhaifjwitoyigimmsifihihtfowwnhhhhlhhhhlhhhhlhhhwtloildhwaneuifsachwaneuamaaammladadadadadadadadad

(You have to copy the last part of the password and the next line and post it on notepad to see the whole)
I mean, is it *hard* to crack? And nevermind it being long, it would be intended to be used to guard top secret life (or world) changing information.
It took me like a minute and a half to input that password while humming the song.

And bonus question, what about a supercomputer like the Jaguar XT5? How quickly would it break a password like this?

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 26453
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 0936: "Password Strength"

Postby gmalivuk » Sun Aug 14, 2011 6:01 pm UTC

There are a fairly small number of songs, and a huge portion of them have their lyrics easily available online. And if I know you used a full song, it's even easier to break than if you used only part, because I'd only have to check one password for each song.

In other words, if I knew more about programming, I could probably crack that password in a fairly short time with this netbook.
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

laki
Posts: 4
Joined: Mon Feb 02, 2009 8:57 pm UTC

Re: 0936: "Password Strength"

Postby laki » Mon Aug 15, 2011 1:37 am UTC

Scyrus wrote:I have a question then, how long/how hard would it be to crack a password that is simply the first letter of every word of an entire songs lyrics?
......
And bonus question, what about a supercomputer like the Jaguar XT5? How quickly would it break a password like this?


As it was brought up earlier, there aren't that many songs out there so if someone knew that you were creating your password that way it wouldn't be that hard to crack. What people forget though is that the attacker very rarely knows how someone created their password. Since no-one else I've ever seen has used that method of password creation, I'd be very surprised if an attacker incorporated that type of attack into their cracking session. At the same time the password is long enough that any sort of other attack against a hashing system that didn't cut your password off at 7-8 chars would be ineffective, (even if it was a nation state trying to crack your password using a supercomputer). The only types of attacks you'd really have to worry about are keystroke loggers, shoulder surfing, the old 3 dollar wrench attack, or password reuse where one of the sites stored your password in plaintext.

User avatar
Eebster the Great
Posts: 3085
Joined: Mon Nov 10, 2008 12:58 am UTC
Location: Cleveland, Ohio

Re: 0936: "Password Strength"

Postby Eebster the Great » Mon Aug 15, 2011 2:05 am UTC

laki wrote:
Scyrus wrote:I have a question then, how long/how hard would it be to crack a password that is simply the first letter of every word of an entire songs lyrics?
......
And bonus question, what about a supercomputer like the Jaguar XT5? How quickly would it break a password like this?


As it was brought up earlier, there aren't that many songs out there so if someone knew that you were creating your password that way it wouldn't be that hard to crack. What people forget though is that the attacker very rarely knows how someone created their password. Since no-one else I've ever seen has used that method of password creation, I'd be very surprised if an attacker incorporated that type of attack into their cracking session. At the same time the password is long enough that any sort of other attack against a hashing system that didn't cut your password off at 7-8 chars would be ineffective, (even if it was a nation state trying to crack your password using a supercomputer). The only types of attacks you'd really have to worry about are keystroke loggers, shoulder surfing, the old 3 dollar wrench attack, or password reuse where one of the sites stored your password in plaintext.

It isn't safe to assume that.

Suppose, for instance, the attacker was able to steal a hash of the password. Depending on how the password is hashed, this might give information about its length. So if the attacker knows the password is extremely long, one of the schemes she might indeed try is the first-letter-of-each-word approach, and if she did, she is likely to include lyrics of common songs in her search.

So it isn't all that implausible that the password could be guessed, especially given the importance attached to it.

User avatar
Jorpho
Posts: 6204
Joined: Wed Dec 12, 2007 5:31 am UTC
Location: Canada

Re: 0936: "Password Strength"

Postby Jorpho » Mon Aug 15, 2011 2:14 am UTC

EDIT: Never mind, new thread.
Last edited by Jorpho on Wed Aug 17, 2011 1:01 am UTC, edited 1 time in total.

laki
Posts: 4
Joined: Mon Feb 02, 2009 8:57 pm UTC

Re: 0936: "Password Strength"

Postby laki » Mon Aug 15, 2011 2:29 am UTC

Eebster the Great wrote:It isn't safe to assume that.

Suppose, for instance, the attacker was able to steal a hash of the password. Depending on how the password is hashed, this might give information about its length. So if the attacker knows the password is extremely long, one of the schemes she might indeed try is the first-letter-of-each-word approach, and if she did, she is likely to include lyrics of common songs in her search.

So it isn't all that implausible that the password could be guessed, especially given the importance attached to it.


I'm going to have to disagree with you. About the only modern day hash type that leaks length info is LanMAN, (many other hash types cut the password off at a certain type but in that case you only know the maximum effective password length is 'n'). With LanMAN you know if the password is more than 14 chars or not. Even knowing it is a longer password though the chances of an attacker using an entire song as an input dictionary are very remote, (though parts of songs are common). It's just not that common of a password creation method that an attacker would bother with it. This goes doubly for slower hash types used in most file encryption tools due to the high cost to make each individual guess, which is probably where this long password would be used.

My point is not that this password couldn't be broken if the attacker realizes that he used a whole song's lyrics. Also, using the first letters of common phrases is a known mangling technique and attackers can target that. I just wanted to say that since using the whole song is so uncommon the chances of an attacker trying that are very very low. If they really wanted to grab the password it's much more likely they would employ some non-password cracking technique such as the old 3 dollar wrench method ;)

Now if a lot of people started using whole song lyrics, attackers would start to target this method. That's the problem when giving password creation advice. People just don't do random very well, and once a mangling rule becomes widespread attackers will target it. That's the nice thing about this XKCD strip. With a randomly generated passphrase of 4 words, attackers can't target how predictable people as a group are.

scarletmanuka
Posts: 527
Joined: Wed Oct 17, 2007 4:29 am UTC
Location: Perth, Western Australia

Re: 0936: "Password Strength"

Postby scarletmanuka » Mon Aug 15, 2011 4:22 am UTC

ConMan wrote:My standard disclaimer about the strength of passwords is that no matter how strong it may be algorithmically, a password is immediately weak once it's used as an example of a strong password.

For instance, this one.

dsawatzky wrote:MY bank introduced stricter passwords, and I cried fowl - now I have to write down my passwords or I won't have access to my money (nor my wife)

Wait, wait, you need a bank password to access your wife? :o Man, talk about harsh.

gavin wrote:
Oktalist wrote:
gavin wrote:I was most recently taught that 15 characters (assuming it's still not a single word) completely changes the dynamic of how long it takes to hack. This is because it changes the password type. Computers currently use two invisible boxes that contain 7 characters of the password each.

That's not any hashing function that I know of. Sounds like it could be a Windows thing.

I know windows does it. [...] http://www.symantec.com/connect/articles/ten-windows-password-myths The 3rd myth lays out the history of the hashes pretty well.

That's not really an accurate statement. But it's accurate enough to be worrying. :) Note, first, that the article you're referencing is from 2002. And yes, it's about Windows logins rather than a generic web login. So it's not really on point for the comic. When you create an account on some random forum, I don't think they're going to be setting you up as a user on the server. Well, I hope not anyway.

The issue here is the LanManager (LM) password hash, which was replaced by better variants in Windows NT (and, as the article you quoted mentioned, by far better variants in Windows 2000 and on), but which was still stored for reasons of backwards compatibility (i.e. so that pre-NT and post-NT computers can communicate over the same network). Storing the LM password hash can be turned off from Windows 2000 SP2 onwards, and is off by default in Vista onwards.

So, if you're logging into a machine that's Vista or later, or whose admin is knowledgeable enough to turn LM hashing off, you won't have an issue with this. But if you're logging into a remote server that you don't know anything about, your best bet is probably using a 15-character or higher password to break the LM hashing.

This article has a reasonable summary, and there is some more information here.
As Windows XP starts to be replaced by Vista and later operating systems this issue should recede further.

Bartimaeus46
Posts: 2
Joined: Wed Jul 27, 2011 9:46 am UTC

Re: 0936: "Password Strength"

Postby Bartimaeus46 » Mon Aug 15, 2011 6:10 am UTC

dysprog wrote:HotChicksEatingIceCeamInThePool.com


Firefox can't find the server at www.hotchickseatingiceceaminthepool.com.


This saddened me :(

Isil`Zha
Posts: 8
Joined: Mon Aug 15, 2011 2:08 pm UTC

Re: 0936: "Password Strength"

Postby Isil`Zha » Mon Aug 15, 2011 2:14 pm UTC

SpringLoaded12 wrote:I once encountered a site where the password had to be exactly 10 characters. Worst thing ever.


I've got a trump for you:

There's a site, that includes tons of private information, that I had me: "Please change your password, user passwords must be unique."

That's right, it just told me that some other user has the password I wanted to use... :shock:

User avatar
cjmcjmcjmcjm
Posts: 1158
Joined: Tue Jan 05, 2010 5:15 am UTC
Location: Anywhere the internet is strong

Re: 0936: "Password Strength"

Postby cjmcjmcjmcjm » Mon Aug 15, 2011 5:32 pm UTC

Speaking of bad password lists, my password was ou812 in middle school.
frezik wrote:Anti-photons move at the speed of dark

DemonDeluxe wrote:Paying to have laws written that allow you to do what you want, is a lot cheaper than paying off the judge every time you want to get away with something shady.

CharonPDX
Posts: 58
Joined: Wed Apr 27, 2011 4:55 am UTC

Re: 0936: "Password Strength"

Postby CharonPDX » Mon Aug 15, 2011 9:47 pm UTC

TaylorP wrote:
CharonPDX wrote:A co-worker has created an xkcd-compliant password generator:
http://slid3r.com/passGen

Enjoy.


fingerboards aroused panhandlers petroleum :|

I like the idea, but I agree that it might work better if it had a "Simple English Wiki" option for the words.


Alright, he has updated it with only simple(-ish/er) words. Still gets some slightly odd-ball words, but better than before. (Just got one of my favorite words, foetid!)

Cal27
Posts: 25
Joined: Mon Mar 23, 2009 4:12 am UTC

Re: 0936: "Password Strength"

Postby Cal27 » Mon Aug 15, 2011 11:51 pm UTC

Here's a method I'm surprised nobody has suggested yet, given where we are: using a line of code in your favorite programming language. I've never actually used this scheme, so the following is all speculation.

Of course, some languages will be better for this than others. This assumes that a typical line of code will contain some symbols, a couple dictionary words or non-words, and some mixed case. Again, this will vary wildly depending on the language, but I can't imagine snippets containing those things would be difficult to make up in most languages. This does mean that the password has to be human-generated, which could lead to problems if you just use Hello World or an echo statement. But, unless I'm missing something big, such a password would be immune to all forms of brute force attack; with the massive variety in languages and their styles, a simple brute force attack would be infeasible because it would have to account for every common symbol. A dictionary attack wouldn't work, because of the symbols and the non-words involved. It would be possible to specifically tailor an algorithm to generate random code, but even if they knew the scheme and language, it would still have to guess any variable names you used, along with guessing the correct code snippet out of an essentially infinite number of possibilities.

I'm assuming that this would be relatively easy (compared to a random string of characters) for a programmer to remember. Other than social engineering, the only flaw I can think of right now is the reliance on length. If someone knows the length of the password, it would be significantly easier (as with any password, really) to generate code that fits that. And then there are the places that place arbitrary length limits and character restrictions on passwords. It would probably still be possible to generate a password that obeys those restrictions, but it probably wouldn't be as secure as a regular password in the case of character limitations.

Is there anything I missed?

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 26453
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 0936: "Password Strength"

Postby gmalivuk » Tue Aug 16, 2011 12:46 am UTC

unless I'm missing something big, such a password would be immune to all forms of brute force attack
Well for one thing, no password is immune to a brute force attack. And the only authentication systems that are themselves truly immune are those that lock you out permanently after some (smallish) number of failed attempts.

A dictionary attack wouldn't work, because of the symbols and the non-words involved. It would be possible to specifically tailor an algorithm to generate random code, but even if they knew the scheme and language, it would still have to guess any variable names you used, along with guessing the correct code snippet out of an essentially infinite number of possibilities.
Sure, but if you have to remember non-obvious variable names, just use some of those as your password. And while it might be infeasible to go through *all* possible valid code snippets, it would probably be relatively straightforward to compile a list of snippets that occur most often and run through those.

I think that, like the scheme suggested in the comic, yours might also be a way to generate a decent amount of entropy in an easier-to-remember way, but at the (potential) expense of requiring a much longer password to do it. For example, to get the same amount of entropy as a random 12-character password, your algorithm might give you something that's as easy for you to remember as a random 6-character password, but requires you to input 50 characters to do it.
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

jpk
Posts: 607
Joined: Sat Nov 13, 2010 7:33 am UTC

Re: 0936: "Password Strength"

Postby jpk » Tue Aug 16, 2011 2:14 am UTC

angelickitty wrote:
jpk wrote:I figured that was what you meant, just wanted to confirm.
I've always figured the correct way to handle passwords is to give people a handful of strong generated passwords to choose from, and let them learn them. Then, don't make them change them over and over, let them actually learn them. Changing passwords for security only makes sense if you know the password has been cracked. Changing the password every three months (or whatever) is idiotic: it enforces weak passwords, and no cracker is going to spend weeks on your password, so at any given time, they're dealing with only one (weak) password, unless you happen to hit it lucky and hit the three-month change while they're actually running their brute-force attack. Moronic.


honestly, i tend to think in most places, (specially work) the three month change is more because IT has become wise that yea, they say not to give a coworker your password because they have their own, but things will happen and someone will still give another their password because its a bad time to get it reset or something.. with the 3 months they are sooner or later forced back to their own. and definitly gets passwordws out of the hands of those who no longer work at the company after a while.


In my world, that's a firing offense. Not because of compromising security, but because I don't want anybody that stupid working for me. Why would you give a co-worker your password?

shohami
Posts: 1
Joined: Tue Aug 16, 2011 3:16 am UTC

Re: 0936: "Password Strength"

Postby shohami » Tue Aug 16, 2011 3:24 am UTC

Oh, where to begin...

While I read xkcd regularly and like it a great deal, this particular comic was just ... wrong.

I've posetd about using passphrases consisting of words before, here: http://blogs.hitachi-id.com/blogs/idan/2009/06/30/pass-phrases-the-illusion-of-security/

Basically, the average entropy of a letter in an English word is no more than 1.5 bits. 4 words x 5 letters/word (average) = 30 bits. Not too good.

On the other hand, that 11 character vaguely-word-like but mixed-case, mixed-digits, mixed-punctuation passwords has more like 70^11 possibilities or roughly 67 bits of entropy. I don't have a program to convert dictionary words into weird things like that - do you?

So my conclusion is exactly the opposite of the strip. Stay away from unadulterated passphrases - they are quite insecure. Stick to strong passwords and come up with a robust method to invent new ones once in a while.

-- Idan
http://hitachi-id.com/

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 26453
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 0936: "Password Strength"

Postby gmalivuk » Tue Aug 16, 2011 4:42 am UTC

Good job missing the point of the comic!

shohami wrote:the average entropy of a letter in an English word is no more than 1.5 bits
This is for meaningful English sentences as they would typically appear in print. The entropy of this post, for example, probably would work out to about 1.5 bits per character. But random phrases are a different story all together.

shohami wrote:4 words x 5 letters/word (average) = 30 bits
Wrong. If you're picking randomly from a list of 2n words, then each word has n bits of entropy. So 30 bits from four words only happens if you're picking from fewer than 200 words. Which, again, if you were making English sentences, is in fact often the case, because the bulk of any large corpus is made up of only a few very common words. But Randall was assuming 2048 words on the list, so each one of them is 11 bits.

And really, the fact that they happen to be English words is only coincidental. It helps some people remember them, and nothing more. Instead of four 11-bit words, you could pick four integers randomly between 1 and 2048. For some of us, that might even be easier to remember than the four random words. But probably not for the sort of people who would be likely to do the same low-entropy things to a dictionary word as in the comic's first example.

shohami wrote: I don't have a program to convert dictionary words into weird things like that - do you?
Personally? No. But I could probably make one within a few days if I felt like it, and I imagine anyone with even a little experience with programming could do it even faster.

shohami wrote:So my conclusion is exactly the opposite of the strip.
And also exactly the opposite of correct. What a coincidence!
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

User avatar
Eebster the Great
Posts: 3085
Joined: Mon Nov 10, 2008 12:58 am UTC
Location: Cleveland, Ohio

Re: 0936: "Password Strength"

Postby Eebster the Great » Tue Aug 16, 2011 4:43 am UTC

shohami wrote:Oh, where to begin...

While I read xkcd regularly and like it a great deal, this particular comic was just ... wrong.

I've posetd about using passphrases consisting of words before, here: http://blogs.hitachi-id.com/blogs/idan/ ... -security/

Basically, the average entropy of a letter in an English word is no more than 1.5 bits. 4 words x 5 letters/word (average) = 30 bits. Not too good.

On the other hand, that 11 character vaguely-word-like but mixed-case, mixed-digits, mixed-punctuation passwords has more like 70^11 possibilities or roughly 67 bits of entropy. I don't have a program to convert dictionary words into weird things like that - do you?

So my conclusion is exactly the opposite of the strip. Stay away from unadulterated passphrases - they are quite insecure. Stick to strong passwords and come up with a robust method to invent new ones once in a while.

-- Idan
http://hitachi-id.com/


The neat thing is that this exact point has been brought up probably a dozen times already in this thread. And it completely misses the point of the comic.

The 11-character password given does not have 70^11 bits of entropy. If it did, that would imply that, say, 8Juh<3~JKlm and Tr0ub4dor&3 would both be possibilities. But they aren't; only the latter fits the (relatively) easy-to-remember scheme Randall was denouncing.

For the last damn time, the entropy of a password is a function of the scheme used to generate it, not its length. My password could be thirty billion letters long, but if the scheme I used to generate it was "repeat a single lowercase letter thirty billion times," it would have only about 4.7 bits of entropy (assuming the attacker new what scheme I used). On the other hand, I could have a password that is just four characters long, but if each of those characters was randomly chosen from the set of all Unicode characters, it would have more like 67 bits of entropy.

If you pay even a tiny bit of attention to the math Randall put in the comic and make some attempt to understand it, you will realize your mistake.

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 26453
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 0936: "Password Strength"

Postby gmalivuk » Tue Aug 16, 2011 4:57 am UTC

Eebster the Great wrote:The neat thing is that this exact point has been brought up probably a dozen times already in this thread. And it completely misses the point of the comic.
One specific thing people don't seem to get, for which reason I'll put it in extra emphatic bold underlined italics, is that the comic's proposed method of passphrase generation involves picking completely randomly from a list of words.

So all the (completely valid) points shohami made in the linked blog post simply do not apply. Sure, if people are still allowed to come up with their passphrases from their own minds, you'll run into the same problems you get with the shoddy mangling of dictionary words. This is because people are bad at generating randomness without help. This is why normal English only has the aforementioned 1.5 bits or so of entropy per character.

But the point of the comic is that even a high-entropy scheme can produce easy-to-remember results, provided they take the form of something the user can remember better than a random sequence of characters. L_/kv.| is, for many people, not as easy to remember as something like "correct horse battery staple", and yet they both contain the same amount of entropy.

Or, if you prefer the pure number example I mentioned above, "wherever civilization fish chaos tactic" has the same amount of entropy (60 bits) as "3599 1215 1544 1379 2820", but lends itself far more easily to the sort of linguistic and/or visual mnemonic many people seem to prefer.
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

Ehsanit
Posts: 50
Joined: Tue Nov 09, 2010 7:53 pm UTC

Re: 0936: "Password Strength"

Postby Ehsanit » Tue Aug 16, 2011 6:27 am UTC

shohami wrote:On the other hand, that 11 character vaguely-word-like but mixed-case, mixed-digits, mixed-punctuation passwords has more like 70^11 possibilities or roughly 67 bits of entropy. I don't have a program to convert dictionary words into weird things like that - do you?


You mean a typical hybrid dictionary attack?
http://lastbit.com/rm_dictionary.asp
I shan't post links to password cracking software with this functionality, but they certainly do exist.

angelickitty
Posts: 2
Joined: Sun Aug 14, 2011 9:33 am UTC

Re: 0936: "Password Strength"

Postby angelickitty » Tue Aug 16, 2011 8:01 am UTC

jpk wrote:
angelickitty wrote:
jpk wrote:I figured that was what you meant, just wanted to confirm.
I've always figured the correct way to handle passwords is to give people a handful of strong generated passwords to choose from, and let them learn them. Then, don't make them change them over and over, let them actually learn them. Changing passwords for security only makes sense if you know the password has been cracked. Changing the password every three months (or whatever) is idiotic: it enforces weak passwords, and no cracker is going to spend weeks on your password, so at any given time, they're dealing with only one (weak) password, unless you happen to hit it lucky and hit the three-month change while they're actually running their brute-force attack. Moronic.


honestly, i tend to think in most places, (specially work) the three month change is more because IT has become wise that yea, they say not to give a coworker your password because they have their own, but things will happen and someone will still give another their password because its a bad time to get it reset or something.. with the 3 months they are sooner or later forced back to their own. and definitly gets passwordws out of the hands of those who no longer work at the company after a while.


In my world, that's a firing offense. Not because of compromising security, but because I don't want anybody that stupid working for me. Why would you give a co-worker your password?


i wouldnt, and most who cared wouldnt, but ive worked helpdesk/tech support and in callcenter for the last.. 11 years now and yea, people are told not to give their password to a coworker.. but ive still seen it done time and time again. mostly because someone locked themselves out of a system and didnt want to/couldnt take the time it took to get it reset right that moment.. had a coworker who did helpdesk for a corperation once. would tell how once a week the ceo would be calling in to get his passwords reset because his secretary would get him locked out because shed use his act/password because she didnt have the access herself.. you and i can see lots of ways to have resolved that one... but for some reason, some people just dont think theirs something wrong with giving another their password. hence the 3 month policies.

FoolishOwl
Posts: 52
Joined: Mon Jun 29, 2009 8:36 pm UTC
Location: San Francisco, California
Contact:

Re: 0936: "Password Strength"

Postby FoolishOwl » Tue Aug 16, 2011 7:11 pm UTC

My partner just found this: A Grammatically-Correct Random Pass Phrase Generator. Here's what it looks like from the command line:

Code: Select all

$ java password/PassGenerator $PWD/ 5
[83LoopsLitterTyrant]
90LatestLimesSip[]
^CashedVoidBiting44^
50UpendSleepySpices||
!FruitsBowled88Givers!
Attempts: 27
Words: 9901
Combinations: 161814528151
Estimated password strength: 113270169705700
Strength in bits: 46.68676129828373

User avatar
Plasma Mongoose
Posts: 209
Joined: Tue Feb 01, 2011 1:09 am UTC
Contact:

Re: 0936: "Password Strength"

Postby Plasma Mongoose » Tue Aug 16, 2011 9:48 pm UTC

And even the fanciest random password (eg: jv70%^GyvbHGjh#${FVqHlcK19j*^:B) means bugger all if you haven't removed any spyware such as keyloggers from your computer.
A virus walks into a bar, the bartender says "We don't serve viruses in here".
The virus replaces the bartender and says "Now we do!"

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 26453
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 0936: "Password Strength"

Postby gmalivuk » Wed Aug 17, 2011 2:37 am UTC

Isaac wrote:when I changed my gmail password, all the people from my address book disappeared from "people you may know", which might just be coincidence, but I m guessing that facebook held onto my password longer than they claimed to.
While I suppose I wouldn't be hugely surprised if that were the case, I think it's far more likely you yourself authorized facebook to get your address book and then told Google to remember that authorization.

If you're logged into Google, you should be able to go here to see what sites you've authorized.
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

fatray
Posts: 2
Joined: Wed Aug 17, 2011 6:51 am UTC

Re: 0936: "Password Strength"

Postby fatray » Wed Aug 17, 2011 8:09 am UTC

I swear that my bank suggested 'Sally25' as a good example password, they also think drop-down lists are a security feature.

superluser
Posts: 16
Joined: Wed Aug 17, 2011 5:36 am UTC

Re: 0936: "Password Strength"

Postby superluser » Thu Aug 18, 2011 4:40 am UTC

Talking about sites with boneheaded password policies, google for "password manifesto" (can't post links yet).

Actually, if you poke around, you can find 3 different password manifestos, one suggests that

Code: Select all

$cullyRulz2
is better than

Code: Select all

Scully rules, too.
This is not that one.

Another one suggests that password changes should be enforced by having a password cracker running internally for say four hours every week for each password on the local net; if your password gets cracked in, say, four hours, you get to change it immediately. If it doesn't, you get to keep it until it does get cracked. I rather liked that one, but this isn't that one either.

As for this one, you can tell if it's the proper result if this is the summary:

- If nothing else, show the users what options they have for selecting passwords.
we don't need to encourage people to use less secure passwords than they want to

- Allow good passwords.
there's something seriously wrong with your input handling if it can't even be able to handle LadiesMan217

- Allow long passwords.
if every wireless hardware manufacturer has figured out how to implement a 63-character WPA key, there is no reason why every software password system can't allow one that long

- Allow bad passwords.
I understand that you are concerned that your whole database of which username wants to marry which character from Naruto, which is obviously vitally important to keep secure and thus justifies the randomly generated FIPS-181 password that changes once every two weeks and cannot be set by the user

- Use some real thinking to determine when require good or bad passwords.
if you have to enter it every time you come back to your PC or send a message, you'll probably want a short password, while a longer password may be useful for things that you have to do once a day or so.

- Never default to send a user's password via plaintext e-mail without a prior request to do so.
I have had to change passwords on multiple occasions when they were sent to my e-mail address in plaintext, usually as helpful weekly password reminders.

- Security questions should always make the user more secure, not less.
there's no sense in encouraging a user to use a password that, if cracked, can compromise several other accounts

- All passwords should be transmitted through encrypted communications.
if you can't afford to do any encryption at all, consider if you really need users to give you secure passwords if you're not going to keep them secure.

- Passwords should be stored as hashes of the password, not the password itself.
sadly, doing this does mean that you won't be able to alert the user that the third digit of her four digit PIN number is the same as the previous password she used for this account.

- Users should be able to temporarily or permanently disable accounts, removing all passwords from the remote server's database.
whether that's because the user rarely comments, or because the user is paranoid, or because the user gave up the internet for Lent or because the user has been convicted of wire fraud and can't use a computer for the duration of her sentence is irrelevant

- A very long password, like a sentence or some other multi-word phrase may indeed be better than a shorter password, but it might make sense to include it as a sort of two-factor identification.
enter your passphrase at the start of a session, and that passphrase enables the operator to use the shorter password to authenticate when the program notices a five minute idle and logs you out.

ReallyDeepMan
Posts: 4
Joined: Thu Aug 18, 2011 1:48 pm UTC

Re: 0936: "Password Strength"

Postby ReallyDeepMan » Thu Aug 18, 2011 1:54 pm UTC

I don't suppose there's math posted somewhere to illustrate how you got to the 28 and 44 bits of entropy that the argument is based on? (I did a quick search of this thread and didn't see anything to that end)

I'm currently having this discussion with one of our Network guys, and when I presented this comic, he questioned the math involved.

-Eric

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 26453
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 0936: "Password Strength"

Postby gmalivuk » Thu Aug 18, 2011 2:45 pm UTC

ReallyDeepMan wrote:I don't suppose there's math posted somewhere to illustrate how you got to the 28 and 44 bits of entropy that the argument is based on?
As has been stated repeatedly in this thread, the 44 bits from the second one is because there are 2^11 words on the list, and four of them are being picked randomly.

Someone has definitely gone through the math on the first one, as well, and it's pretty much laid out in the comic itself, too.

16 bits for the word itself, because you're probably choosing from around 2^16 relatively uncommon words.
1 bit for capitalizing the first letter, since you may or may not do it (giving 2 possibilities)
3 bits for common substitutions, because he's assuming an average such word will have about three places you could choose whether to replace a letter with a number or with another letter.
4 bits for punctuation, assuming about 16 choices (though this I would personally use 5 bits for, since there are 30 such characters on my keyboard).
3 bits for a digit, since 8 and 10 are pretty close together.
1 bit for not knowing the punctuation/digit order, which can be either of two ways.
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

User avatar
Cosmologicon
Posts: 1806
Joined: Sat Nov 25, 2006 9:47 am UTC
Location: Cambridge MA USA
Contact:

Re: 0936: "Password Strength"

Postby Cosmologicon » Thu Aug 18, 2011 3:04 pm UTC

superluser wrote:google for "password manifesto" (can't post links yet).
- Users should be able to temporarily or permanently disable accounts, removing all passwords from the remote server's database.
whether that's because the user rarely comments, or because the user is paranoid, or because the user gave up the internet for Lent or because the user has been convicted of wire fraud and can't use a computer for the duration of her sentence is irrelevant

Most of that sounds like great advice, but practically speaking, how is this one supposed to work in the temporary case? If the password on the server is deleted, how do you verify that the user is actually themself when they come back to re-enable the account?


Incidentally I changed my password on Facebook about a week ago, and just now I entered the old password by accident. Facebook told me that I entered my old password, and what date I changed it. I can't decide whether I like this feature, as it makes it clear when someone changes your password without your knowledge, but it means that Facebook is remembering your old password. Hmmmm.....

ReallyDeepMan
Posts: 4
Joined: Thu Aug 18, 2011 1:48 pm UTC

Re: 0936: "Password Strength"

Postby ReallyDeepMan » Thu Aug 18, 2011 3:36 pm UTC

gmalivuk wrote:the 44 bits from the second one is because there are 2^11 words on the list, and four of them are being picked randomly.


Where are we getting the 2048 words on the list?

Also, unless a computer is picking our pass-phrases for us, we're unlikely to truly pick 4 random words...

It's more likely that we'll pick a sentence like "my dog eats trians". Whilst pretty unique, it does follow a pattern...

I would assert that the format "adjective noun verb noun" will be more common than a truly random group of words like "correct horse battery staple", and that's going to affect the math.

So, if there were, 2^a common nouns, 2^b common verbs, and 2^c common adverbs & adjectives where 2^a+2^b+2^c=2^11.

I'm going to flat out guess that a=10, and b & c = 9 (so 50% of those common words are nouns, 25% are verbs, 25% are adjectives or adverbs). And I'm just going to flat out ignore that some words could be in multiple categories.

Anybody who picks a sentence format similar to mine would have 2^(9+10+9+10)=2^38

Of course, compared to 2^28 for a password, that's still quite a bit better...

User avatar
Eebster the Great
Posts: 3085
Joined: Mon Nov 10, 2008 12:58 am UTC
Location: Cleveland, Ohio

Re: 0936: "Password Strength"

Postby Eebster the Great » Thu Aug 18, 2011 4:13 pm UTC

Cosmologicon wrote:Incidentally I changed my password on Facebook about a week ago, and just now I entered the old password by accident. Facebook told me that I entered my old password, and what date I changed it. I can't decide whether I like this feature, as it makes it clear when someone changes your password without your knowledge, but it means that Facebook is remembering your old password. Hmmmm.....

As long as it's stored as a hash, I don't really see what the danger is here.


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: Google Feedfetcher and 32 guests