skitzophrenick wrote:As soon as you include punctuation, typos, and capitals it changes, but it seems to me that using plain english words, the example weve been given is wrong. Assuming access to the entire ASCII set for a password 11 chars long, with no knowledge of password length thats sum(256.^[1:11]), which on a log scale is ~61, for a 4 word password assuming OED is correct in suggesting there are 171,476 words in common use in the english language thats sum(171476.^[1:4]) which on a log scale is ~48. So the natural language password is easier to beat by dictionary attack than the "traditional" password is to beat by normal brute force. For the "traditional" password to be easier youd have to have access to less than 80 of the 256 ASCII chars, and a standard keyboard has easy access to over 90, so thats unlikely.
A further consideration is minimum password lengths, in which case if we set an arbitrary minimum of 6, the traditional password, at 90 possibilities (trying to make it easier here) is log(sum(90.^[6:11])) which is still ~49 on log scale, and so without removing ANY of the words less than 6 chars from the dictionary, its still easier to do a dictionary attack on the natural-language password than the traditional password with a restricted characterset.
If I am wrong, please tell me why
You're missing the part where almost nobody can remember gibberish. The vast majority of people choose an uncommon word and twerk it, so that they can remember it. The average dictionary has around 50,000 words, so 2^16 bits of entropy covers most people's word choice options. This slashes about 40 orders of magnitude off of your password's maximum complexity. Assuming 8 common systems for twerking dictionary words, the 2^71 password complexity becomes ~2^31 (2^28 was assuming only one system, 8 covers vast majority of methods for twerking a given word).
Basically, you've made the same mistake that most high-level security folks do: you've forgotten about the user. The end user always has been and always will be the weakest link in the chain. If you fail to take into account the user's capabilities your security scheme will suffer greatly.
As a poignant real-life example that drove this problem home for me, I used to work at an Army National Guard armory, and of course they had the tightest computer security policies I've ever personally had to deal with. Security was so tight, in fact, that it was next to worthless. Here is how it was supposed to work, and why it didn't: To log in to a machine, you needed a common access card (aka CAC) and an 8 digit all-numeric PIN. The idea was to have a unique ID card and an easy to remember number for access - between the two of them the system was nigh unbreakable. The devil is in the details, though. The policy was if you missed your pin three times, your CAC was locked out. Annoying, but so far not a real problem. The real flaw in the system was that you couldn't just call up the help desk, get your CAC unlocked, and try again. No, you had to visit the CAC office in person, do a fingerprint scan to verify your identity, and then create a new PIN for your CAC. I want to say it again: any time you screwed up your pin, your CAC had to be re-set in person!
The PIN could not be the same as the last six or eight (I don't remember exactly) PINs you used, to boot. The end result was that between verifying your fingerprint and coming up with a new PIN, you spent at least 10 minutes at the office re-setting your CAC when it was locked out. What's more, because you had such difficulty coming up with a new PIN, you were more apt to forget that PIN later. Because of this the CAC office had at least 5-10 people in line to reset their CAC at any give time. If you locked your CAC out you could expect to spend an hour or more getting your card re-set.
So what was the real security picture at the armory? Even though it was a potentially fireable offense, most people kept sticky notes of their PIN on their monitors to avoid having to go to the CAC office and waste a couple hours of their day, completely defeating the purpose of the PIN. Furthermore, since the CAC had to be in the computer to use the machine, instead of simply swiped or scanned, it was very common for people to step out of the office momentarily and leave their CAC behind (especially those who were most forgetful - who also were most likely to have a sticky of their PIN!). As most people in an office environment know, stepping out for "just a moment" can easily turn into a 20-30 minute absence from the office. You could stroll through the armory at any given time and find a dozen or more empty, open offices with CAC cards in the machines and PINs pasted to the monitors, making all that security worthless. So many people had difficulty with the system that firing was impractical, eliminating the motivation to avoid such behavior.
You can't accurately judge the strength of your system without taking in to account the end user. This is why, though randomized pass-phrases made of common words seem inferior to complex passwords, they are actually much more secure in practice. They have a much higher minimum
complexity, and are much easier to remember, two critical weak points of complex passwords. Also, it is much easier to increase the complexity of a pass-phrase significantly without seriously impacting the user's ability to remember the pass-phrase. Adding just one more word bumps the complexity up to 2^55, while making the pass-phrase only a little bit harder to remember (i.e. correct horse staple button flashlight - just picture a flashlight saying "correct" and you've got a new mnemonic that will stick with you). You can't add 11 bits of complexity to a password without making it much more difficult to remember.
With some practice, most people could remember 10 common words reliably. That's 2^110 combinations for a brute force attack. Services like OpenID will probably be ubiquitous before that becomes necessary, however.