Your Passwords Don't Suck — It's Your Policies 487
First time accepted submitter eGuy writes "ZDNet sparked a debate about password policies when John Fontana wrote about my open source (LGPL) password policy project that rewards XKCD-like passwords. Steve Watts of SecurEnvoy replies that it is too little, too late. What think ye? Is there hope for passwords?"
This is too simple to fix (Score:4, Funny)
Every time a see a password like this "12ol3jkh!!asrdfw9g8" or "^TFGY78UH" I want to vomit. Why not make your password something like "This chicken tastes like shit!"
Re: (Score:3, Funny)
Re:This is too simple to fix (Score:5, Insightful)
because it would take longer to type
I disagree, my ability to type words in sequence each day has made me quite efficient at doing so, a garbled string on the other hand I am not. The lowercase, uppercase, numbers and symbols make passwords longer to type.
With different passwords for each site (or at least each serious one such as banks) the garbled text approach is very inappropriate.
As passwords are stored in as a hash created with a salt the password is always stored as a fixed value (128bit for MD5 etc) it requires no additional storage for the servers/databases.
Re: (Score:2, Interesting)
Re: (Score:2)
Re:This is too simple to fix (Score:5, Interesting)
I have 3 different bank accounts, 3 different credit cards, a HSA, a Roth IRA, and a 401k that I should probably make sure have secure passwords. (And I am sure there are a couple more non-financial ones that should also be secure). In an ideal world, that would be 9 different 6-8 digit random character passwords. That is assuming that all of the other accounts (like /.) have less secure passwords. That doesn't even take into account changing the password semi-regularly. Even if you feel it is unnecessary, some websites enforce it on you. I am a pretty smart guy, but I might have a little trouble keeping them straight. How many different 6-8 digit random character strings do you have memorized? And how often do you change passwords on your account? Do you change them all at once (and memorize all new passwords), or do you spread it out?
It only doesn't seem hard if you are not doing it right.
Re:This is too simple to fix (Score:4, Informative)
Well you simply cannot memorise all the passwords that a modern computer user has to use no matter what style you use if you are not taking risks or a memory expert. That is why you need password vaults, or post it notes.
Re: (Score:3)
Just like I said, no way to do it safely. That has about the same amount of entropy as a single character password.
Re: (Score:3)
Re:Unreliable cracking estimate (Score:4, Funny)
Since when is coprophage rare? This is the Internet.
Hide in plain sight (Score:3)
Also garbled passwords are going to be far harder for people to memorize if seen by accident.
Not if they do not recognize it as a password e.g. "Remember the lepton-jet meeting at 8am" would look more like a reminder than a password.
Re: (Score:3)
Also garbled passwords are going to be far harder for people to memorize if seen by accident.
Not if they do not recognize it as a password e.g. "Remember the lepton-jet meeting at 8am" would look more like a reminder than a password.
You could do this to the sentence in quotation marks "Rtl-jm@8am". Easy for you to remember but a real bitch for someone looking over your shoulder. Actually a better way is to poke the guy in the eyes who is looking over your shoulder :)
Re:This is too simple to fix (Score:5, Insightful)
Re: (Score:3)
another password revealed (Score:5, Funny)
Re:This is too simple to fix (Score:5, Funny)
Every time a see a password like this "12ol3jkh!!asrdfw9g8"
That's the password on my luggage!
Re: (Score:3)
Good job printing it on the outside...
Re:This is too simple to fix (Score:5, Insightful)
My banking site insists I change my password every few months. It must have a capital letter, it must have a numerical character - and worst of all - it cannot be any of the last 5 passwords I chose. It is only one of about 20 websites I have passwords for (not to mention a half dozen MMORPGs I play from time to time). I cannot remember all of those passwords easily so when I am forced to cycle through 6 different passwords by one single website its a bit fucking irritating. Not only that but I highly doubt it increases my security significantly, and of course my bank account seldom has much money in it in the first place.
Re:This is too simple to fix (Score:4, Interesting)
You can always use a password manager (ex: http://www.clipperz.com/ [clipperz.com] ). I actually don't even know most of my passwords. Don't need to.
Re:This is too simple to fix (Score:5, Informative)
The reason to avoid understandable sentences is they have extremely low entropy per character. Or, put another way, they are easier to hack than their length would indicate. An xkcd password has about 1.5 bits per character of entropy; a normal English sentence has as low as 0.6 to 1.3 bits per letter, according to one study [wikipedia.org]. Given the simple and trite short sentences people would use for passwords, it's likely closer to 0.6, or about 20 bits of entropy for your example 'chicken' password, compared to 44 bits for a shorter xkcd password [xkcd.com].
Re:This is too simple to fix (Score:4, Interesting)
Funny.
According to the Passfault demo (that's the link in the summary above) it would take 18384672610116790 centuries to crack "This chicken tastes like shit!"
Where the xkcd password "Correct horse staple battery" would take 72624497 centuries to crack. That is if it wasn't already on the internet for everyone to see and try.
Re:This is too simple to fix (Score:4, Informative)
Funny.
According to the Passfault demo (that's the link in the summary above) it would take 18384672610116790 centuries to crack "This chicken tastes like shit!"
Where the xkcd password "Correct horse staple battery" would take 72624497 centuries to crack. That is if it wasn't already on the internet for everyone to see and try.
That estimate is generated by assuming brute force and a specific character set that contains all of your input characters.
No one cracks passwords starting with brute force.
Re: (Score:3)
Right they steal your table and attack the salted-hash. Sooo...no passwords for anyone!
Re:This is too simple to fix (Score:4, Funny)
Where the xkcd password "Correct horse staple battery" would take 72624497 centuries to crack. That is if it wasn't already on the internet for everyone to see and try.
Yep. (nods). Now if you excuse me, I have to change my password right now.
Re:This is too simple to fix (Score:5, Interesting)
Actually, it's "correct horse battery staple". And the funny thing is, I didn't even have to look it up. As the comic says "you've already memorized it".
Re: (Score:3)
But what prevents a there being a rainbow table of 12 characters mixed case with special characters? The big thing with having a string of words as a password is that if creates a very large set of possibilities. A word list string together multiple dictionary words isn't going to be much better than a straight brute force attack.
Besides you can easily capitalize a single word or all of the characters in one of the words, and throw in a number and symbol in your sentence you you made your password even mo
Re: (Score:3)
Mixed case with special characters gives an alphabet of (conservatively) 80 characters. 80^12 combinations * 12 characters to store (neglecting the actual hashes) is 824ZB. That's the amount of data the LHC would produce in about 55 million years. You need some extremely good compression to get anywhere near something you can store on any feasible device.
Re:This is too simple to fix (Score:5, Interesting)
but I do know many dictionary cracking programs implement mixing of words on the list - meaning "correct horse staple battery" will be cracked in SECONDS, not centuries.
There are approximately 6000 common words in the English language, so if you just pick 4 random words, there are
6000 ^ 4 = 1296000000000000 possibilities
If you pick a truly random 8-character password, there are:
140 ^ 7 = 1054135040000000 possible choices.
Even at 1,000,000 crack attempts per second, it still takes on average 16 years to crack a password formulated using either method. way.
Re: (Score:3)
Try a billion attempts per second with a single GPU. A maximum of 15 days.
Re:This is too simple to fix (Score:4, Interesting)
I take it you've never seen a wordlist for a dictionary password cracker. I don't have any on me to see if that specific string is in them (quite possible, based on some of what I remember), but I do know many dictionary cracking programs implement mixing of words on the list - meaning "correct horse staple battery" will be cracked in SECONDS, not centuries.
No it won't. I recommend some math instead of faulty intuition:
Let's assume a word list of 5000 entries (that's very low, the OED
counts over 150000 words in current use).
Four words out of this gives us 5000^4 (word repetitions are allowed),
or 6.25e14, that's 625 trillion. At a million cracking attemps per second,
that gives 19.8 years for an exhaustive search.
So, a random four-word passphrase made up from a 5000 word list
will take nearly 10 years (exhaustive/2). And that assumes the passphrase
only contains words from the list. Unlikely.
Of course, 10 years isn't that impressive. But even a single changed
character somewhere – or just a word not on the list! – will require a full
brute-force search on the character level instead of at the word level.
Hello bazillions of years.
Re:This is too simple to fix (Score:4, Interesting)
I tried out the Analyzer program, and discovered that it only seemed to look for *English* words. Simple, easy-to-remember phrases in Tongan or French were rated as extremely strong (taking centuries to break).
Re:This is too simple to fix (Score:5, Insightful)
we widely distribute a standard library method for computing password entropy and let people pick what kind of strong password they want to remember
There are a few complications with this.
1) Humans are incapable of picking entropic passwords. They think they can, but they can't. So the measure we need isn't actually one of entropy, though it looks like that to computers.
2) Mostly due to (1) above, computers are incapable of correctly calculating the entropy of a human generated password. They can calculate the entropy of a string of characters if they presuppose that the string of characters was not generated by a human.
3) Even if we assume that humans can create entropic passwords, it's difficult for a human to estimate that entropy. What happens when the password entropy checker rejects "This shit tastes like chicken"? How does the human know how to make that password more acceptable? Is "shit this tastes like chicken" any better? How about "chicken like this tastes shit"? Or "Tastes chicken shit this like"? How does that even compare to a shorter string of letters, numbers, and symbols which don't form a word? To the person behind the keyboard, such a comparison is nonsensical. They computer can't reasonably say, "Please add 4 bits of entropy to your password," and saying that the password isn't strong enough without providing any guidance as to why will just be frustrating.
4) The library would need constant updating to be valid. Because "correct horse stable battery" and all of the permutations of that set of words (probably including pluralization and tense changes) are terrible passphrases now, but they would have been pretty good prior to Randall Monroe's comic. Each new song, book, poem, and speech decreases the value of passphrase word-sets.
5) Assuming you ignore (4) above, you still basically eventually run into what we have now--some people have good passwords, some people have bad passwords, and the biggest problem is still reusing passwords combined with site compromises.
Re: (Score:3)
Maybe the trick is to do something like "Your password is unacceptable because it can be broken down into 2 substrings both of which get more than 50,000 Google hits."
Re: (Score:3, Insightful)
Re:This is too simple to fix (Score:5, Interesting)
Users were permitted to choose their own password. These passwords could be long. We had guidelines as to what were good schemes, but there was no enforcement of rules.
However, we also
If your password was cracked by the quick checker, it was rejected and you had to choose another.
If the background checker cracked your password, you were locked out. When you tried to log on and couldn't, and called to find out why, you were told your password had been cracked and you needed a new one. (Actually, I think we emailed you then locked you out, so if you were on-line, you could choose a new password then and there).
It worked.
Re:This is too simple to fix (Score:4, Insightful)
Actually, I think we emailed you then locked you out, so if you were on-line, you could choose a new password then and there
Sounds absolutely ripe for phishers to send fake e-mails.
Re:This is too simple to fix (Score:4, Interesting)
because "This chicken tastes like shit!" password is more or less a "5-character password", but characters are selected not from ~26 but from say 50000.
My guess is that after the referred xkcd strip brut force algoritms also put more emphasis to natural language sentences, etc.
Re: (Score:3, Funny)
Re: (Score:2)
The characters are "words in a dictionary" not "glyphs on a keyboard".
But when cracking a password, you look at "words morons on the internet use a lot" and there are probably closer to 5000 of those (compared to 50000 regular words). Combine with noun / verb / article classes and weight words with frequency and you can narrow that down to a LOT less in practice.
Pass phrases are dumb.
Re: (Score:2)
I am not sure how you consider this a 5 character password. The breakdown in usage is
A lot more than 5.. That are 14 unique characters in that phrase.
Because there are 5 unique tokens:
this
chicken
tastes
like
shit
! (actually 6 tokens including this special character).
But I don't think it's true to say that each token is drawn from a pool of 50,000. These are common english words that probably exist in a dictionary of 1000 common words. A strong password would use less common words:
the aforementioned fowl has a sapidity analogous to excrement
but you really don't want a complete sentence since grammar rules could be used to brute
Re: (Score:3)
You did not account for the spaces which makes 8. You can also remove the spaces altogether. It is not a matter of "IF" a password can be cracked it is if your policy requires it to be changed before that can reasonably happen. So what makes more sense for a network administrator to employ;
1. 8+ character password with minimum 1 upper, 1 lower, 1 digit, and 1 special character changed every 45 days (which would result in something like $rfVBgt5).
OR
2. 17+ character password with minimum 1 upper, 1 number, 1 lower and 2 special changed every 45 days which would be "This chicken tastes like shit!"
Take your grammar rules and apply them. Even if you were to take the fact that the words come from the dictionary, you would have to break it within the password change cycle. Shorten the password life to 15 days and require that the fist letter be different for the last 2 passwords and you still give users reasonable security without being crazy.
I have 2 red cars and one black.
You like my black car.
People can remember that.
I ignored the spaces, since they only add one bit of entropy - either you have spaces or you don't.
Shorten the password life to 15 days and require that the fist letter be different for the last 2 passwords and you still give users reasonable security without being crazy.
Are you really saying that a 15 day password lifetime is reasonable? Some of my users don't even log in for 15 days, their password may be expired before they even return to a place where they can use a computer.
If you tell users "The first letter has to differ from your last 2 passwords", they'll prepend A, B, C, etc to their password.
Once you start adding rules like "1 upper, 1 lower, 1 digit, and 1 special
Re: (Score:3, Interesting)
Every time a see a password like this "12ol3jkh!!asrdfw9g8" or "^TFGY78UH" I want to vomit. Why not make your password something like "This chicken tastes like shit!"
Because 12ol3jkh!!asrdfw9g8 is a good password and This chicken tastes like shit! is a terrible password.
Please quote that XKCD comic all you like, it doesn't make it right.
"Entropy" (can we please stop misusing this word?) is only a useful measure of password strength if you're brute forcing.
Password crackers employ methods that are a teeny bit more sophisticated than brute forcing.
Re: (Score:2)
Why exactly do you think 'entropy' is the wrong word? It's a pretty well-formed concept in information theory.
Re:This is too simple to fix (Score:5, Insightful)
"Your password cannot be over twelve characters."
"You have used this password before. Please enter a new one."
I have my own password policies, and it's frustrating when I can't follow them.
Wrong (Score:3, Insightful)
The trouble with the pass phrase concept is that the whole words just become tokens. Most people's vocabulary is not that large. You could use a common spelling dictionary and toss in the like substitutions 0 for o excetra and you don't really have a key space much larger than normal 7 character or so passwords offer
Re: (Score:2)
Well, a "common" dictionary is still 200-300 words. And you can also use the name of a pet. So that is a X variable that is fairly large. So basically we have 300*300*300*300*X, and X is most likely larger than 500. Its still a lot of passwords, and then we have the spelling mistakes, writing the words as their litteraly are spoken, and a lot more. Just replacing e with 3, i or l wih 1 and 0 with o is just more noise to the pattern.
Basically: XKCDs multiple word scheme is secure enough if its long enough. J
Re:Wrong (Score:5, Funny)
Of course, your fiendishly clever non-standard spelling of et cetera would fool any such dictionary attacks.
Re: (Score:2)
Re:Wrong (Score:5, Informative)
The average adult that has been to University knows 20,000 head words. A head word is a group of words with essentially the same meaning. For example, expect, expectation, is expecting, etc are all one head word. 26^7 is a little bit over 8x10^9. If a user picks 4 headwords for their passphrase, the search space is 20000^4 or 1.6x10^17. And that's if we just use headwords. If the user uses variations the search space is rather huge.
You might say that 20,000 headwords includes a lot of strange vocabulary. But for instance, to get 95% vocabulary coverage in reading a newspaper you need just under 16,000 headwords. However, even if we restrict vocabulary to the most common 5,000 headwords (the average vocabulary of a 5 year old) we get a search space of 6.25x10^14.
XKCD style passphrases are dramatically more robust than a 7 character alphabetic password.
Re:Wrong (Score:5, Insightful)
That's why you use a standardized list of tokens (mostly words, but some non-word tokens as well) such as Diceware [std.com]. With 7776 tokens, the keyspace is far larger than the "normal 7 character" password. The trick is to ensure that you are choosing the tokens randomly. You can use dice, your favorite random number generator [random.org], etc. I use several 4- and 5-token passphrases that I have remembered literally for years, each one unique. Type them enough times, and muscle memory takes care of the rest. Even after a period of non-use, it amazes me how my fingers will remember the passphrase but yet I can't recall the passphrase itself.
Re: (Score:3)
2140^4 ~= 80^7
I think most paid professionals could come up with a 2100 word vocabulary of words they can remember, especially if you bounce their choice when they use any of the 500 most commonly selected words - they could use the 500 most common, just that they wouldn't get credit for a common word being one of the four.
A 4 to 7 word sentence is a hell of a lot easier to remember than 7 screwy characters.
Re:Wrong (Score:5, Interesting)
Most people's vocabulary is not that large.
Let's use the xkcd example: correct horse battery staple.
Using a list of the 5000 most commonly used words, I was able to find rankings for 3 of the 4 words:
"staple" doesn't even appear on the most common 5000 word list. But let's assume it did at 5000. That means your dictionary now is 5000 words large. 5000^4 = 6.25 * 10^14.
Now let's address your suggestion:
you don't really have a key space much larger than normal 7 character or so passwords offer
Now your average English keyboard has 47*2 = 94 type-able characters. 94^7 = 6.48477594 * 10^13. The xkcd example assuming it was smaller than it really was beat your suggestion by an order of magnitude.
Now let's address how large people's vocabularies are. According to wikipedia:
This translates into a wide range of vocabulary size by age five or six, at which time an English-speaking child will have learned about 2,500-5,000 words. An average student learns some 3,000 words per year, or approximately eight words per day.
But 6 year old kids don't have much interesting personal information that people are really after like credit cards. Let's read further:
A 1995 study estimated the vocabulary size of college-educated speakers at about 17,000 word families, and that of first-year college students (high-school educated) at about 12,000.
http://en.wikipedia.org/wiki/Vocabulary [wikipedia.org]
So let's re-do the calculations with 10,000 words: 10 000^4 = 1.0 * 10^16.
Things will only get worse if you tell people to use numbers, names, special abbreviations, etc. For example it will be highly unlikely the following phrase will be in your dictionary: "5000 most common vocabulary". People can also use natural language and still fall way out of your dictionary: "yummy carne asada dinner". They can also use personal and vulgar language: "Stupid bitch Alice, never again".
Re: (Score:3)
Fortunately my mother's maiden name is v6g1sH6Ynr.
Re: (Score:3)
44 bits is a respectable amount of entropy
Not really. If you look at the latest password cracking speeds (e.g. Speeding up GPU-based password cracking by Martijn Sprengers and Lejla Batina, proceedings of SHARCS 2012), 44-bit MD5-crypt can be brute-forced in 3 years with one graphics card. If you assume that the idiots who wrote the software are using MD5 rather than MD5-crypt, that drops to 1 day. With one graphics card.
Terrible password policies (Score:5, Insightful)
Re: (Score:3)
My company's password policy is that you're not allowed to use password vault software.
I wish I were kidding.
Oddly, though, the new policy came out a month or two after the xkcd comic, and they *did* make a special exemption for using dictionary words and the other password complexity rules provided the password was of sufficient length.
And I think most of the systems will lock out after between 3-5 failed attempts, but they'll automatically unlock after 5-15 minutes, so you don't have to call in.
Re:Terrible password policies (Score:5, Insightful)
What's even more facepalm worthy is that when you call, they usually "verify" your identity using information about you which is frequently publicly available.
Re:Terrible password policies (Score:4, Insightful)
What puzzles me... (Score:4, Informative)
Re: (Score:2)
Its not.
Its hard to come up with a scheme to do all of the following simultaneously:
* Secure access to internet accessible resources from unauthorized use,
* Permit access to internet accessible resources to authorized use,
* Have a low per-user cost to implement and support
* Be convenient for common users
If its dynamic (rather than static,
Re: (Score:2)
If they know it, it's not something 'only you would know' (or it's a password, effectively). Family or coworker snapshots can be defeated with a bit of time on Facebook. Etc. The article above seems to think switching to a physical token is a solution - effectively switching from a combination lock to a keyed one. Which works in a controlled, corporate environment.
But the problem is fairly complex: You need to come up with a simple, secure, easily implemented, quick way to distinguish a human from a mac
We do this at work (Score:2)
i.e. 7 characters one must be a non-character or capital.
The result is that people like me chose passwords that a keyboard patterns that anyone could guess if they watched me type it.
Re: (Score:2)
Awesome paper on password patterns - http://www.usafa.edu/df/dfe/dfer/centers/accr/docs/schweitzer2009a.pdf [usafa.edu]
The main problem is... (Score:5, Insightful)
My bank's website enforces a MAXIMUM length. I'd love to have a password like "c0rr3c7 h0r53 b4773ry st4p13", but I can't use more than 6 characters.
Yes, you read that right. 6 characters. Maximum.
I fear for my online bank info constantly
Why would there ever be a reason to enforce such a small maximum length? I don't get it.
Re:The main problem is... (Score:5, Insightful)
> I fear for my online bank info constantly .
And yet you continue to deal with that bank. Why?
Re: (Score:2)
Getting a new account and transfering everything is always a mess. Its hard to do. Human nature at its best.
Re:The main problem is... (Score:5, Insightful)
It means they don't care. I do online banking security consulting, including almost all of the largest banks in Canada. They know that what they have is far from ideal, but the losses are not enough for them to want to make a change. It comes down to a formula of the costs of fraud vs the costs of adding additional security + help desk calls as a result + end user usability. One of the largest banks I worked with told me that banking with them is a cultural thing and that most of the citizens in the province will bank with them by default. They can afford to have minimal security and just cover the fraud loss out of their profit.
And just so you know, Authentication is dead. If I've got malware on your machine, then I don't care how strong your password, OTP and biometric security is. I'm going to wait for you to login and then take over your session in the background. Security at this point is well beyond what's happening at the login stage. And don't get me wrong, the vendors that are doing the current security implementation for these banks have a lot more to offer, but it's the banks that are deciding that it doesn't matter to them.
Re: (Score:2)
Did you understand the XKCD comic?
the whole idea is random. Those similar looking numeric substitutions are binary at best adding 13 bits at best.
It's hard to remember the ones you chose and if you chose all of them you would only add 1 bit.
Re: (Score:3)
apparently you didnt understand
a random short password is less strong than a simpleton long password
if you mix the two you get even stronger, if you speek "leet" you would have read that password as normal english, and its something the OP could very easliy remember WHILE increasing length AND adding bits
25 still beats the shit out of 6
its not the content its the length
Re: (Score:3, Insightful)
As someone with a rather embarassingly similar system to support, I can sympathize with your concern. We railed against the limitations of the software vendor when we switched to it, but their attempts to fix it caused new issues. At first we had a system that truncated the longer passwords our users had on the old system, and then later when they tried to expand the length of input, those users with longer passwords they'd been transparently using were suddenly getting told their password was incorrect bec
Typos (Score:2)
Re: (Score:3)
The problem with XKCD style passwords is the more characters in a password, the more likely I am to make a typo while entering it. I mistype a typical 8 character password a couple times a day. I can imagine what it would be like with a 25 character password.
Um..... practice typing more?
The thing with xkcd type passwords is that they are made up of english words (or whatever your native language) which you have probably typed a million times before. How could you not type them correctly? I just typed this sentence without a single mistake and it contains 49 words.
Wow... (Score:5, Insightful)
Congratulations on winning the Slashdot trifecta - you managed to invoke the GPL, cite XKCD, and slashvertise your own project all in one!
Fix what? (Score:2)
Pwds will always be an easy security bad idea, because by the time a new pwd sec-theme is common cracks have been emplace for about five years.
We need to get pass crazy/silly pwds to non-human dependent security. It will cost a little more, but increased productivity and better security will save oodles.
Pwds are in the trench of the Maginot-line of security, stop wasting time and money, get to bio-PKI and beyond. Easy (to manage/implement or cheap) security is bad security physically/virtually.
You can't check a passphrase like that (Score:2)
Randomly-generated passwords (Score:5, Interesting)
I use randomly-generated passwords (generated by reading /dev/random) that are at least 16 characters wrong. I restrict the character set to [A-Za-z0-9] which is a touch under 6 bits per characters, so I have about 95 bits of /dev/random-quality entropy.
The passwords are stored in a file encrypted with a long passphrase. The long passphrase is probably the weak link, but by not reusing passwords across different websites and using randomly-generated ones, I'm fairly well-protected if one of the sites I visit has its password file stolen.
Security questions & other sucky policies (Score:3)
A: "What are stupid questions I don't want to answer truthfully, Alex?"
.
Also unwise is to have web sites save your info, especially credit card info. Someone cracks the db and you are p0wned.
It is more than just passwords...Heh, don't click that link, Grandma!
Highly secure NSA and DoD passwords (Score:5, Interesting)
The highly secure NSA and DoD password policy is very thorough, but one thing was left un-noticed about this policy. You can create a valid password by merely running your finder down a colum of the keyboard, and then holding down the shift key and doing the same thing. Really!!
To wit, this password is valid. Run your finger down the left-most column of your keyboard: 1qaz2wsx
Then hold down the SHIFT key and type !QAZ@WSX
Presto, you have a valid password that meets all the security requirements the NSA and DoD have imposed upon you.
Now that's okay for creating system images for deployment.
In 45 days when you need to change your password again, just shift to the next row of your keyboard. This will keep you okay for a couple of years or so until you run out of keyboard rows to use. Then, you just do it backwards. It really is that simple.
Try it!! It's almost unbelievable.
Major bugs (Score:4, Interesting)
Start with "awesomepasswordtoday"
1 year, 8 months
Go to "awesomepasswordtoday000"
7 centuries, 8 decades
Go to "000awesomepasswordtoday000"
less than 1 day
This tells me there is something in the logic that makes it a pretty unreliable metric of password strength.
Re:XKCD (Score:5, Informative)
Sure, its 28 characters, but its still lowercase only.
That makes it a lot weaker, no?
It makes it weaker by a factor of about 2^28.
Which sounds like a lot, but when the lowercase password space is already 26^28, it's not much.
XKCD's math is sound.
Re:XKCD (Score:4, Interesting)
No, it would be "weaker by half" if the alternative was a single capital letter at the beginning of the password.
In fact, the alternative is that any, some, or all of the 28 characters could be capitalized or not.
So the first character halves the password's strength if it is predictably lower-case.
and the second halves it again.
and so does the third.
Incidentally, halving or doubling the key space is not "a lot," not by any cryptologist's standards.
Re: (Score:3)
You are totally missing the point.
Instead of using an "alphabet" with 26 characters (or 52 with capitals, or 70-something with capitals and punctuation) and choosing a short random string, you use an "alphabet" with 5000+ ideograms (i.e., words) and choose a short random string of these words.
For simplicity, just suppose there are 5000 commonly used English words. Then there are 5000^n passphrases of length n (i.e., containing n words). Obviously, this is much, much bigger than 70-something raised to the
Re: (Score:3)
I'm glad that there are people who care enough to analyze the strength of things that are so strong they just don't matter.
For some people (I'm one), the problem is the point of it all. Banging your head on that for days, weeks, months, years, is fun. That's what it's all about. A sexy problem's like gold. If you find the solution, (figuratively speaking) "Now what am I going to do?" Einstein spent most of his life fruitlessly banging his head on gravity. A good problem's addictive.
Anything that lasts beyond 100 years cracking time on $100K worth of hardware ...
Somebody recently (a couple of years ago) demonstrated a build it yourself Beowulf that'd do < $100/Gflop. That's verging on "anyone can h
Re:XKCD (Score:5, Interesting)
The only thing going for it is that you don't know that it's only lower case letters.
I think this is a very important point that lots of people overlook.
By prescribing the use of various character classes, you are actually weakening the password.
A proper password should allow the use of those classes, but not prescribe them.
When I was a kid, we had a game called "Mastermind". One person selected various coloured buttons and hid them behind a screen. The other person had to guess the colours / sequence.
We had various house rules about difficulty levels. One of the easiest ones was if they had to tell you the pattern. eg:
* double colour
* blank
etc
Same thing with passwords
Re: (Score:3)
I really wish that more places would simply let you use a long password, and use confidence testing with something like this, or like the Wolfram Alpha algorithm for password strength. I get sick when I'm limited in length, or need ce
Re:XKCD (Score:4, Informative)
Re: (Score:3)
sanitize against passwords that contain some variant of "'); drop table students;"
Uh...methinks you're doing it wrong. What if I wanted "'); drop table students;" to be my password??
We had to reject several applicants because when asked how to prevent SQL injection, they said "Strip out words like UPDATE, DELETE, INSERT" ... well, what if we want to use those words??
Parameterize user input and stop worrying about SQL injection. This isn't 1992.
Re: (Score:3)
Re: (Score:3)
The OED Second Edition contains entries for 171,476 words.
If you choose at random from the complete set, there are 8.6E20 possible four-word passphrases.
This is enough to rule out brute-forcing. But notice of course that both assumptions are critical. An average person doesn't have a 171,476 word vocabulary and humans can't make genuinely random choices.
I recommend the Diceware system: a list of 6^5 short words, from which you select each word of your passphrase by rolling five dice.
All of which addresses t
Re: (Score:2)
This is enough to rule out brute-forcing. But notice of course that both assumptions are critical. An average person doesn't have a 171,476 word vocabulary and humans can't make genuinely random choices.
True, but humans can download large electronic dictionaries and use a computer to pick, say, 4-8 words at random. Since that XKCD came out, I've used a non-random 35 character string followed by one of my old 8 character gobbledegook passwords as a new 43 character password that I can remember. Takes time to type, but I figure it's the "best of both worlds" for security. Unfortunately, a lot of websites I've tried to do this with have an upper limit on password length that is shorter than this.
Re: (Score:3, Insightful)
The problem I have with that comic is that the "strong" password is lowercase only.
Sure, its 28 characters, but its still lowercase only.
That makes it a lot weaker, no? I personally use a 17 character long password (for anything important) at this time, being somewhat random and including lowercase, uppercase, numbers and special characters. If there is one thing I have seen from hashtables, its that adding in special characters makes it a lot harder, and sometimes outside the realm of possible.
Never mind that if you know the person is using special characters, you still gonna have a lot longer time cracking, if you know he is only using words, with the help of dictionary attacks you gonna run through them a lot faster.
Oh, and the way I manage to remember my long password is that I take the short, I assume random, passwords that I have been forced to remember for a few years, like for school, and add those together with a special character in between. Makes it very doable to remember.
I think the point is that even with all lower case, it's still "good enough" and far better than a shorter password. Mixed case (assuming you capitalize the first letter of each word to keep it easy to remember) only adds one bit of entropy.
My problem with the xkcd scheme is that users are lazy and rather than pick 4 random words, they'll pick 4 words that are easy to remember in sequence: "haveityourway" "darksideofthemoon" "thesearenothtedroidsyourelookingfor", so with a phrase dictionary and some grammar
Re:XKCD (Score:5, Insightful)
My problem with the xkcd scheme is that users are lazy and rather than pick 4 random words, they'll pick 4 words that are easy to remember in sequence: "haveityourway" "darksideofthemoon" "thesearenothtedroidsyourelookingfor", so with a phrase dictionary and some grammar rules, you still have a good chance at brute-forcing some user's passwords.
You could perform this attack using Google's autocompletion database as a dictionary.
Re:XKCD (Score:5, Interesting)
Your password complexity requirements are worthless, users will pick easy to remember, insecure passwords no matter what the requirements are. They will, of course, literally fullfill the requirements. The difference is that you are much more likely to get user cooperation if password changes consisted of the computer picking 4 random words for them, rather than 12 random alphanumerics with a side dish of ASCII barf. The only reason users pick their own passwords for sensitive applications is that they'd write that shit down and stick it on the monitor (or under the keyboard, for the ones who "understand security") if you made it truly secure (i.e. generated it for them).
Right now your users pretend to pick secure passwords and you pretend that they do. You don't want to know how shitty they are, they don't want to tell you. As long as you don't find them on post-its and there is no visible compromise everyone is happy. Of course they should have PIN-secured, challenge-response based one time password generators, but let's face it, your systems just aren't important enough to secure them in a thoroughly user friendly manner. So if you actually do care beyond your users picking the simplest password that passes your requirements you very well might think about randomly generating 4 word passphrases for them, I think you even have some volunteers for a trial.
Re: (Score:2)
I doubt that he takes care of the fact that this is words vs random characters.
Yes, he does.
Just a question: Do you actually understand what is meant by those "bits of entropy" tallies that he's counting using rows of squares? If you don't know about http://en.wikipedia.org/wiki/Shannon_entropy [wikipedia.org] then you're ill equipped to understand what this comic is trying to say.
Re: (Score:2)
Its not a good calculator either:
Compare a scandinavia sentence with a number in it [wolframalpha.com] with Same text with the number written [wolframalpha.com]. This clearly shows us that the XKCD scheme is more than good enough. And we can still add in things like spaces, underscores instead of spaces, and replacing letters with numbers.
Re: (Score:2)
they are conflicted with themselves :
security:6 weak
entropy: 117.5 bits
but try that one:
http://www.wolframalpha.com/input/?i=password+strength+Correct_house_battery_staple [wolframalpha.com] :
security: 151 very strong
entropy: 185.4 bits
Re: (Score:2)
there was a dot that disappears at the end of the url
Re:testing the password (Score:5, Funny)
wait for the beta
Re: (Score:2)
...It's too bad there's no way for two hosts to authenticate on a pre-shared key system with a public half and private half for each key, so bob and alice trade public keys and can communicate safely even if eve has both public keys....
I'm not sure what problem you think you're solving with public key cryptography, but it still doesn't remove the password problem. Most people will still want their key to be protected by a passphrase (or some other method that keeps anyone with access to the computer from using it), so passwords won't go away even if everyone uses cryptographic keys to identify themselves.
Re:Passwords DO suck (Score:5, Insightful)
All digital security boils down to the key sharing problem.
And the key sharing problem is "solved" in practice thusly:
Server: O hai! Give me your infos! Here's my certificate.
Computer: Warning! This certificate is not trusted!
User: Ignore warning, add certificate.
Computer: K.
OR
Server: O hai! Give me your infos! Here's my certificate.
Computer: This certificate is trusted because VeriSign totally vouches for these guys.
User: VeriSign?
Computer: Yeah yeah, we totally trust VeriSign. I mean, we've never met them, we don't know their policies, and we rely on VeriSign to tell us if their shit gets stolen, and we basically have no recourse if shit goes wrong, but we trust them.
User: K.
Nobody ever actually checks to see if something is legit because they want it to be painless and automatic. I'd love to be able to go to bank.com and view the certificate, then call the number on my credit card (or go in to an actual bank location) and see if the certificate matches up.