Slashdot Mirror
Your Passwords Don't Suck — It's Your Policies
First time accepted submitter eGuy writes "ZDNet sparked a debate about password policies when John Fontana wrote about my open source (LGPL) password policy project that rewards XKCD-like passwords. Steve Watts of SecurEnvoy replies that it is too little, too late. What think ye? Is there hope for passwords?"
Every time a see a password like this "12ol3jkh!!asrdfw9g8" or "^TFGY78UH" I want to vomit. Why not make your password something like "This chicken tastes like shit!"
The trouble with the pass phrase concept is that the whole words just become tokens. Most people's vocabulary is not that large. You could use a common spelling dictionary and toss in the like substitutions 0 for o excetra and you don't really have a key space much larger than normal 7 character or so passwords offer
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
A white jacketed southern gentlemen's password is "This secret spice makes shit taste like chicken"
I got to the chocolate box before you, that's why the hard ones have teeth marks.
Any password policy that basically forces you to write down your password somewhere is broken. Sure, you can use a password vault but that's cumbersome for the various dozens of passwords strewn about the web and on mobile devices. But my biggest gripe is sites that lock you out (requiring a phone call) after 3 incorrect guesses. I could understand 100 incorrect guesses, but 3 guesses is not enough to recall a password when you have not used it in several months. One hundred guesses by a computer/hacker is nothing compared to the full password space.
...is why is it all so difficult to come up with some scheme to secure internet accessible resources. Corporate policy for me require password changes every 90 days and disallows any of the last eight passwords, and the use of letters and numbers. Effectively, I'm forced to write it down, negating all their efforts at obscurity. When will some bright CS geek invent a real solution to this problem. Is it that hard? Can't it be as simple as probing me for dynamic info that only I would know? How about visual methods- ask me who's in this picture of my co-workers or what is this family snapshot from my past, etc.?
Have you ever noticed that anybody driving slower than you is an idiot, and anyone going faster than you is a maniac?
sandra bullock upload virus
good luck with that i have a zero balance
cowboy neal is the joke reply
You'll have to imagine there are no spaces, because it won't pass the /. filters as a concatenated string.
Sure, its 28 characters, but its still lowercase only.
That makes it a lot weaker, no?
It makes it weaker by a factor of about 2^28.
Which sounds like a lot, but when the lowercase password space is already 26^28, it's not much.
XKCD's math is sound.
DRM: Terminator crops for your mind!
i.e. 7 characters one must be a non-character or capital.
The result is that people like me chose passwords that a keyboard patterns that anyone could guess if they watched me type it.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
I will usually do something that is a short phrase, separated by hyphens or spaces, with the first letter capitalized, and one of the words l33tified. Tends to work very will with 12+ character passwords. Though I've been considering doing something new using a generator.
I really wish that more places would simply let you use a long password, and use confidence testing with something like this, or like the Wolfram Alpha algorithm for password strength. I get sick when I'm limited in length, or need certain characters, or others are disallowed. anything in the ascii 32-126 range should be allowed.. with the input trimmed so leading/trailing spaces aren't included. (For that matter, if you can use UTF-8, do it, again trimming, and eliminating control characters (<ascii 30)
Michael J. Ryan - tracker1.info
The OED Second Edition contains entries for 171,476 words.
If you choose at random from the complete set, there are 8.6E20 possible four-word passphrases.
This is enough to rule out brute-forcing. But notice of course that both assumptions are critical. An average person doesn't have a 171,476 word vocabulary and humans can't make genuinely random choices.
I recommend the Diceware system: a list of 6^5 short words, from which you select each word of your passphrase by rolling five dice.
All of which addresses the wrong problem. Online guessing can be suppressed with rate limits on login attempts. Offline guessing is greatly hindered by adequate salting of the hashes. Today's most dangerous threat is phishing (well, that and password reuse, but that's a related problem).
The main problem is indeed the policies. While I (mostly) agree with the main statements TFA makes, I have my own note to add:
.
My bank's website enforces a MAXIMUM length. I'd love to have a password like "c0rr3c7 h0r53 b4773ry st4p13", but I can't use more than 6 characters.
Yes, you read that right. 6 characters. Maximum.
I fear for my online bank info constantly
Why would there ever be a reason to enforce such a small maximum length? I don't get it.
Unlike porn, which yada yada rimshot hey-ooh!
The problem with XKCD style passwords is the more characters in a password, the more likely I am to make a typo while entering it. I mistype a typical 8 character password a couple times a day. I can imagine what it would be like with a 25 character password.
Well, you can probably blame Little Bobby Tables for that. Depending on the programming language there are plenty of "control characters" in the ASCII 32-126 range, and it's much easier when deadlines are pressing to just restrict input to alphanumerics than try and sanitize against passwords that contain some variant of "'); drop table students;"
UNIX? They're not even circumcised! Savages!
The problem I have with that comic is that the "strong" password is lowercase only.
Sure, its 28 characters, but its still lowercase only.
That makes it a lot weaker, no? I personally use a 17 character long password (for anything important) at this time, being somewhat random and including lowercase, uppercase, numbers and special characters. If there is one thing I have seen from hashtables, its that adding in special characters makes it a lot harder, and sometimes outside the realm of possible.
Never mind that if you know the person is using special characters, you still gonna have a lot longer time cracking, if you know he is only using words, with the help of dictionary attacks you gonna run through them a lot faster.
Oh, and the way I manage to remember my long password is that I take the short, I assume random, passwords that I have been forced to remember for a few years, like for school, and add those together with a special character in between. Makes it very doable to remember.
I think the point is that even with all lower case, it's still "good enough" and far better than a shorter password. Mixed case (assuming you capitalize the first letter of each word to keep it easy to remember) only adds one bit of entropy.
My problem with the xkcd scheme is that users are lazy and rather than pick 4 random words, they'll pick 4 words that are easy to remember in sequence: "haveityourway" "darksideofthemoon" "thesearenothtedroidsyourelookingfor", so with a phrase dictionary and some grammar rules, you still have a good chance at brute-forcing some user's passwords.
Its not a good calculator either:
Compare a scandinavia sentence with a number in it with Same text with the number written. This clearly shows us that the XKCD scheme is more than good enough. And we can still add in things like spaces, underscores instead of spaces, and replacing letters with numbers.
This is enough to rule out brute-forcing. But notice of course that both assumptions are critical. An average person doesn't have a 171,476 word vocabulary and humans can't make genuinely random choices.
True, but humans can download large electronic dictionaries and use a computer to pick, say, 4-8 words at random. Since that XKCD came out, I've used a non-random 35 character string followed by one of my old 8 character gobbledegook passwords as a new 43 character password that I can remember. Takes time to type, but I figure it's the "best of both worlds" for security. Unfortunately, a lot of websites I've tried to do this with have an upper limit on password length that is shorter than this.
- W. Blaine Dowler
http://www.bureau42.com
Congratulations on winning the Slashdot trifecta - you managed to invoke the GPL, cite XKCD, and slashvertise your own project all in one!
What part of "a well regulated militia" do you not understand?
they are conflicted with themselves :
security:6 weak
entropy: 117.5 bits
but try that one:
http://www.wolframalpha.com/input/?i=password+strength+Correct_house_battery_staple :
security: 151 very strong
entropy: 185.4 bits
Jehovah be praised, Oracle was not selected
there was a dot that disappears at the end of the url
Jehovah be praised, Oracle was not selected
...It's too bad there's no way for two hosts to authenticate on a pre-shared key system with a public half and private half for each key, so bob and alice trade public keys and can communicate safely even if eve has both public keys....
I'm not sure what problem you think you're solving with public key cryptography, but it still doesn't remove the password problem. Most people will still want their key to be protected by a passphrase (or some other method that keeps anyone with access to the computer from using it), so passwords won't go away even if everyone uses cryptographic keys to identify themselves.
No, it would be "weaker by half" if the alternative was a single capital letter at the beginning of the password.
In fact, the alternative is that any, some, or all of the 28 characters could be capitalized or not.
So the first character halves the password's strength if it is predictably lower-case.
and the second halves it again.
and so does the third.
Incidentally, halving or doubling the key space is not "a lot," not by any cryptologist's standards.
DRM: Terminator crops for your mind!
Pwds will always be an easy security bad idea, because by the time a new pwd sec-theme is common cracks have been emplace for about five years.
We need to get pass crazy/silly pwds to non-human dependent security. It will cost a little more, but increased productivity and better security will save oodles.
Pwds are in the trench of the Maginot-line of security, stop wasting time and money, get to bio-PKI and beyond. Easy (to manage/implement or cheap) security is bad security physically/virtually.
Unaccountable leaders are masters, and unrepresented people are slaves. How do US and EU fare?
they sure do make it a lot easier, with some downsides as well. i use keepassx on *nix, and keep a portable keepass on my USB thumb drive for windows computer. all my passwords are store in it, all are 25 characters, with around 200 bits of entropy each. the only thing to worry about, is the master password, which was created using keepassx's password generator as well. as long as i remember to exit it before leaving, or at least locking the computer, there's not much to worry about. all passwords different, all strong, and auto-type makes things very easy. the downside is... you dont really know any of your passwords, and become reliant on the program. that's why i keep at least 2 complex passwords committed to memory and use them for common stuff, like my email. it's quite embarrassing to sit by your university project partner, be asked to login to the university website, put hand in pocket, realize you forgot the thumbdrive home, and exclaim "i don't know my uni password at the moment".
my sig pwns your sig
I doubt that he takes care of the fact that this is words vs random characters.
Yes, he does.
Just a question: Do you actually understand what is meant by those "bits of entropy" tallies that he's counting using rows of squares? If you don't know about http://en.wikipedia.org/wiki/Shannon_entropy then you're ill equipped to understand what this comic is trying to say.
DRM: Terminator crops for your mind!
The only thing going for it is that you don't know that it's only lower case letters.
I think this is a very important point that lots of people overlook.
By prescribing the use of various character classes, you are actually weakening the password.
A proper password should allow the use of those classes, but not prescribe them.
When I was a kid, we had a game called "Mastermind". One person selected various coloured buttons and hid them behind a screen. The other person had to guess the colours / sequence.
We had various house rules about difficulty levels. One of the easiest ones was if they had to tell you the pattern. eg:
* double colour
* blank
etc
Same thing with passwords
Ever stop to think
My problem with the xkcd scheme is that users are lazy and rather than pick 4 random words, they'll pick 4 words that are easy to remember in sequence: "haveityourway" "darksideofthemoon" "thesearenothtedroidsyourelookingfor", so with a phrase dictionary and some grammar rules, you still have a good chance at brute-forcing some user's passwords.
You could perform this attack using Google's autocompletion database as a dictionary.
DRM: Terminator crops for your mind!
wait for the beta
rewriting history since 2109
sanitize against passwords that contain some variant of "'); drop table students;"
Uh...methinks you're doing it wrong. What if I wanted "'); drop table students;" to be my password??
We had to reject several applicants because when asked how to prevent SQL injection, they said "Strip out words like UPDATE, DELETE, INSERT" ... well, what if we want to use those words??
Parameterize user input and stop worrying about SQL injection. This isn't 1992.
A computer can't tell if a passphrase is random or guessable, even a human wouldn't necceserily be able to. XKCD/diceware style passphrases however are supposed to be easy to remember despite being completely random, so the proper course is to let the computer generate the passphrase.
Analogies don't equal equalities, they are merely somewhat analogous.
The problem isn't the use of the phrase "drop table students" so much as programmers under pressure, or just being lazy, having to code for the use of characters like semi-colons, brackets, braces, pipes and all those other symbols that tend to cause problems if not correctly handled when returned in a variable. It's an even more tricky situation if the person coding the password input routine is not the same one coding the authentication routine, which happens quite a lot on large projects. It's much easier to code a simple "if password contains {list of symbols} then reject password" than it is to escape each of those symbols and then liaise with everyone else who is using the password variable to make sure they can deal with the escaped characters.
Of course, if it were understood that the password input routine was going to immediately hash the password into a suitably safe string and that was what would be returned in the password variable, then most of these problems simply go away.
UNIX? They're not even circumcised! Savages!
All digital security boils down to the key sharing problem.
And the key sharing problem is "solved" in practice thusly:
Server: O hai! Give me your infos! Here's my certificate.
Computer: Warning! This certificate is not trusted!
User: Ignore warning, add certificate.
Computer: K.
OR
Server: O hai! Give me your infos! Here's my certificate.
Computer: This certificate is trusted because VeriSign totally vouches for these guys.
User: VeriSign?
Computer: Yeah yeah, we totally trust VeriSign. I mean, we've never met them, we don't know their policies, and we rely on VeriSign to tell us if their shit gets stolen, and we basically have no recourse if shit goes wrong, but we trust them.
User: K.
Nobody ever actually checks to see if something is legit because they want it to be painless and automatic. I'd love to be able to go to bank.com and view the certificate, then call the number on my credit card (or go in to an actual bank location) and see if the certificate matches up.
I use about 9 different passwords ranging from the 6 or 7 characters i'm allowed up to the 20's,
i tier them by importance, so if i ever come into any shit, i know what accounts will need to be checked.
I'll also add that i lock my doors and windows, and own a gun, but because i don't have top notch Ub3r l33t h4xoring
skills or a LOIC, i use the best passwords i'm able.
The problem I have with that comic is that the "strong" password is lowercase only.
I doubt Randal intended to make it an example of how to chose a password.
He made it to demonstrate that password policies are poor and alpha numeric passwords with special characters do not guarantee strength (as most people get taught).
Probably most significantly he wanted to say users suck at choosing a good password, they don't have a clue about what they are trying to stop. The number of tech people who think common substitutions make the password exponentially harder to crack too high.
I use randomly-generated passwords (generated by reading /dev/random) that are at least 16 characters wrong. I restrict the character set to [A-Za-z0-9] which is a touch under 6 bits per characters, so I have about 95 bits of /dev/random-quality entropy.
The passwords are stored in a file encrypted with a long passphrase. The long passphrase is probably the weak link, but by not reusing passwords across different websites and using randomly-generated ones, I'm fairly well-protected if one of the sites I visit has its password file stolen.
Hardware token (aka smartcard)?
Here's how it should work: server sends salt to you, your smart card takes salt, plus your password and signs it with a cryptographic private key that is only accessible with the correct password, sends the signed salt back to the server. Server uses your cryptographic public key to see if it gets the same salt back. Password never leaves your computer (barring keystroke logger, root kit, etc in which case you're already screwed), key never leaves your card, result is cryptographically secure.
Why this isn't done: vendor lock-in, shitty OS support, peripheral card readers, shitty key management infrastructure, shitty key management infrastructure, shitty key management infrastructure, and user doesn't want to have to pay for a smartcard, but they cost money.
The DoD tried this. They've been stymied mostly by relying on contractors who insist on using their bad implementation, and VIPs who insist on bad business practices (why can't my secretary log in as me to send me my e-mail while I'm on the road?). That and the fact that they insist on using MS for everything damn thing.
The only thing going for it is that you don't know that it's only lower case letters.
I think this is a very important point that lots of people overlook.
By prescribing the use of various character classes, you are actually weakening the password.
A proper password should allow the use of those classes, but not prescribe them.
In WWII, the Germans wanted their cipher system to be as uncrackable as possible. Therefore, they forbid using the same key two days in a row (among other things). Therefore, the British codebreakers knew at least one thing about the code: the key was different than yesterday. They had other rules, too. And every rule reduced the amount of brute-forcing the British had to do. Of course, learning the Germans' key strategy required the deaths of many Bothans. The password requirements of most websites, on the other hand, are broadcast to anyone who cares.
I am not a crackpot.
I'm glad that there are people who care enough to analyze the strength of things that are so strong they just don't matter.
Anything that lasts beyond 100 years cracking time on $100K worth of hardware (actual, including Moore's law growth in analysis power) is fine by me. If somebody feels they want to spend several months tying up a $100M cluster to break a secret they think I hid somewhere, I must have done something remarkably important with my life.
My problem with the xkcd scheme is that users are lazy and rather than pick 4 random words, they'll pick 4 words that are easy to remember in sequence
To be fair that is not the xkcd scheme. 4 random words is the xkcd scheme. 4 words that are part of a common pre-existing phrase is not.
Your critisism with the xkcd scheme is sort of like criticising by observing that users are lazy, and rather than pick 4 random words... they'll just pick two. Again... not that's not the xkcd scheme.
But the real problem that needs solving is password reuse. I can remember something like correcthorsebatterystaple, easily enough, but I can't remember a different random set of words for all the literally dozens of logins I have.
And since I feel like ranting I am frustrated in that half the time I'm constrained by annoying limits... must be a least 5 letters but less than 10 must have a punctuation and 1 digit and a capital that isn't the first letter... oh, and i have to change it every 30 days... but i start getting nagged to change it 14 days before it expires... so either i change it every 14 days or I get nagged half of every month that my password is expiring soon. Oh, and I can change it to the last password I used either...
Is it any wonder that people come up really lousy passwords?
A: "What are stupid questions I don't want to answer truthfully, Alex?"
.
Also unwise is to have web sites save your info, especially credit card info. Someone cracks the db and you are p0wned.
It is more than just passwords...Heh, don't click that link, Grandma!
I come here for the love
It makes it weaker by a half. Which is definitely a lot. That roughly halves the time that it would take to crack and doubles the likelihood of randomly guessing the password. The only thing going for it is that you don't know that it's only lower case letters.
Weaker by half? So one less bit, right?
I am not a crackpot.
My problem with the xkcd scheme is that users are lazy and rather than pick 4 random words, they'll pick 4 words that are easy to remember in sequence: "haveityourway" "darksideofthemoon" "thesearenothtedroidsyourelookingfor", so with a phrase dictionary and some grammar rules, you still have a good chance at brute-forcing some user's passwords.
All it takes is a simple twist to "haveityourwaydave" "darksideofthegoon" "thesearenotthefloydsyourelookingfor" and the phrase-dictionary attack falls apart, just like a dictionary attack on regular words.
If the password is being stored hashed (and anybody really cares how "strong" it is) it should be checked against a decent sized rainbow table for common words and phrases before being accepted.
I'd love to see a PAM (Pluggable Authentication Module) for this.
Also garbled passwords are going to be far harder for people to memorize if seen by accident.
Not if they do not recognize it as a password e.g. "Remember the lepton-jet meeting at 8am" would look more like a reminder than a password.
Who is passfault! We don't know. Did anyone else start typing in their best passwords to test them then think... wait... I'm just giving these away. They have my IP and my best passwords now.
So I then went to the github site and downloaded the java jar version of this but it is not the same! On the website I tested "abc123" and it said it was weak, less than 1 day, obviously. But the java jar program doesn't notice the pattern and says it would take 8 days to crack.
Time to change my passwords I guess.
Just because you are paranoid doesn't mean they aren't out to get you.
Their demo estimated 18 years to crack a particular password based on a UNIX crypt. Changed the "Password Protection System" to "Microsoft Windows System" and it dropped to 1 day to crack the same password.
Credibility: gone.
Login names should also not be easily determinable from knowing your identity.
the sign in for your email account should not be your email address. It should be unrelated.
The signin for my slashdot account should not be Shavano.
I should not use my name for either, but my employer requires me to use my name for my email account AND my username on its systems.
Even worse, some websites truncate the password silently and just hash the first n characters. Which is horrible.
DRM: Terminator crops for your mind!
We are so worried about our accounts being hacked and at the same time not remembering our passwords. Put a sticky note under your desk or in some easily retrievable (but not moronically easy to find) location. The likely-hood that someone breaks into your computer and steals stuff is much higher than someone breaking into your house and stealing your passwords and computer (given the amount of respective time required for each). Also, if someone breaks into your house, they probably aren't looking for your Facebook password... Or I could be wrong and just blowing smoke outta my ass.
Here's an example of something easy to remember and hard to crack:
Take any sentence with 8+ words that includes one or two numbers. Just use the first character. Thrown in a CAP or two.
Example:
My 9 inch Cock is bigger than your puny pecker.
M9iCibtypp
the key was different than yesterday
And, all other things being equal, this rule would be broken once out of every 26^3 days (or whatever Enigma's keyspace was). Going from that probability to guaranteeing that it won't adds virtually no information at all.
Nonetheless, I bet yesterday's key was always one of the first keys they employed in the brute force attack, because they knew that catching some scatterbrained radio operator forgetting to reset his cipher was far more likely than naturally producing the same key two days in a row in an uncompromised random system.
DRM: Terminator crops for your mind!
You are totally missing the point.
Instead of using an "alphabet" with 26 characters (or 52 with capitals, or 70-something with capitals and punctuation) and choosing a short random string, you use an "alphabet" with 5000+ ideograms (i.e., words) and choose a short random string of these words.
For simplicity, just suppose there are 5000 commonly used English words. Then there are 5000^n passphrases of length n (i.e., containing n words). Obviously, this is much, much bigger than 70-something raised to the n. It does not matter that it is smaller than 70-something raised to the number of characters in the passphrase.
As a matter of fact, my computer's word list contains about 95,000 words. Try to guess the password I will generate with the following algorithm:
Pick 7 random numbers between 1 and 95000. Look at the word indexed by the random number. Memorize.
My PRNG yielded:
74019,69542,70792,42388,32916,63978,55632
which maps to:
purchasing persecute platitudes escalations consummation mum intoned
A quick calculation shows that such a scheme has about bits 115 bits of entropy, compared to less than 44 for a "character" password with the same number of random tokens drawn from the alphabet.
So what's the big deal about using words instead of just longer random strings in the smaller 70-something character alphabet? You would need an 19 character random string drawn from an alphabet of 80 to get as much entropy as 7 words drawn from a dictionary of 95000 words. Clearly, the latter is far easier to memorize than something like "DtnqaELdIA=vozSkC" and provides the same cryptographic strength.
After all, I am strangely colored.
I've become so annoyed with remembering passwords while trying to keep them complex enough i decided to write a vb application which hashes the web address (or game name) with a single master password salt and returns the first 14 a-z A-Z 0-9 characters (for the sake of universal compatibility). The result being if i used "password" as my master password i'd use "t82CUwcZf26uPL" as the password for slashdot. Obviously i use a much more complex password for any site that i have given my personal details to, but for your run of the mill site it's a perfectly strong password.
It means i can never forget or lose my password, and as long as i can run a simple vb.net application i can always log in.
The highly secure NSA and DoD password policy is very thorough, but one thing was left un-noticed about this policy. You can create a valid password by merely running your finder down a colum of the keyboard, and then holding down the shift key and doing the same thing. Really!!
To wit, this password is valid. Run your finger down the left-most column of your keyboard: 1qaz2wsx
Then hold down the SHIFT key and type !QAZ@WSX
Presto, you have a valid password that meets all the security requirements the NSA and DoD have imposed upon you.
Now that's okay for creating system images for deployment.
In 45 days when you need to change your password again, just shift to the next row of your keyboard. This will keep you okay for a couple of years or so until you run out of keyboard rows to use. Then, you just do it backwards. It really is that simple.
Try it!! It's almost unbelievable.
Kriston
try and sanitize against passwords that contain some variant of "'); drop table students;"
Why would anyone ever want to put unencrypted passwords into a database?
Very good analysis.
Let me take a different direction:
Like or hate it, Ubuntu is the top OS distribution.
And it asks you for your password. A lot. For updating software. Running gparted. Adminning.
It can get annoying constantly typing it in. Any comments by other Ubuntu users?
I'm not a lawyer, but I play one on the Internet. Blog
You can blame lazy programmers, really. Most web-facing programming languages like PHP or databases like MySQL provide easy to use sanitizing methods that make SQL injection null and void.
The problem stems from the fact that, long ago, such methods were unavailable and nobody bothered changing the code to use them since then.
I tried verifying the certificate with the bank before. They didn't even have a clue what I was talking about.
Why do both XKCD and TFA assume having access to the hashed password? The normal "guessing" case is a password prompt and that'd better not allow 1000 guesses/second (try 10/day or so). The remedy for a compromised database of hashed passwords is: do not use the same credentials in several places. Afraid of someone stealing your hashed password by sniffing it? Use transport level encryption. Apart from that, using a password that you can type quickly and do not need to write down is a good idea.
"I love my job, but I hate talking to people like you" (Freddie Mercury)
It's interesting to me that we don't employ something like a keyfob that generates a code or a code texted to your cell phone, then combine that with a reasonable password. That way, it doesn't matter if your password gets guessed or compromised: the guesser/compromiser still needs the code from your text/keyfob.
I realize it isn't infallible but it would seem to be a very easy next step that would add a significant barrier to the vast majority of criminal methods in use today.
but thanks for spelling out exactly what I just said.
What you said exactly was "my problem with the xkcd scheme..." when your problem is with the users, not the xkcd scheme at all. I realize that's where you ended up, but it was as clear as mud.
The solution to the issue of users picking words, is to just assign them passwords... have dictionary generate the passwords for them.
your password is: fishpopsiclemustardocelot
let them keep hitting "generate" until they see one they like...
Sorry, Golddess. I didn't read usernames so closely - obviously that wasn't your method.
DRM: Terminator crops for your mind!
Just did this:
Start with "awesomepasswordtoday"
1 year, 8 months
Go to "awesomepasswordtoday000"
7 centuries, 8 decades
Go to "000awesomepasswordtoday000"
less than 1 day
This tells me there is something in the logic that makes it a pretty unreliable metric of password strength.
Your password complexity requirements are worthless, users will pick easy to remember, insecure passwords no matter what the requirements are. They will, of course, literally fullfill the requirements. The difference is that you are much more likely to get user cooperation if password changes consisted of the computer picking 4 random words for them, rather than 12 random alphanumerics with a side dish of ASCII barf. The only reason users pick their own passwords for sensitive applications is that they'd write that shit down and stick it on the monitor (or under the keyboard, for the ones who "understand security") if you made it truly secure (i.e. generated it for them).
Right now your users pretend to pick secure passwords and you pretend that they do. You don't want to know how shitty they are, they don't want to tell you. As long as you don't find them on post-its and there is no visible compromise everyone is happy. Of course they should have PIN-secured, challenge-response based one time password generators, but let's face it, your systems just aren't important enough to secure them in a thoroughly user friendly manner. So if you actually do care beyond your users picking the simplest password that passes your requirements you very well might think about randomly generating 4 word passphrases for them, I think you even have some volunteers for a trial.
Analogies don't equal equalities, they are merely somewhat analogous.
Wouldn't DigiNotar be a good example of that so called "trust"?
I'm glad that there are people who care enough to analyze the strength of things that are so strong they just don't matter.
For some people (I'm one), the problem is the point of it all. Banging your head on that for days, weeks, months, years, is fun. That's what it's all about. A sexy problem's like gold. If you find the solution, (figuratively speaking) "Now what am I going to do?" Einstein spent most of his life fruitlessly banging his head on gravity. A good problem's addictive.
Anything that lasts beyond 100 years cracking time on $100K worth of hardware ...
Somebody recently (a couple of years ago) demonstrated a build it yourself Beowulf that'd do < $100/Gflop. That's verging on "anyone can have one" territory.
If somebody feels they want to spend several months tying up a $100M cluster to break a secret they think I hid somewhere, I must have done something remarkably important with my life.
They could just be practicing on you. Once perfected, they'll have Putin's emails, or Berlusconi's sex tapes, or GWB's smoking guns, ... I agree, this subject is a bit dumb, but if you happen to be that one in a million who looks at a problem in just the right way that a possible solution presents itself to you, would you just blow it off? Me, I can't. I've got to look into it, until it falls over or I get hopelessly lost trying.
Sometimes, for some people, the journey's the thing. Getting there's optional. Beats being Jack the Ripper. What a shitty hobby that was.
"Tongue tied and twisted, just an Earth bound misfit
In WWII, the Germans wanted their cipher system to be as uncrackable as possible.
They blew it, from day one:
- they were using Ultra in the Spanish civil war.
- the Poles cracked it and handed the results to the British and French five weeks prior to the outbreak of WWII.
- some Brit geek ran across it, was intrigued by it, and built his own; within a month he was producing Ultra crypto on his own.
- we were lied to about this for "secrecy".
See Vasili Mitrokhin's (chief KGB archivist who, with the help of the British, defected bringing all of his notes) Archive.
I'm still trying to figure out what Turing and Bletchly Park were doing beyond merely extending this stuff.
"Tongue tied and twisted, just an Earth bound misfit
Dude, everybody does that. It's not the user's fault. It's the designer's fault for creating the stupid requirement.
It would be funny if it turned out that Wolfram Alpha was collecting all of the passwords people are typing and using them to populate the tables of their own password cracker. Nah.
Oh, ":(){ :|:& };:" you.
PS. Don't do that.
"Tongue tied and twisted, just an Earth bound misfit
Somebody recently (a couple of years ago) demonstrated a build it yourself Beowulf that'd do
Restrict the system to one login attempt per user per second. intruders only get 3x10^7 attempts per year, regardless of their equipment.
video world+dog 24x7x365, allow suit for MONETARY damages to give Judge authority to unseal; otherwise let it happen as it happens. Why do you care who I am- you think that would deter ME? Think again. And I don't care who you are nor what you do to my "reputation" since I care not what the entire human race feels thinks says or does - what can you all do? kill me? Torture me? Been done, so wucking fut. I am better able to fight anything imaginable, than anyone else in my opinion able to protect me. I HATE security and privacy and I am convinced that both were invented as an excuse for not serving customers
For having to remember something additional about your password you want more than a bit of entropy. Its not too much harder to remember another common word at the end and get eleven or 2048 times the guesses.
Or a proper random substitution, eg replace the 14th letter with ; or insert it afterwards this also gets some real entropy.
If you think your password is possible to crack in a reasonable time and care about what it protects, you are doing it wrong.
Weaker by half for each letter. With a 28-letter passphrase, that's a factor of 268 million.
72^17=3x10^31. Assuming 100,000 common words, 100,000^4=1x10^20. Using mixed case would require about 35 letters in the passphrase to get equivalent difficulty (2^35=3x!0^11).
Even correcthorsebatterystaple is too complex, we can make it *even* simpler.
Most, if not all of us, have some favourite fictional (or not so fictional) media item, why not try a phrase from that?
Harry Potter fan? Try
Wingardium Leviosa!
Time To Crack:
554042313 centuries
Total Passwords in Pattern:
2 Septillion
Naruto fan? Try
Kuchiyose no Jutsu!
Time To Crack:
1623474350 centuries
Total Passwords in Pattern:
5 Septillion
My favourite one is, when I tried
My Little Pony: Friendship is Magic!
Time To Crack:
1.126570510614998e+23 centuries
Total Passwords in Pattern:
341,000 Decillion
*snigger*
And I dare any Brony to *not* know exactly how the phrase above is spelt, (colon and small letter i for is and all)! (but if you forget, you can always look it up on the internet, the format is always the same)
And many other zillion of phrases, like "The Spice Must Flow!" of "Beam me up, Scotty!", just choose one, typing it is easy since you are use to typing it *anyway* when you use it as a meme or catchphrase on your favourite fandom forums, and in case of doubt, you can always look it up on your fandom wikia.
Of course, if your site (e.g. banks) forces a *Maximum* limit, then you are screwed :(
I am an ACCA student. Got a query on Accountancy/Finance? Maybe I can help!
Rather than put up with a problem which is mainly caused by a broken way of looking at passwords - as a frowny-face stern-eyebrows thing - why not create a solution?
Here's one: make creating a good password into a game.
Download and print the Diceware wordlist and instructions, and buy five dice. Package the list, instructions and dice in a box - say, a shoe-box. Stick a nice "game-y" cover on the box. Set aside a desk in IT (one immediately in front of a blank wall) as the "password desk". Instruct locked-out users that they have to come to IT and play the password game to get their next password. A user uses the Diceware method to generate a password, types it on a typewriter ten times to memorise it, and then shreds the paper (a bit of security theater that might actually be useful).
(In bigger organisations, make up a password game box for each unit manager or each floor of the building(s). Sourcing enough typewriters and shredders might be a problem, so type-and-shred might have to be write-and-eat - on rice paper, of course.)
If you really have to - BOFH habits are hard to overcome - you can still use a stick: a policy that says "if your account is hacked and you were not using a password from the game, you're sacked. Instantly. And billed for costs. If you were using a password from the game, then you're fine, unless we find you wrote your password or messsaged it to someone else."
Just like I said, no way to do it safely. That has about the same amount of entropy as a single character password.
FWIW, it claims it would take a few hundred billion centuries to crack one of my former home passwords (I changed it last year, but remember it well). However, while I think that password/passphrase was probably secure enough, the tool's dictionary appears to be short on words so its estimate of brute-force cracking time is not reliable.
It flagged that disused passphrase as having mis-spelled words largely because it did not recognize two fairly common words stuck together. Actually, the passphrase had no mis-spellings and no 1337-substitutions or interstitial characters. It also flagged the passphrase as having a mis-spelled US city because it did not recognize another fairly common word. BTW, by fairly common words, I don't mean rare or scientific terms like "coprophage" or "syzygy".
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
How else can you mandate a password policy that requires that no more than 3 characters may be the same...
nosig today
I gave a speech on this topic recently, and can only support everything said. Most password policies suck so hard, my rough estimates (presented to an academic audience, no refutations so far) show that they lower the complexity of passwords by at least eight orders of magnitude.
That's not a little bit, that is what brings them down into ranges that are brute-forceable.
I think I should translate the paper into english and get it published somewhere.
Assorted stuff I do sometimes: Lemuria.org
One can do the same with public/private key pairs. Just, instead of a password, give them a specific public key. Refresh that at will. The only thing necessary, as one should not want to keep keypairs around, is a good HW implementation which integrates with browsers.
nosig today
Somebody recently (a couple of years ago) demonstrated a build it yourself Beowulf that'd do
Restrict the system to one login attempt per user per second. intruders only get 3x10^7 attempts per year, regardless of their equipment.
You're assuming they're using networking logins. I'm assuming they've got your in your box and have got /etc/shadow and can go at it at their leisure. Ha, haaaaa!
Sorry. :-) Assume the worst. Hope for the best.
"Tongue tied and twisted, just an Earth bound misfit
Pferde papillon neko-inu-mushi gato dog.
Sure in that speicific case I only used animals name, but that' incidental, that is 5 languages in that password and it is frigging easy to remember, and you rose your space to work with from 20000 headword to many many many more.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Of course, if it were understood that the password input routine was going to immediately hash the password into a suitably safe string and that was what would be returned in the password variable, then most of these problems simply go away.
I go one step further and have all the hashing done client-side!
Information theory is life. The rest is just the KL divergence.
I'm still trying to figure out what Turing and Bletchly Park were doing beyond merely extending this stuff.
Automating it and applying it to a practical purpose. Breaking the ciphers wasn't the end in itself: getting access to the plaintext as fast as possible in order to inform military operations while the intelligence was still relevant was the end.
Usernames for a vast number of sites default to you email address - with a different password for each site.
As such, people end up sticking patterns in their passwords to keep track of which is which... or, worse, they use the same pwd for every account.
I'm more worried about the number of times I've put the wrong username / password combo in a login prompt for some site, when that username/password is valid for another side.
muscle memory too, is a killer in this regard.
eg if your email address is the same as your domain username - how many sites have you given your work account details to due to muscle memory alone?
Sure, the site failed the login - but who says they destroyed the details of the attempt ?
By applying the character check BEFORE hashing the password and storing the hash in the database?
you forgot the spaces
Your pass-phrase is quite tricky to remember and type reliably. A better approach is to use different languages in order to increase the dictionary size. If you pick at random among the languages that use latin script, you can easily get a dictionary size above a million words. Just 4 such words would give a number of combinations exceeding 10^24. Even if you could try a thousand trillion combinations per second, it would still take in excess of thirty years to try them all.
Actually everyone of us can quite easily remember 26 characters long random "password". The one we _do_ remember starts with "abcdefg..". If that isn't random (the order of alphabets) then maybe someone can tell us an easy way to conclude why alphabet "a" is followed by "b" and then why it's followed by "c". AFAIK the order of alphabets is just an agreement and could be as well "qwertyuio..". My point is that random passwords can be remembered the same way as the order of alphabets. At least here in Finland kids are taught to remember alphabets by "singing" them in order. Random passwords can be quite easily remembered by the same way. Repeat the characters in your mind (speak them to yourself in your mind) ten times (or something). It's also good way to type the password a few times while repeating it in mind. It's also good to use the password for a few times during the day or a next few. If you can remember the layout of your keyboard then why much shorter random password should be any harder? I do agree that sentences are easier to remember and the xkcd comic has it's point.
83978 centuries HAHAHAH
the key was different than yesterday
And, all other things being equal, this rule would be broken once out of every 26^3 days (or whatever Enigma's keyspace was). Going from that probability to guaranteeing that it won't adds virtually no information at all.
You'd think I'd eventually learn not to use examples on Slashdot . . .
I am not a crackpot.
I cannot stress how important special symbols are if you don't want a password cracker to work.
If you pop default OPH XP Cracking disk in a drive the only thing (bar a locked bios and no boot from disk) that is going to stop you is a special character. In many real life situations "#" is a safer password then "ajrfvd".
Troll is not a replacement for I disagree.
My early post suggested expanding the idea of "passwords" to include dynamic info that only the user would know rather than just a passphrase- some sites are already doing this. The replies suggested that sharing this info with the secured site means that it would no longer be only me who knew it. But that's already true then, isn't it? My point is the problem needs to be looked at differently- instead of letting computers do security like a computer, we should make them do it like humans. How do humans secure real (vice virtual) assets? What are we good at and where are our failures? It should actually be easier to achieve the sought after increase in security than what we are currently doing. The only brute force cracks are distributed test projects and complex passwords are more often less secure. If you cannot remember your password, you're gonna have to record it somewhere.
Have you ever noticed that anybody driving slower than you is an idiot, and anyone going faster than you is a maniac?
Long live the passweird!
And, I wasn't really being sarcastic - I am truly glad that people work on these problems.
On the other hand, my favorite stream ciphers are based on very long period PRNGs like the Mersenne Twister - period of 2^19937, make your key as strong as you like.
If they have that kind of access, why worry about passwords?
Somebody recently (a couple of years ago) demonstrated a build it yourself Beowulf that'd do
Restrict the system to one login attempt per user per second. intruders only get 3x10^7 attempts per year, regardless of their equipment.
You're assuming they're using networking logins. I'm assuming they've got your in your box and have got /etc/shadow and can go at it at their leisure. Ha, haaaaa!
Sorry. :-) Assume the worst. Hope for the best.
Yeah, my favorite analogy is that you're encasing your secret in a strong box, but the people trying to break in have unlimited unfettered access to it. So, even if it's one meter thick titanium/diamond composite alloy, it might be expensive and slow to get in, but if they throw the resources at it, they'll get in eventually.
Of course, current crypto theory allows for exponential growth of cracking difficulty with linear growth in password length, so, under current theories, you can easily make it impractically expensive to ever break in - if your users can remember a sufficiently complex password for the front door.
Yeah, my favorite analogy is that you're encasing your secret in a strong box, but the people trying to break in have unlimited unfettered access to it.
I like the way you think. Yes, assume attackers have all the time in the world (ie., they've got your /etc/shadow). What's *our* downside? Really?
To the others in thread, yeah, they're in. That doesn't necessarily mean "they're in". If everything's crypto'd, they're still fscked (assuming no keyloggers).
BTW, I'm no crypto/security expert, so don't expect miracles from me. Just sayin'.
"Tongue tied and twisted, just an Earth bound misfit
Did you set the options correctly?
If I set the cracking hardware to be "an average GPU" and the same password that would take 2 days when protected by Microsoft Windows System (1 round md4) would take 54 centuries using bcrypt.
Admittedly the software on the website is only set up as a demonstration. It grossly underestimates the speed of GPU based cracking at the moment (it multiplies the speed of CPU by the number of stream processors), and lacks many types like crypt-md5.
But the underlying concept (determine the pattern used, assume the cracker knows the pattern used, calculate the number of passwords that fit this pattern, divide by crackers check rate) is sound.
Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
The difference is that you are much more likely to get user cooperation if password changes consisted of the computer picking 4 random words for them
And why in God's name can't sites do this? Especially if you want to make four-word passwords the norm, just generate them.
For having to remember something additional about your password you want more than a bit of entropy.
Ok, but even if it does add only a bit, that still meets the definition of "exponential". /pedant
DRM: Terminator crops for your mind!
I guess I should finish my sentences...
...may be the same of previous passwords.
nosig today
I recommend less paul passwords, you know, the google doodle guitar thing. just pick a song you like, and learn how to play it in the keyboard. If you are good enough you could even throw shift as if it was a sustained pedal. Its very easy to memorize (if you pick a good song), entropy should be enough to make dictionary attacks void and the length will throw brute force attacks off. Just be sure to pick a fast paced song since you will most likely type with the songs tempo.
The solution to the password non-problem is obvious. I worked it out it years ago and never looked back.
1. Think of a hash which turns two letters into 6-letters-plus-2-numbers (use alphabet position for the numbers)
2. Use it to encode the first two letters of the site or app name
That's it. You get a different non-alphabet password for every site or app, and you'll never forget anything if you remember the hash. Why the hell are we having this debate? We should just get on with it and evangelize for this technique. It's easy and failproof. The only hard bit is learning the number-correspondence of letters, but even just using a favorite number instead the solution is somewhat secure.
The problem isn't the use of the phrase "drop table students" so much as programmers under pressure, or just being lazy, having to code for the use of characters like semi-colons, brackets, braces, pipes and all those other symbols that tend to cause problems if not correctly handled when returned in a variable.
Why is there a problem with them if they are returned in a variable (how else do you plan on returning them, smoke signals?)
When one person writes one piece, and another writes another piece, you have things like specifications to help you with the communication issue. It works in other areas of programming, why can't it work with verifying passwords? Better yet, instead of saying "Hmm I'll just strip these characters because I am a moron" why not write the code to handle ALL the characters. You know it is usually easier and simpler to do that anyways.
That is what kills me. It is actually easier to do the right thing, that it is to prevent you from not using certain characters because you don't like those characters.
My problem with the xkcd scheme is that users are lazy and rather than pick 4 random words, they'll pick 4 words that are easy to remember in sequence: "haveityourway" "darksideofthemoon" "thesearenothtedroidsyourelookingfor", so with a phrase dictionary and some grammar rules, you still have a good chance at brute-forcing some user's passwords.
Who said the users get to pick the words?
It's trivial to have all or some of the words picked at random.
Assorted stuff I do sometimes: Lemuria.org
Do you also like lively protoplasm?
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
No its not exponential, you just are doubling it. Only if you chose to represent it as 2^x does it look exponential.(2*2^x=2^x+1)
The inverse exponential is what you should be using to calculate your linear multiplier in bits.
Well, that doesn't mean you can't rely on biometrics or physical keys as passwords... It just means the server doesn't KNOW you're using one of those methods.
The easiest is to visit password card and print off a password card. This is your new PHYSICAL INTERNET KEY!
It generates a string of completely random letters, numbers, and symbols. These are in a grid, so you don't have to remember your whole password - just where your password begins. This defeats the number one security flaw: laziness. Eventually everyone gets lazy. So getting in the habit of *secure laziness,* like using a password card, prevents stupid passwords like 110v3k1tt3ns.
The importance of the password card is in the dictionary. Yeah, yeah, its hard to guess a 4-8 word sentence of random words. But its easy to compile a list of known passwords and use them for all future brute-forces. Every successful brute-force makes *every single subsequent attack* easier. The only way to combat that fact is with truly random passwords using every possible character-set, and never ever using the same password for more than one thing.
Using a password card allows you to have one single 'key' to get into every secure location, without ever re-using a password. Its easy for you, difficult for hackers.
common substitutions make the password exponentially harder to crack
each one doubles the effective keyspace.
Successive doubling is an example of
wait for it
exponential growth
DRM: Terminator crops for your mind!
The government has, the Estonian government that is. Now for the hard part, getting everyone else to adopt a sane, user friendly system like that.
Analogies don't equal equalities, they are merely somewhat analogous.
Yes, the password is based on dictionary words.
Except there are several of them in a row.
Say that there are 5'000 common words in English.
The phrase has to make sense, so actually there's only a subset of those 5000 which can follow a given word without breaking grammar rules.
Let's say this subset of "next grammatically correct option" is 1000.
A string of five word gives you a space of:
1000 ^ 5 = 10 ^ 15 possibilities
When using a combination of 80 sings (small and capital letters, numbers and a couple of punctuation marks), this is exactly the same as :
ln(10^5)/ln(80) = 8.4
Thus picking such a phrase would give roughly the same password strength as using 8 purely random characters (enough for the usual requirement for most passwords).
If "at least 8 characters long, including capital letters, numbers and punctuation" passwords are good for most situation, this phrase should do the trick, even more so because most passwords people will provide won't actually be purely random strings but modified words ("(hick3n!", "sHit_666", etc.) which are much more easy to crack than purely random strings.
Now of course, a completely alternate strategy would be to generate 64-caracters long strings of purely random shit, and then use a keyring manager to remember them for you.
(If the authentication supports non-ASCII caracters, that would give you roughly 10^149 combinations. Down to 10^126 if you use only 96 printable symbols)
Or even move to public/private key strategy for authentication.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]