0936: "Password Strength"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

Jeff S
Posts: 20
Joined: Mon Apr 25, 2011 12:55 pm UTC

Re: 0936: "Password Strength"

Postby Jeff S » Wed Aug 10, 2011 8:40 pm UTC

TaylorP wrote:
Anonymously Famous wrote:This is what I do when it comes to choosing my passwords (and be warned, it's really brilliant):
Spoiler:
I don't tell people the method(s) I use to choose my passwords.


Amazing, right?


Haha! Now that we know your method we can- wait. :?

I'm personally interested in using biometric scanners for passwords. That sort of technology is still years away from entering mainstream use, though.


Isn't a password which can't be changed a bad idea? Note, by the way, that when people think of biometric scanners, they think that means you (or at least part of your body, e.g. a bloody thumb or eyeball) must be present for the machine to read you. Which might be true in a highly secured government facility where the security people would see you attempting to modify the security system, if you tried, but would be utterly useless for online systems.

Why? Because at the end of the day, the biometric scanner generates some sort of data which represents what it scanned. Someone could just as easily send pre-recorded data, with no actual physical scanner, and you not actually having been scanned for that particular access.

Also, at the end of the day, I don't want to give anyone incentive to cut off bits of my body, or kidnap me.

User avatar
Cosmologicon
Posts: 1806
Joined: Sat Nov 25, 2006 9:47 am UTC
Location: Cambridge MA USA
Contact:

Re: 0936: "Password Strength"

Postby Cosmologicon » Wed Aug 10, 2011 8:42 pm UTC

Anonymously Famous wrote:This is what I do when it comes to choosing my passwords (and be warned, it's really brilliant):
Spoiler:
I don't tell people the method(s) I use to choose my passwords.

Ah.... security through obscurity. In short, no, it's not brilliant. Have you ever heard anyone who knows about security suggest "Come up with your own method and don't tell anyone what it is?"

If you really know what you're doing, not telling anyone your method is probably fine. In this case, though, you can probably reveal your methods and still be equally fine.

If you're just a random user and you don't understand such concepts as calculating entropy, then by keeping your method secret, you're just running the risk of never being told what a terrible, terrible method you have. Judging by some of the methods posted in this thread, that's all too likely.

I would say that keeping it a secret is probably more likely to hurt you than help you, and that's assuming you don't get any false sense of security from it.

Glass Fractal
Posts: 497
Joined: Thu May 13, 2010 2:53 am UTC

Re: 0936: "Password Strength"

Postby Glass Fractal » Wed Aug 10, 2011 9:01 pm UTC

I just write down my important passwords because the only kind of attack that's going to happen to them is random brute force attacks. No one is going to break into my house and go through all my stuff to find the card where it's all written. Admittedly, this would be a problem if I traveled a lot since keeping the car in my wallet seems like a bad idea.

Andrusi
Posts: 52
Joined: Wed Mar 28, 2007 9:43 pm UTC
Location: YES TOWN
Contact:

Re: 0936: "Password Strength"

Postby Andrusi » Wed Aug 10, 2011 9:07 pm UTC

goibee wrote:I get the point that Randall is making, that we are making an error in the way we are encouraging people to exchange passwords. But could someone explain to a layman who knows little about computers why 4 random words are harder to guess then the random gibberish and what all those squares and stuff mean

thanks :)

Because the random gibberish isn't actually random gibberish--it's a real word that's been modified in a few ways. The thing is, there are only so many ways people think of to modify one word, but there are lots of ways you could just add three more words.

Comparison: I'm thinking of two numbers. I came up with the first one by taking a single digit, and picking two out of 0, 1/2, 1/4, and 1/8 to add to it. The second is a four-digit number with only the digits 1-5. The first one will give a more complicated-looking number, but the second one will be harder to guess because there are more different things it could be.
Not named Dennis Miller.

NukemHill
Posts: 9
Joined: Thu Jan 13, 2011 9:47 pm UTC

Re: 0936: "Password Strength"

Postby NukemHill » Wed Aug 10, 2011 9:11 pm UTC

One method that I used to use, and no longer use, was to pick a friend and interleave their name and phone number, or part of their phone number, ie if I have a friend Steve whose number is 555-3592, it would be S3t5e9v2e.


Gee, I always use my pet's name, plus the name of the street I--

Oh. Wait.

rednebmas
Posts: 1
Joined: Wed Aug 10, 2011 9:10 pm UTC

Re: 0936: "Password Strength"

Postby rednebmas » Wed Aug 10, 2011 9:14 pm UTC

Can someone explain Wolfram|Alpha says that is going to take a billion years to crack and the comic says 3 days?

http://www.wolframalpha.com/input/?i=analyze+password+Tr0ub4dor%263
http://www.wolframalpha.com/input/?i=analyze+password+correcthorsebatterystaple

Anonymously Famous
Posts: 240
Joined: Thu Nov 18, 2010 4:01 am UTC

Re: 0936: "Password Strength"

Postby Anonymously Famous » Wed Aug 10, 2011 9:38 pm UTC

Cosmologicon wrote:Ah.... security through obscurity. In short, no, it's not brilliant. Have you ever heard anyone who knows about security suggest "Come up with your own method and don't tell anyone what it is?"

Did I at any time say that I came up with my own?
If you really know what you're doing, not telling anyone your method is probably fine.

Then that's what I'll do.

bigjeff5
Posts: 127
Joined: Tue Nov 10, 2009 3:59 am UTC

Re: 0936: "Password Strength"

Postby bigjeff5 » Wed Aug 10, 2011 9:39 pm UTC

skitzophrenick wrote:As soon as you include punctuation, typos, and capitals it changes, but it seems to me that using plain english words, the example weve been given is wrong. Assuming access to the entire ASCII set for a password 11 chars long, with no knowledge of password length thats sum(256.^[1:11]), which on a log scale is ~61, for a 4 word password assuming OED is correct in suggesting there are 171,476 words in common use in the english language thats sum(171476.^[1:4]) which on a log scale is ~48. So the natural language password is easier to beat by dictionary attack than the "traditional" password is to beat by normal brute force. For the "traditional" password to be easier youd have to have access to less than 80 of the 256 ASCII chars, and a standard keyboard has easy access to over 90, so thats unlikely.

A further consideration is minimum password lengths, in which case if we set an arbitrary minimum of 6, the traditional password, at 90 possibilities (trying to make it easier here) is log(sum(90.^[6:11])) which is still ~49 on log scale, and so without removing ANY of the words less than 6 chars from the dictionary, its still easier to do a dictionary attack on the natural-language password than the traditional password with a restricted characterset.

If I am wrong, please tell me why


You're missing the part where almost nobody can remember gibberish. The vast majority of people choose an uncommon word and twerk it, so that they can remember it. The average dictionary has around 50,000 words, so 2^16 bits of entropy covers most people's word choice options. This slashes about 40 orders of magnitude off of your password's maximum complexity. Assuming 8 common systems for twerking dictionary words, the 2^71 password complexity becomes ~2^31 (2^28 was assuming only one system, 8 covers vast majority of methods for twerking a given word).

Basically, you've made the same mistake that most high-level security folks do: you've forgotten about the user. The end user always has been and always will be the weakest link in the chain. If you fail to take into account the user's capabilities your security scheme will suffer greatly.

As a poignant real-life example that drove this problem home for me, I used to work at an Army National Guard armory, and of course they had the tightest computer security policies I've ever personally had to deal with. Security was so tight, in fact, that it was next to worthless. Here is how it was supposed to work, and why it didn't: To log in to a machine, you needed a common access card (aka CAC) and an 8 digit all-numeric PIN. The idea was to have a unique ID card and an easy to remember number for access - between the two of them the system was nigh unbreakable. The devil is in the details, though. The policy was if you missed your pin three times, your CAC was locked out. Annoying, but so far not a real problem. The real flaw in the system was that you couldn't just call up the help desk, get your CAC unlocked, and try again. No, you had to visit the CAC office in person, do a fingerprint scan to verify your identity, and then create a new PIN for your CAC. I want to say it again: any time you screwed up your pin, your CAC had to be re-set in person! The PIN could not be the same as the last six or eight (I don't remember exactly) PINs you used, to boot. The end result was that between verifying your fingerprint and coming up with a new PIN, you spent at least 10 minutes at the office re-setting your CAC when it was locked out. What's more, because you had such difficulty coming up with a new PIN, you were more apt to forget that PIN later. Because of this the CAC office had at least 5-10 people in line to reset their CAC at any give time. If you locked your CAC out you could expect to spend an hour or more getting your card re-set.

So what was the real security picture at the armory? Even though it was a potentially fireable offense, most people kept sticky notes of their PIN on their monitors to avoid having to go to the CAC office and waste a couple hours of their day, completely defeating the purpose of the PIN. Furthermore, since the CAC had to be in the computer to use the machine, instead of simply swiped or scanned, it was very common for people to step out of the office momentarily and leave their CAC behind (especially those who were most forgetful - who also were most likely to have a sticky of their PIN!). As most people in an office environment know, stepping out for "just a moment" can easily turn into a 20-30 minute absence from the office. You could stroll through the armory at any given time and find a dozen or more empty, open offices with CAC cards in the machines and PINs pasted to the monitors, making all that security worthless. So many people had difficulty with the system that firing was impractical, eliminating the motivation to avoid such behavior.

You can't accurately judge the strength of your system without taking in to account the end user. This is why, though randomized pass-phrases made of common words seem inferior to complex passwords, they are actually much more secure in practice. They have a much higher minimum complexity, and are much easier to remember, two critical weak points of complex passwords. Also, it is much easier to increase the complexity of a pass-phrase significantly without seriously impacting the user's ability to remember the pass-phrase. Adding just one more word bumps the complexity up to 2^55, while making the pass-phrase only a little bit harder to remember (i.e. correct horse staple button flashlight - just picture a flashlight saying "correct" and you've got a new mnemonic that will stick with you). You can't add 11 bits of complexity to a password without making it much more difficult to remember.

With some practice, most people could remember 10 common words reliably. That's 2^110 combinations for a brute force attack. Services like OpenID will probably be ubiquitous before that becomes necessary, however.

User avatar
Cosmologicon
Posts: 1806
Joined: Sat Nov 25, 2006 9:47 am UTC
Location: Cambridge MA USA
Contact:

Re: 0936: "Password Strength"

Postby Cosmologicon » Wed Aug 10, 2011 9:51 pm UTC

Anonymously Famous wrote:
If you really know what you're doing, not telling anyone your method is probably fine.

Then that's what I'll do.

Ah great, how many bits of entropy does your method give you?

User avatar
Munksgaard_
Posts: 16
Joined: Tue Nov 27, 2007 9:14 pm UTC
Location: Denmark

Re: 0936: "Password Strength"

Postby Munksgaard_ » Wed Aug 10, 2011 10:05 pm UTC

If you like password security across websites, check out this browser add-on my friend made:

https://github.com/brinchj/RndPhrase/wiki

A little writing about it:
http://brinchj.blogspot.com/

Put simply, you define a seed that goes for all websites. Then, when you go to a site and want to enter your password, simply, with the cursor in the password field, press '@' and type any password of your choice. The add-on will then create a very secure hashed value, based on the seed, your password and the domain at which you are entering the password. This way, you can use the same password, like hunter2, on all websites, but the password actually sent to the server is a 256-bit pseudo-random number.

I've been using it for years, and it's very easy and hassle-free (when you are on your own computer).

Tip: if you are on a computer without the add-on installed, simply go to http://rndphrase.appspot.com and get your password there.
"Under the spreading chestnut tree,
I sold you and you sold me"

CharonPDX
Posts: 53
Joined: Wed Apr 27, 2011 4:55 am UTC

Re: 0936: "Password Strength"

Postby CharonPDX » Wed Aug 10, 2011 10:18 pm UTC

A co-worker has created an xkcd-compliant password generator:
http://slid3r.com/passGen

Enjoy.

User avatar
Cosmologicon
Posts: 1806
Joined: Sat Nov 25, 2006 9:47 am UTC
Location: Cambridge MA USA
Contact:

Re: 0936: "Password Strength"

Postby Cosmologicon » Wed Aug 10, 2011 10:24 pm UTC

CharonPDX wrote:A co-worker has created an xkcd-compliant password generator:
http://slid3r.com/passGen

Enjoy.

Not bad, but it kind of defeats the purpose if it uses words that are difficult to memorize (I got "composites vagaries oakum renovator"). Can it have an option to use a common/short word list? Also HTTPS?

tknelms
Posts: 1
Joined: Wed Aug 10, 2011 11:11 pm UTC

Re: 0936: "Password Strength"

Postby tknelms » Wed Aug 10, 2011 11:15 pm UTC

Fun fact: while most of your commonplace words are in the dictionary, there are a lot of memorable words that are not. Names taken from fantasy or mythology, for instance.

Isaac
Posts: 26
Joined: Sat Jan 17, 2009 12:49 pm UTC

Re: 0936: "Password Strength"

Postby Isaac » Wed Aug 10, 2011 11:16 pm UTC

Unknownlight wrote:Or you can just think of one, perfect, amazing password, and use LastPass for everything else.

You can have a fifty-digit stream of random characters for your bank account password if you want. :D


dude, facebook wanted my gmail password so that it could find friends for me in my address book...... lastpass gave it to them. All of a sudden a bunch of people i'd only ever contacted while looking for an apartment on craigslist start popping up under "people you may know"..... after that I switched to keepassx and changed almost all my passwords (I think the password for an ogame.org account that I haven't used in years is unchanged)..... but the extra scary thing is that when I changed my gmail password, all the people from my address book disappeared from "people you may know", which might just be coincidence, but I m guessing that facebook held onto my password longer than they claimed to......


TomeWyrm wrote:.... Hell most of my security questions are stupidly laughable if anyone knows even the remotest bit of information about me. Either the answer changes over time, or it's public knowledge. Wow, I need to know my target's aunt's name... a few minutes on Google and voila, account hacked.


I treat all security questions as passwords. I typically just input some crypto jibberish that I don't bother to save on my computer so that it becomes impossible for me to answer my own security question..... recently gmail asked me to answer my security question, this has caused problems. But yea, my mom has a hyphenated last name and used to be a journalist, so anyone who knows both my last name and what paper my mom worked for can find her maiden name very easily..... also, most account "hackings" are just your "friends" guessing your password, it's like I better avoid letting my friends know anything about me.

User avatar
TaylorP
Posts: 60
Joined: Mon Jul 18, 2011 5:08 am UTC
Location: Ontario, Canada
Contact:

Re: 0936: "Password Strength"

Postby TaylorP » Wed Aug 10, 2011 11:17 pm UTC

CharonPDX wrote:A co-worker has created an xkcd-compliant password generator:
http://slid3r.com/passGen

Enjoy.


fingerboards aroused panhandlers petroleum :|

I like the idea, but I agree that it might work better if it had a "Simple English Wiki" option for the words.

Anonymously Famous
Posts: 240
Joined: Thu Nov 18, 2010 4:01 am UTC

Re: 0936: "Password Strength"

Postby Anonymously Famous » Wed Aug 10, 2011 11:59 pm UTC

Cosmologicon wrote:
Anonymously Famous wrote:
If you really know what you're doing, not telling anyone your method is probably fine.

Then that's what I'll do.

Ah great, how many bits of entropy does your method give you?

You know, you kind of sound like a bully.

Fine, I don't know how to calculate the number of bits of entropy. But now I'm going to learn.

And now, one of the methods, to give you an idea:
Three words. A digit of arbitrary length, put at any of the locations between the words (including the beginning or end). A short string of symbols between put at any of the locations between the words/number (again, including the beginning or end). (All subject to the site's maximum password length. I truncate the words if I have to)

That's not the only method, but it is one of them. Now, since I've admitted that I lack in password security theory, would you please let me know, by this example, if I have a lot of room to improve?

Ophiucha
Posts: 3
Joined: Wed Jun 02, 2010 8:51 am UTC
Location: Vancouver, BC
Contact:

Re: 0936: "Password Strength"

Postby Ophiucha » Thu Aug 11, 2011 1:14 am UTC

I don't have a consistent method, but one of my favourites is mixing languages. This, perhaps, works best because I've taken classes in eight languages (though I am certainly only fluent in English), and forcing them into something resembling a sentence with no sensible grammar. To make an example, let's say I want my password to be 'I love you', English structure. Watashi is Japanese for 'I' (sometimes), Aime is French for '<I> like/love', and 'tusa' is the Gaelic word for 'you' (sometimes). Give it some liberties, Watash'aimetusa. I tend to make rules for letter-number substitution, as well, to prevent the first problem from coming in. Like, only substitute numbers if it's the only occurrence of that vowel in the password (that is, russianmafia becomes r6ssianmafia), only substitute certain letters (russi4nm4fi4), or only substitute in letters that occur more than once, but only the first time (ru5s14nmafia).

Jeff S
Posts: 20
Joined: Mon Apr 25, 2011 12:55 pm UTC

Re: 0936: "Password Strength"

Postby Jeff S » Thu Aug 11, 2011 1:20 am UTC

Anonymously Famous wrote:
Cosmologicon wrote:
Anonymously Famous wrote:
If you really know what you're doing, not telling anyone your method is probably fine.

Then that's what I'll do.

Ah great, how many bits of entropy does your method give you?

You know, you kind of sound like a bully.

Fine, I don't know how to calculate the number of bits of entropy. But now I'm going to learn.

And now, one of the methods, to give you an idea:
Three words. A digit of arbitrary length, put at any of the locations between the words (including the beginning or end). A short string of symbols between put at any of the locations between the words/number (again, including the beginning or end). (All subject to the site's maximum password length. I truncate the words if I have to)

That's not the only method, but it is one of them. Now, since I've admitted that I lack in password security theory, would you please let me know, by this example, if I have a lot of room to improve?


Well, I might screw this up, but I'll give it a try:

First, what do you mean by, "A digit of arbitrary length"? A digit is always one character? I guess you mean a random numeric value comprised of, possibly, more than a single digit? You can't meaningfully speak of the amount of entropy unless there is an 'upper-bound' to the length of the number, e.g. 10 decimal places. Since I don't know what upper bound, in practice, you might employ, let's use a symbolic variable name to represent the number of bits of entropy for the number, numBits.

For the string of symbols, there are 32 non-alphanumeric symbols/punctuation on a standard U.S. keyboard, so if your passwords are constrained to that set of symbols (and not further constrained by the password program reserving some symbols as 'illegal'), each character in the string provides 5 additional bits of entropy, so the total entropy is (numChars * 5) bits, lets call that symBits.

I dunno if Randall is correct about claiming 11 bits of entropy for common words, and 16 bits for less common words, so I'll just use the symbolic variable name wordBits to represent that value.

Since you might put the number at any word boundary (including beginning or end), and also with the string of symbols, we have 4 total word boundaries where those 2 strings might appear (once each), so there's 4 * 4 = 16 = 4 bits of entropy provided by the fact the number and symbol string can appear at any of those locations.

So, I think the total bits of entropy, if I did the analysis correctly (I don't claim to be an expert, but I've learned a little bit about this) is:

numBits + symBits + 4 + (wordBits * 3)

So, as a starting point, if numBits is, say, 23 (meaning your numeric value might have an upper boundary of about 10 million), numChars is, say 5 which gives symBits = 25, assuming you use common words to remember more easily, then let's take wordBits = 11, then I *think* your total entropy in this scenario would be:

23 + 25 + 4 + ( 11 * 3 = 33) = 85 bits of entropy, which would be close to twice the amount of entropy of Randall's suggestion (though also a bit more tedious to remember).

If you use that, I think it would render such a complex password (if I did the calculation correctly) that you needn't worry that people know the heuristic - knowing the heuristic is not going to meaningfully reduce the number of bits of entropy to a point where anyone can easily brute-force their way through the search-space. If someone can check 10 Billion passwords per second, it would take them around 600 Million years to brute force such a password (on average - the worst case scenario is 1.2 Billion years, but I believe you typically take 1/2 the worst case scenario to yield what would be the "average" search time; that is, I could get phenomenally lucky and guess your password the very first try, but in the average case, would take 600M years - again, presuming I calculated the bits of entropy correctly).

lingomaniac88
Posts: 127
Joined: Wed Apr 09, 2008 2:52 am UTC

Re: 0936: "Password Strength"

Postby lingomaniac88 » Thu Aug 11, 2011 1:31 am UTC

rednebmas wrote:Can someone explain Wolfram|Alpha says that is going to take a billion years to crack and the comic says 3 days?

http://www.wolframalpha.com/input/?i=an ... ub4dor%263
http://www.wolframalpha.com/input/?i=an ... terystaple


Probably because WolframAlpha assumes that the person trying to crack your password is using pure brute force and trying every possible combination rather than the algorithm suggested in the comic.

WolframAlpha seems to be kind of weird with password analysis. According to WolframAlpha, the password "ranybioernboaifng" (which I generated by just randomly hitting keys) is very weak. I imagine that if you generate a password by randomly hitting keys, you're bound to get something that's pretty hard to replicate. It'd be pretty hard to memorize, too, but that's not what I'm focusing on.
http://www.wolframalpha.com/input/?i=an ... ernboaifng
"It is common sense to take a method and try it. If it fails, admit it frankly and try another. But above all, try something."
-- Franklin D. Roosevelt

User avatar
Cosmologicon
Posts: 1806
Joined: Sat Nov 25, 2006 9:47 am UTC
Location: Cambridge MA USA
Contact:

Re: 0936: "Password Strength"

Postby Cosmologicon » Thu Aug 11, 2011 1:53 am UTC

Anonymously Famous wrote:You know, you kind of sound like a bully.

Fine, I don't know how to calculate the number of bits of entropy. But now I'm going to learn.

And now, one of the methods, to give you an idea:
Three words. A digit of arbitrary length, put at any of the locations between the words (including the beginning or end). A short string of symbols between put at any of the locations between the words/number (again, including the beginning or end). (All subject to the site's maximum password length. I truncate the words if I have to)

That's not the only method, but it is one of them. Now, since I've admitted that I lack in password security theory, would you please let me know, by this example, if I have a lot of room to improve?

Heck, I'm sorry, I didn't mean to be a bully. I thought your first post seemed condescending and I wanted to make a point about security through obscurity, but I shouldn't have taken it out on you.

Anyway, it sounds pretty good. I mostly agree with Jeff S, but it depends exactly how you choose your words, numbers, and symbols, so I get a somewhat different answer. Assume you choose your 3 words from a word list of 2000, and there are 20 places to put your digit (chosen from 10) and 20 places to put your symbols (which are 3 symbols chosen from a set of 32), that's:

2000^3 x 20 x 10 x 20 x 32^3 = 1048576000000000000

possible passwords. That's around 60 bits of entropy, because it's close to 2^60. That's really secure. If Jeff S is right and it's closer to 85, that's extremely secure. As long as you're fine remembering a 24-character password, sounds good to me. :) I've said enough in this thread, so I'll shut up now.

Anonymously Famous
Posts: 240
Joined: Thu Nov 18, 2010 4:01 am UTC

Re: 0936: "Password Strength"

Postby Anonymously Famous » Thu Aug 11, 2011 2:17 am UTC

Jeff S wrote:First, what do you mean by, "A digit of arbitrary length"?

Sorry. I did mean number.

And thank you (and Cosmologicon) for helping me to figure out the approximate bits of entropy. Like I said, I'll need to look into it.

My whole "not sharing my method(s)" thing was based on the logic that "even if I have a fairly secure password anyway, I don't want to give my algorithm(s) away to make it any easier for people to target me." It's better if they think it's a truly random sequence of characters so that they have to exhaust more possibilites.

jpgoldberg
Posts: 5
Joined: Wed Aug 10, 2011 11:19 pm UTC

Re: 0936: "Password Strength"

Postby jpgoldberg » Thu Aug 11, 2011 2:20 am UTC

This particular comic has said in a few panels what I've gone to great length to explain elsewhere. I love it.

I've now posted an explanation of why this comic gets it right for people unfamiliar with some of the concepts and math. The crucial concept is that that strength of a password comes not from how long it is and what character set it is drawn from but by but how many ways you could get a different result using the same system. If a system only can produce a small number of passwords, it doesn't matter how many digits and symbols it has.

Anyway, my post is here.

http://blog.agilebits.com/2011/08/better-master-passwords-the-geek-edition/

(I'm new here, so I guess I'm not allowed to post active links, so you just gotta copy and paste.)

I also would love to know whether Randell was familiar with what I've already written about this. "Password Strength" really does sum up my previous post on the topic (linked to in the new post).

Cheers,

-j

User avatar
jonadab
Posts: 79
Joined: Fri Oct 08, 2010 11:31 am UTC
Location: Ohio
Contact:

Re: 0936: "Password Strength"

Postby jonadab » Thu Aug 11, 2011 2:36 am UTC

Unicode is a bright idea!


For a completely naive brute-forcing algorithm, Unicode effectively just makes the password slightly longer. (If *all* combinations of bits were possible, one sixteen-bit character would theoretically be worth two eight-bit characters, and one thirty-two bit character would be worth four. In practice it's not nearly that good, because most of the possible combinations of bits don't correspond to valid Unicode characters.)

For an intelligent algorithm, Unicode is more or less irrelevant. Either the dictionary word that's being tried contains an oddball character or it does not. Either the substitution that's being tried substitutes in a non-ASCII character or it does not. On the whole, the main function of Unicode in a password would be to make it harder to remember (unless you are actually literate in the language or writing system involved, of course: δικαιοσύνη would be very easy for me to remember, albeit not so easy to type, but it would be nightmarishly hard for someone who doesn't know any Greek). For added bonus points, using Unicode characters also means the password won't work with lame authentication systems that only support a limited range of characters. (Well-designed authentication systems treat the password as an array of arbitrarily many completely arbitrary byte values, so no character you can put in it makes any difference to the software's functionality: punctuation, Unicode, spaces, tabs, carriage returns, linefeeds, quotes, backslashes, backspaces, whatever: if you can somehow manage to input it, it should work fine; but there are plenty of not-so-well-designed systems out there.)

They enforce passwords with a capital, and a number.


That particular combination of requirements happens to coincide with what MS Active Directory requires, so it's possible that your sysadmins didn't make up that requirement: they may simply have built their infrastructure around MSAD, either because they're not too bright, or more likely because it's required for some of the line-of-business software that they are required to support. (I have one subnet at work with this requirement, because a rather important piece of software that we use is built on the Microsoft stack. This is not something we can replace with an off-the-shelf substitute. It's "let us know you're interested and we'll fly in a sales team" stuff. Needless to say I keep it as firewalled-off from the rest of the network as I possibly can.)

The English Language has, say, 10k common words (and that's being exceedingly generous with the term 'common').


I tend to agree (and advocate using any words you can remember, not just common ones), although I suppose it is possible to imagine that someone might define "common" as "common enough to be in the spelling dictionary", which would yield a rather larger figure than 10k. Spelling dictionaries do tend to be rather exiguous (compared to other kinds of dictionaries), excluding any word that they don't think hoi polloi use very often -- people who indiscriminately use any lexical item we happen to have in our memory that conveys the relevant idea frequently get annoyed at how MANY perfectly cromulent words are simply not included -- but even for a spelling dictionary 10k words would be pretty meager.

Am I the only one who knows about this site? https://www.grc.com/haystack.htm


There are some problems with that. Most notably, I am uncomfortable with the assumption it makes about how many guesses are possible per second. There are also some limitations (which the text on the page freely admits), most notably, it completely ignores the possibility of a dictionary attack, which is substantially the most common kind of attack. It claims a cracking time measured in *centuries* for an eight-letter all-lowercase purely-alphabetic password, which seems extremely optimistic to me. As a properly paranoid network administrator, the only time I use a password shorter than 20 characters is when Security Just Plain Does Not Matter (e.g., when the account is just for leaving comments on some random blog) or when unobserved login attempts (including remote ones) are impossible barring total failure some significantly more important security measure.

I express password strength numerically as the natural log of the number of distinct possible passwords following the same format or template, whatever that may be. If you concatenate three random entries from /usr/share/dict/words, and there are 98569 thousand entries in that file, then the strength is ln(98568*98569*98568), or about 34.5. Ten random mixed-case alphanumeric characters gives you a strength of around 35.8 -- slightly higher, but much harder to memorize. Four random words (with the same dictionary as above) yields a complexity of 46: to do better than that with mixed-case alphanumerics you need at least thirteen characters. If you throw in punctuation (randomly selected from the ones on a standard US keyboard), you still need eleven characters. These numbers are roughly consistent with the comic's claims, if you accept the entire contents of the spelling dictionary as common English words.

The above figures assume you intermix all the character types arbitrarily (limiting the results only to ensure that at least one of each type of character occurs, because attackers *will* try simpler patterns first). More limited formats have lower complexity, especially common ones that attackers are likely to code for. This is a major gotcha that a lot of naive people miss when creating "secure" passwords. For example, capitalizing only the first character of the password adds almost no complexity compared to all-lowercase. Appending numeric digits only on the end adds very little complexity compared to an all-alphabetic password. Sandwiching (single-character) numbers or punctuation between dictionary words is not significantly better than just concatenating the dictionary words together. If you start from a dictionary word and perform common substitutions (like 0 for o or 4 for "for"), it does matter how many substitutions you perform -- changing two characters is better than changing just one (but making all possible changes is worse than only doing half of them).

User avatar
addams
Posts: 9343
Joined: Sun Sep 12, 2010 4:44 am UTC
Location: Gold Beach, OR; 97444

Re: 0936: "Password Strength"

Postby addams » Thu Aug 11, 2011 2:43 am UTC

bigjeff5 wrote:
skitzophrenick wrote:As soon as you include punctuation, typos, and capitals it changes, but it seems to me that using plain english words, the example weve been given is wrong. Assuming access to the entire ASCII set for a password 11 chars long, with no knowledge of password length thats sum(256.^[1:11]), which on a log scale is ~61, for a 4 word password assuming OED is correct in suggesting there are 171,476 words in common use in the english language thats sum(171476.^[1:4]) which on a log scale is ~48. So the natural language password is easier to beat by dictionary attack than the "traditional" password is to beat by normal brute force. For the "traditional" password to be easier youd have to have access to less than 80 of the 256 ASCII chars, and a standard keyboard has easy access to over 90, so thats unlikely.

A further consideration is minimum password lengths, in which case if we set an arbitrary minimum of 6, the traditional password, at 90 possibilities (trying to make it easier here) is log(sum(90.^[6:11])) which is still ~49 on log scale, and so without removing ANY of the words less than 6 chars from the dictionary, its still easier to do a dictionary attack on the natural-language password than the traditional password with a restricted characterset.

If I am wrong, please tell me why


You're missing the part where almost nobody can remember gibberish. The vast majority of people choose an uncommon word and twerk it, so that they can remember it. The average dictionary has around 50,000 words, so 2^16 bits of entropy covers most people's word choice options. This slashes about 40 orders of magnitude off of your password's maximum complexity. Assuming 8 common systems for twerking dictionary words, the 2^71 password complexity becomes ~2^31 (2^28 was assuming only one system, 8 covers vast majority of methods for twerking a given word).

Basically, you've made the same mistake that most high-level security folks do: you've forgotten about the user. The end user always has been and always will be the weakest link in the chain. If you fail to take into account the user's capabilities your security scheme will suffer greatly.

As a poignant real-life example that drove this problem home for me, I used to work at an Army National Guard armory, and of course they had the tightest computer security policies I've ever personally had to deal with. Security was so tight, in fact, that it was next to worthless. Here is how it was supposed to work, and why it didn't: To log in to a machine, you needed a common access card (aka CAC) and an 8 digit all-numeric PIN. The idea was to have a unique ID card and an easy to remember number for access - between the two of them the system was nigh unbreakable. The devil is in the details, though. The policy was if you missed your pin three times, your CAC was locked out. Annoying, but so far not a real problem. The real flaw in the system was that you couldn't just call up the help desk, get your CAC unlocked, and try again. No, you had to visit the CAC office in person, do a fingerprint scan to verify your identity, and then create a new PIN for your CAC. I want to say it again: any time you screwed up your pin, your CAC had to be re-set in person! The PIN could not be the same as the last six or eight (I don't remember exactly) PINs you used, to boot. The end result was that between verifying your fingerprint and coming up with a new PIN, you spent at least 10 minutes at the office re-setting your CAC when it was locked out. What's more, because you had such difficulty coming up with a new PIN, you were more apt to forget that PIN later. Because of this the CAC office had at least 5-10 people in line to reset their CAC at any give time. If you locked your CAC out you could expect to spend an hour or more getting your card re-set.

So what was the real security picture at the armory? Even though it was a potentially fireable offense, most people kept sticky notes of their PIN on their monitors to avoid having to go to the CAC office and waste a couple hours of their day, completely defeating the purpose of the PIN. Furthermore, since the CAC had to be in the computer to use the machine, instead of simply swiped or scanned, it was very common for people to step out of the office momentarily and leave their CAC behind (especially those who were most forgetful - who also were most likely to have a sticky of their PIN!). As most people in an office environment know, stepping out for "just a moment" can easily turn into a 20-30 minute absence from the office. You could stroll through the armory at any given time and find a dozen or more empty, open offices with CAC cards in the machines and PINs pasted to the monitors, making all that security worthless. So many people had difficulty with the system that firing was impractical, eliminating the motivation to avoid such behavior.

You can't accurately judge the strength of your system without taking in to account the end user. This is why, though randomized pass-phrases made of common words seem inferior to complex passwords, they are actually much more secure in practice. They have a much higher minimum complexity, and are much easier to remember, two critical weak points of complex passwords. Also, it is much easier to increase the complexity of a pass-phrase significantly without seriously impacting the user's ability to remember the pass-phrase. Adding just one more word bumps the complexity up to 2^55, while making the pass-phrase only a little bit harder to remember (i.e. correct horse staple button flashlight - just picture a flashlight saying "correct" and you've got a new mnemonic that will stick with you). You can't add 11 bits of complexity to a password without making it much more difficult to remember.

With some practice, most people could remember 10 common words reliably. That's 2^110 combinations for a brute force attack. Services like OpenID will probably be ubiquitous before that becomes necessary, however.


bigjeff5; That was a great story. Thanks for that. Very funny. Yes. And; The solution that you proposed and supported was nice, too. Very, very funny.

I know for a fact that smart people do stupid things, sometimes. It is not always funny until it is over. If, 'ya live, then, 'ya can laugh.
Life is, just, an exchange of electrons; It is up to us to give it meaning.

We are all in The Gutter.
Some of us see The Gutter.
Some of us see The Stars.
by mr. Oscar Wilde.

Those that want to Know; Know.
Those that do not Know; Don't tell them.
They do terrible things to people that Tell Them.

User avatar
eculc
Wet Peanut Butter
Posts: 451
Joined: Mon Jun 27, 2011 4:25 am UTC

Re: 0936: "Password Strength"

Postby eculc » Thu Aug 11, 2011 2:45 am UTC

Note to self: change nuclear strike confirmation code.
Um, this post feels devoid of content. Good luck?
For comparison, that means that if the cabbage guy from Avatar: The Last Airbender filled up his cart with lettuce instead, it would be about a quarter of a lethal dose.

bjkovo
Posts: 2
Joined: Thu Aug 11, 2011 2:37 am UTC

Re: 0936: "Password Strength"

Postby bjkovo » Thu Aug 11, 2011 2:46 am UTC

I'm kind of surprised that nobody has suggested this before, but the method I always use is:
A1! (to deal with systems that require capitol letters, numbers, and punctuation) plus
Sir, your ton ton will freeze before you reach the first marker! => A1!syttwfbyrtfm

Easy to remember, immune to dictionary attacks, about 48 bits of entropy (not counting the A1!), and no need to write it down.

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 25708
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 0936: "Password Strength"

Postby gmalivuk » Thu Aug 11, 2011 3:16 am UTC

bjkovo wrote:Easy to remember, immune to dictionary attacks, about 48 bits of entropy (not counting the A1!), and no need to write it down.
But those aren't just random letters. They're a movie quote.

Back-of-the-envelope calculations tell me there are about ten billion words in all the feature-length movies on IMDB (40000 words per movie, which is probably generous, and about 250,000 movies, which is a bit under the figure on their database statistics page).

Which means about 10^10 passwords for each password length, if you ignore who's speaking and just take blocks of consecutive words (in other words it's less if you only concern yourself with actual lines spoken by one person). Figure 10^11 when you account for quotes of various lengths, and it's still less than 37 bits of entropy.
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

Ghona
Posts: 246
Joined: Mon May 21, 2007 1:28 am UTC

Re: 0936: "Password Strength"

Postby Ghona » Thu Aug 11, 2011 3:19 am UTC

I just use str2num on the URL, take the solution mod 240 and mod 19, and type in the corresponding page and line # from the Voynich manuscript.

Best of all, when I sticky it to my monitor it still isn't a security hazard.
If you're taking me too seriously, you probably are making a mistake.

erik65536
Posts: 8
Joined: Wed May 04, 2011 7:06 pm UTC

Re: 0936: "Password Strength"

Postby erik65536 » Thu Aug 11, 2011 3:29 am UTC

I would like to reiterate what has been said many times before in this thread.

Its annoying when alicehandbags.com has extremely strict password requirements that requires you to create a whole new password system.
Then bobscoolblog.com has an a completely different set of requirements that requires yet another system.

What we need is for a standards organization like w3 to create a standard set of rules for passwords. Something like:

Must be at least X characters if only contains lower case letters.
Must be at least X characters if only contains lower case + numbers.
...
Must not be greater than what ever is reasonable to upload to a web server.
Must support this character set.
You may only use these hash functions.
Must be salted with at least X bits of entropy.
...

jpgoldberg
Posts: 5
Joined: Wed Aug 10, 2011 11:19 pm UTC

Re: 0936: "Password Strength"

Postby jpgoldberg » Thu Aug 11, 2011 3:30 am UTC

Rephistorch wrote:make it upper and lower case, add numbers and symbols in random places


But people don't randomly add upper case. They do it at the beginning, end, and at syllable boundaries. The same is true about adding numbers and symbols "randomly". People don't do it that way, and are highly predictable. If you really did do it randomly, you would end up with something you couldn't remember.

Hell if you make random passwords that are 8 characters long and take the time to memorize them, you're way ahead of the game. Truly random (or close enough) ...

People don't really do "truly random" and it's easy to write modules for John the Ripper that exploit the kinds of things that people do.

For strong passwords that people have to remember, I've recommend that people use diceware (with a modification) here:

http://blog.agilebits.com/2011/06/toward-better-master-passwords/

And I've just followed that up with post walking through today's comic (trying to explain the math to our non-technical audience.)

http://blog.agilebits.com/2011/08/better-master-passwords-the-geek-edition/

Anyway, with five diceware words (they're short, but not so common) you get 64 bits of entropy.

Indeed, I wonder whether Randell had seen my earlier post. He managed to say in one comic what took me 2000 words to explain without math.

I really agree that we've been training people wrong about passwords for the past 20 years. Some of that is because we carried over our advice from the days when passwords were limited to eight characters.

Cheers,

-j

FoolishOwl
Posts: 52
Joined: Mon Jun 29, 2009 8:36 pm UTC
Location: San Francisco, California
Contact:

Re: 0936: "Password Strength"

Postby FoolishOwl » Thu Aug 11, 2011 3:46 am UTC

I usually generate a completely random password from a random password generator, and record it with Bruce Schneier's Password Safe. I think I'll give some variant of Randall's suggestion a try, though.

I think the dangers of writing passwords down is exaggerated, especially if you can get people to put the bit of paper with the password somewhere safe, like a wallet. The proverbial password on a sticky on your monitor may be easily seen by your co-workers, but the hacker on another continent can't see it, so better the strong password on a sticky on your monitor, than the all-too-common "12345678".

It does strike me that we tend to talk about password security overmuch, considering that's often *not* the weak point. It is, however, the one that's most often under people's control, and people hate to admit that their fates aren't under their own control.

FishStik
Posts: 1
Joined: Thu Aug 11, 2011 4:17 am UTC

Re: 0936: "Password Strength"

Postby FishStik » Thu Aug 11, 2011 4:20 am UTC

I know that a big problem for password security is using the same password across multiple sites. Can anybody see any drawbacks in using the same 'base' password and just adding an account- or site-specific string to the end? For example:

Account: Computer login
Password: hunter2

Account: Facebook
Password: hunter2facebook

Account: Gmail
Password: hunter2gmail
.
.
.
etc...

garaden
Posts: 18
Joined: Thu Aug 11, 2011 3:40 am UTC

Re: 0936: "Password Strength"

Postby garaden » Thu Aug 11, 2011 4:20 am UTC

FoolishOwl wrote:I think the dangers of writing passwords down is exaggerated, especially if you can get people to put the bit of paper with the password somewhere safe, like a wallet. The proverbial password on a sticky on your monitor may be easily seen by your co-workers, but the hacker on another continent can't see it, so better the strong password on a sticky on your monitor, than the all-too-common "12345678".


I have never understood this warning! For God's sake, I have four sequences of digits in my wallet that, together, grant access to the entirety of my financial resources, and another that does the same for the student group I run. But goodness, I better never write down my passwords!

Also, I despise max character limits on passwords. So setting your password fields to 100 bytes is unacceptable? A terabyte for one password for each human being on the planet? Really? I can buy a terabyte hard drive for <$100. Admittedly it wouldn't be fast or reliable enough for a production site with six billion users, but I'm guessing that if that's your load, storage and bandwidth for authentication is the least of your problems. Sometimes I wonder whether some companies, when searching for web design/security folks, specifically recruit stupid people.

Wait. "Web design/security". Well, that explains a lot. I was glad to see a defense of tech support people on the forums after Randall floated the shibboleet, but I remain generally suspicious of web designers. Seems like there's a lot of sites that really impress the marketing department and no one else. Except the script kiddies who rip them to shreds. And in that case it's not so much "impressed" as "entertained".

OfflineCracking
Posts: 1
Joined: Thu Aug 11, 2011 4:43 am UTC

Re: 0936: "Password Strength"

Postby OfflineCracking » Thu Aug 11, 2011 5:00 am UTC

All right, folks, let's take another look at Online vs. Offline cracking.
Online cracking: typically very slow due to network latency and throughput limits, very noticable, and easily stalled out by "no more than X wrong tries per Y time units".

Offline cracking (i.e. the Gawker incident): Once a username/password list is acquired, it's vulnerable to offline analysis by one or more computers... or by a rented cloud provider (Amazon provides GPU instances, for a price). This can be trivial (cleartext passwords), or require compute power. GPU computing has changed the equation massively in the past couple of years; while single SHA1/MD5/salted SHA1/NTLM/Windows domain cached credentials passwords are cracked by CPU's at approximately 10 million tries/sec, they're cracked by a box full of GPU's at approximately 10 to 80 Billion tries/sec; this is a far cry from the 1000 tries/sec in the comic, and reduces the 550 years at 1000/sec to less than an hour at 10 billion tries/sec.

Also note that if we assume compute power doubling every 18 months, then every 10 and a half years, we're able to crack 128 times faster; this A) is underestimating current GPU computing increases, many of which are still occuring in the code optimization space, and B) must be factored in to longer term passwords, particularly for sites with mandatory long-term archives (such as financial data).

See hashcat.net for more information.

User avatar
Pandorly
Posts: 70
Joined: Wed Aug 03, 2011 9:04 am UTC
Location: Location: Location

Re: 0936: "Password Strength"

Postby Pandorly » Thu Aug 11, 2011 5:03 am UTC

I invented my own language when I was ten. Nobody else except me, my immediate family and my boyfriend could actually remember or pronounce the words in the language, let alone spell them. A few digit replacements and some punctuation here and there and a short sentence in that language becomes a ridiculously elaborate password...
Image
'Science is the great antidote to the poison of enthusiasm and superstition(!!!).' - Adam Smith

bjkovo
Posts: 2
Joined: Thu Aug 11, 2011 2:37 am UTC

Re: 0936: "Password Strength"

Postby bjkovo » Thu Aug 11, 2011 5:08 am UTC

gmalivuk wrote:
bjkovo wrote:Easy to remember, immune to dictionary attacks, about 48 bits of entropy (not counting the A1!), and no need to write it down.
But those aren't just random letters. They're a movie quote.


Yeah, but they're not limited to movie quotes.

Today I was attacked by an army of rabid zebras => A1!tiwabaaorz

User avatar
preshing
Posts: 1
Joined: Thu Aug 11, 2011 5:11 am UTC

Re: 0936: "Password Strength"

Postby preshing » Thu Aug 11, 2011 5:30 am UTC

TaylorP wrote:
CharonPDX wrote:A co-worker has created an xkcd-compliant password generator:
http://slid3r.com/passGen

Enjoy.


fingerboards aroused panhandlers petroleum :|

I like the idea, but I agree that it might work better if it had a "Simple English Wiki" option for the words.


I've created an online generator which is based on almost 211 common English words, as the comic suggests. Still not perfect, but I think it's an improvement.

Since I'm new here, and wish to respect the rules, so just google "xkcd password generator". :)

PS. I dogfooded it while registering for this forum! :wink:

Arariel
Posts: 404
Joined: Fri Sep 17, 2010 2:32 am UTC

Re: 0936: "Password Strength"

Postby Arariel » Thu Aug 11, 2011 5:52 am UTC

My scrambled fora password is:
34588bfggghhjtuu
I haven't used it as any other password, and it's been a while since I've done combinatorics, but I think there are still over 400 billion combinations, which is no time at all for a machine that could check several billion a second (if what someone else said earlier is correct), but really, there are better things to use those for.

Jamaican Castle
Posts: 151
Joined: Fri Nov 30, 2007 9:10 pm UTC

Re: 0936: "Password Strength"

Postby Jamaican Castle » Thu Aug 11, 2011 7:35 am UTC

bjkovo wrote:I'm kind of surprised that nobody has suggested this before, but the method I always use is:
A1! (to deal with systems that require capitol letters, numbers, and punctuation) plus
Sir, your ton ton will freeze before you reach the first marker! => A1!syttwfbyrtfm


Is this a good time to point out that it's a "tauntaun"? I mean, not that it matters, but I almost missed the quote because of it.

MrSnowman
Posts: 2
Joined: Thu Aug 11, 2011 7:47 am UTC

Re: 0936: "Password Strength"

Postby MrSnowman » Thu Aug 11, 2011 7:54 am UTC

Isn't 4 common words extremely easy to crack? I always start with a wordlist.

Anyways I don't know why but this comic gives me the Hermann grid illusion. No other comic does.
I can't figure out why, and it's really weird since there's only two invisible dots, so my eyes just bounce in between the two by reflex.
And I can't control it, took me quite some time to read this.


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: Cougar Allen and 175 guests