Inkblot Passwords

TechnoPope writes "Microsoft Research a new way to get users to not only develop, but remember more secure passwords can be achieved through using inkblots. Because of how the human brain works, you can show the same pictures to different people and almost always come up with different passwords. What's even crazier, is that people generally are able to remember the complex passwords. Sounds like a major breakthrough in security."

You're both wrong...

[wirelessbuzzers]

[am not! are too! am not!]

The strongest possible password is the string with the most entropy that you can reliably remember and enter. i.e. the output of a password-generation method that has the largest possible number of different outputs (assuming that they are equally likely up to computational feasibility, and that you can reliably remember and enter the password, and that an attacker has any reasonable chance of guessing how you generated it).

It is NOT the longest string you can commit to memory. There are people who have memorized thousands of digits of pi, but the first thousand digits of pi would be a horrible password if someone knew that you had memorized them. Similarly, Shakespearean soliloquies suck, especially if you are a Shakespeare geek.

A random sentence from War and Peace has maybe 16 bits of entropy. A random paragraph has fewer, because there are fewer paragraphs in War & Peace than there are sentences. A random word from /usr/share/dict/words has about 19 bits of entropy, and thus beats out the sentence. A decent PC could crack any of these in seconds flat, if an attacker suspected you had used one of them.

If the string is anywhere on your hard drive in plaintext form, be it in the words dict, a deleted email from Amazon, or your War and Peace ebook, it has at most 40-some bits of entropy (depending on your hard disk size and its length), and could be cracked on a small cluster in days if your hardrive wore stolen.

A 5-word diceware.com password such as "cleft cam synod lacy yr" has about 63-64 bits of entropy, and is my preferred password type for long passwords because it is fairly easy to remember. A 10-character RAD-64 password such as "4TFA/ii+Xc" has 60 bits. An 18-digit random number has about the same.

If you can narrow each inkblot to 50 possibilities, then a sequence of 10 of them has about 57 bits of entropy in 20 characters. (don't take my word, i calculated it in my head). That's feasible for the govt, or distributed.net, or a very large company. Not bad for a passport account which is unlikely to have its hash lifted anyway, but since I can remember the RAD64 or the diceware one easier and enter it faster, I'll stick with one of them for the accounts I care about.

Anyway, the password strength you need depends on how much you care about what it protects.

For instance, I have 10-word diceware for my PGP master signing key, which is about as strong as the hash. Accounts that I don't really care about, like /., have lousy passwords which are variants on an older one, but are easy to remember and quick to enter. You won't guess any one without looking at the others, and I wouldn't care much if you did.