How Many Seconds Would It Take To Crack Your Password?

DillyTonto writes "Want to know how strong your password is? Count the number of characters and the type and calculate it yourself. Steve Gibson's Interactive Brute Force Password Search Space Calculator shows how dramatically the time-to-crack lengthens with every additional character in your password, especially if one of them is a symbol rather than a letter or number. Worst-case scenario with almost unlimited computing power for brute-forcing the decrypt: 6 alphanumeric characters takes 0.0000224 seconds to crack, 10 alpha/nums with a symbol takes 2.83 weeks."

Huh.

I wonder if he's caching every string entered into a dictionary file...

Re:Huh.

Steve Gibson is legit, but I still wouldn't type in my Capitol One password or my NSA password.

Re:Huh.

[jonadab]

You don't ask about your actual password. You check one that's similarly complex.

However, I noticed that he's not *checking* a dictionary file when evaluating password strength. The actual strength of a password like "spastic-elongated-kremlinitude" is pretty good, but his checker's figure of four hundred thousand trillion trillion centuries to crack with a high-end cluster is optimistic beyond the bounds of all reason. That would be naively building it up character by character, and *nobody* does naive character-by-character brute forcing for passwords that long. That's like building a skyscraper without power tools.

Re:Huh.

[Copperhamster]

That's why you test by faking something similar. If your password is P4$$w0rd then you enter something like H3ad$h0+ Same number of characters with similar construction (multicase, symbols, numbers).

One thing that I know, running a site people try to hack into, they're not going for my long, complex password, as much as they are going for the low hanging fruit of the people using 'wordpass' as their super sekrit unguessable password.

Re:Huh.

Pretty much everything you wrote is wrong other than your first line.

5 random lower case characters + one upper case = 52^6. It would be 26^6 if and only if you knew exactly where the upper case letter was, which is an unreasonable assumption. Adding an upper case letter would eliminate a straight lower-case dictionary attack entirely and double the pool of possible characters from 26 to 52. There are 6 places, so 52^6.

You make the same mistake in several other locations.

To address your other claim, "Adding one extra capital, number or symbol to a password does not increase password strength that much." ... You make this claim only because your math is so hilariously wrong.

Re:Huh.

[hackertourist]

Based on what? You're arguing that Gibson is wrong, but your reasoning amounts to saying "nuh-uh".

The attacker knows that there are 6 characters in a password. Or does he? I'd want a hashing algorithm that hides the password length by turning any password length into e.g. a 64-character hash.
Even assuming he knows it's 6 chars, how can he know there are 5 lowercase + 1 uppercase? Assuming the hash doesn't give clues (which would be a weakness in the hash function) I see no way the attacker can infer 5 lowercase + 1 uppercase (and guess correctly at which position the uppercase will be).
Therefore he has to assume a search space of lowercase+uppercase for all positions, which leads to 52^6.

Re:Huh.

[Bengie]

"5 random lower case characters + one upper case = 26^6 * 6 NOT 52 ^ 6" Wow, who told the hacker that it is a 6 char password with 1 upper case and rest lower case?

If someone is bruteforcing your password, they can make no assumptions. (alphabet size)^(number of spaces)
Where (alphabet size) = group your char is in. eg "!" is is part of a 10 char group, so using ! gives your alphabet an extra 10.

I Lets see, upper and lower, that's 26*2, then "[]", that's another 12, "3", that's 10, * makes it another 10, "~+" is at least 6 but not sure which group. OK... that's an alphabet size of 90 and is 17 chars long. 90^17 = 1.6677181699666569e+33. Almost as strong as a GUID, but easier to remember.

Re:Huh.

[Bengie]

slashdot ate my example... mother...

Re:Huh.

[Bengie]

Dictionary attacks are worthless as soon as you break up a word.

Re:Huh.

[RoboJ1M]

What happens if I add something from the arse end of unicode?

Re:Huh.

[PIBM]

Actually, the main problem is that you don't know what search space order the enemy might use. If he's using a-z up to 9 chars, then A-Z up to 9 chars, then a combination of both aA-zZ up to 9 chars, then add numbers 0-9 to the previous aA-zZ, before finally adding in symbols, then a simple password being $ would have searched through 62^9 + 33, not simply 33. Sure we need to simplify the problem to make it interesting for the users, but it`s akin to saying that the password zZzZzZzZz has a search space of 2^9. It`s much more simple with hindsight, beside, now I have a search space of 1^1 ! ;)

Re:Huh.

[PIBM]

How can he assume there are no special characters ? Numbers ? If he can assume only lower+upper, should not he also be using a best guest distribution of the upper case letters ? While it can be a totally random password, most of the users won`t use those. As such, optimizing the problem can reduce the average percentage of the search space by a lot!

Re:Huh.

[DrXym]

I bet that every time news comes out of a password list that many people reach for the nearest online MD5sum / SHA1sum calculator so they can search the list to see if their password is on there. Of course now their password, however strong it was before is now is worthless since they've just given it to some random website which for anyone knows is run by a malicious operator or could be hacked in its own right. Similarly, if you found some rainbow table sight and typed in your hash and it was not discovered, the site might make it a priority to brute force that hash in case it comes across again.

The moral is don't use online password complexity calculators or hashers or rainbow lookups with your real password or hash.

Re:Huh.

[MasterOfGoingFaster]

The man is an idiot. Adding one extra capital, number or symbol to a password does not increase password strength that much. The algorithm assumes that all places in the password can be all characters.

Disagreeing with you doesn't make him an idiot.

Since we don't know what position a capital letter might occupy, I think we can agree that this expands the MAXIMUM search range above 26^6 and below 52^6+1. That's the teaching point the tool is designed for. It is not designed to be an accurate estimator, but more of a shock value tool to get the attention of users. It has some value in that role.

Re:Huh.

[Bengie]

Optimizing for low hanging fruit means you will NEVER get the higher fruit. If one uses pass-phrases correctly, the average case will be with in a few magnitudes of a brute-force average case. This also means you need to dedicated A LOT of resources to breaking the password. If you're going to have a super-computer cluster that is going to cost millions to break a password, are you willing to chance optimizing for something that might NEVER break the password or just brute-forcing from the get-go?

Re:Huh.

[hairyfeet]

Mine is huge but then again I found an easy way to get a huge password...anybody seen how big the serial is on your average bass? Its got uppercase, lowercase, numbers and symbols and its pretty long and since I know my babies and never sell them its a pretty easy set of long passwords to keep up with.

As for Gibson...sigh...is the man EVER gonna update Spinrite? While i was never big on using it for data recovery it made a pretty damned awesome stress tester for hard drives but since he hasn't updated it in years it won't support HDDs over...either 500Gb or 600Gb, I can't remember which. which sucks because Spinrite was a great way to find out if a drive was toast or could be salvaged as a USB drive or was good. you'd be surprised how many drives would have one or two bad sectors that for some reason Windows refused to mark as bad but were otherwise good and could be used for years as external video drives or oversized USB flash drives. With Spinrite you'd just pop it on a box in a corner and let it run a day, it'd bypass the firmware, do the number of read/writes you set, and any sectors that didn't return the correct value would be flagged as bad by the firmware, never to be touched by windows again. it really was a great little tool and sadly I've yet to find a tool that did that one little job as well as Spinrite.

Steve if you read this update Spinrite already!

Re:Huh.

5 random lower case characters + one upper case = 26^6 * 6.

6 random case random characters = 26^6 * 2^6 = 52^6.

Check your own math first.

Re:Huh.

[PIBM]

Optimizing the search space does not remove the components, it just search strategically through the whole ordeal. Just has searching through a-z is quite interesting because a lot of password are in there won`t prevent you from searching through aA-zZ afterward should the problem still not be solved.

Re:Huh.

[chill]

Mine is huge but then again I found an easy way to get a huge password...anybody seen how big the serial is on your average bass? Its got uppercase, lowercase, numbers and symbols and its pretty long and since I know my babies and never sell them its a pretty easy set of long passwords to keep up with.

If I ever catch a bass with a serial number, I'll give up fishing. Do you work in some genetics testing lab or something?

Re:Huh.

[SirDice]

If someone is bruteforcing your password, they can make no assumptions. (alphabet size)^(number of spaces)

This assumes the minimal and maximum password length is the same, i.e. there are no passwords less than the "number of spaces". The total size of the keyspace is actually: (alphabet size)^(0) + (alphabet size)^(1) + (alphabet size)^(2) + ....... + (alphabet size)^(number of spaces - 1) + (alphabet size)^(number of spaces).

Re:Huh.

[hawguy]

Optimizing for low hanging fruit means you will NEVER get the higher fruit. If one uses pass-phrases correctly, the average case will be with in a few magnitudes of a brute-force average case. This also means you need to dedicated A LOT of resources to breaking the password. If you're going to have a super-computer cluster that is going to cost millions to break a password, are you willing to chance optimizing for something that might NEVER break the password or just brute-forcing from the get-go?

But most of the time, an attacker isn't trying to hack some specific password, he's got a database will a million passwords and he wants to hack as many as he can as quickly as he can because stolen password databases quickly lose their value (either as people reset their password, or as other hackers who have the same password database hack and exploit them).

If he can use heuristics to limit the search space to test passwords more quickly, that'll give him the most bang for the buck, even if it means he misses out on many more complex passwords.

Re:Huh.

Dictionary attacks are worthless as soon as you break up a word.

You didn't think "dictionary attack" meant using the English dictionary, did you?

Oh, you did. Well, it means using a password dictionary.

Re:Huh.

[Bengie]

But most of the time, an attacker isn't trying to hack some specific password, he's got a database will a million passwords and he wants to hack as many as he can as quickly

That's what makes pass-phrases so useful. It protects you from being a low-hanging fruit, so you probably won't so much as a glance, and even if they did focus on your account, it is very strong if done correctly.

Probably best off using something like LastPass, with one strong pass-phrase, and full strength random passwords for the actual sites.

Re:Huh.

Actually, no. 52^6 is 6 random mixed case characters - a much larger search space than 5 lower + 1 upper. The number you are looking for is much smaller = 26^6 * 6. Here's why - with 5 lower + 1 upper, you have 6 alpha characters = 26^6. If exactly one of them is uppercase, then the search space is only expanded by -- change the first character to upper, change the second to upper, etc = 26^6 * 6. If you think there are passwords outside of that search space, then try to come up with a 5 lower + 1 upper password that cannot be found by looking at ALL combinations of 6 lower and make one of them upper.
Gibson makes this type of error when he claims that haystacks are a good password technique. He forgets that 1) people are lazy and 2) hackers tune their search strategy because of #1. People who use haystacks do so because they want something easy to remember. So they probably use a dictionary word with minor alterations (all lower+numbers, make one of them uppercase) and then add a bunch of periods. But they can't just add a random bunch of periods - they have to use a number that they can remember (in addition to remembering the password itself), so it's probably no more than 10 (probably 7). A search strategy tuned to this will find passwords much faster than he claims = do the normal 36^n search space of lowercase + numbers, then for each of them, change one of the letters to uppercase. then for each of these passwords (all lower + all of the change one to upper), add 1-10 periods to the end. Assuming the base word is no longer than 8 and the number of periods is no longer than 10, the search space is at most 36^8 * 9 (no lower + at most 8 ways to make one upper) * 10 (number of periods) = much lower than 96^18.
Of course, you can manipulate the algorithm, but most people are lazy and besides, you have to remember the algorithm you created. If you are not using an easy haystack, you might as well use a nice strong password with a nice password vault.

Re:Huh.

[allo]

> 5 random lower case characters + one upper case = 52^6
nope.
its 26^5 * 6 * (6 choose 1)

Re:Huh.

[allo]

err, why the 6 from the parent for the Uppercase-One?

My post is valid for 5 lowercase and one symbol from a set of 6 symbols, of course.

Re:Huh.

[allo]

in the worst case? the site stores your password in the wrong way and you can never login again.

Re:Huh.

[allo]

and will i-su-SLASH-rf-on-DOT be in your password dictionary?

Re:Huh.

[Narnie]

cc#dd#eff#gg#aa#bcc#dd#eff#gg#aa#bcc#dd#eff#gg#aa#bcc#dd#eff#gg#aa#bcc#dd#eff#gg#aa#bcc#dd#eff#gg#aa#bcc#dd#eff#gg#aa#bcc#dd#
Is that you?

Added to circumvent filter: Damn you lameness filter! Of course it repeats! It's a f'ing scale!

Re:Huh.

[benro03]

Look something up before you open your mouth. Steve was writing programs for the PC before you were born and was one of the first people to trace a trojan back to IRC and actually TALK to the guy who wrote it. SpinRite was the first program for fixing disk drives at the hardware layer and probably still is.

http://en.wikipedia.org/wiki/Steve_Gibson_%28computer_programmer%29

http://www.grc.com/intro.htm

Re:Huh.

[Narnie]

It certainly is now.

Re:Huh.

[Carewolf]

Pretty much everything you wrote is wrong other than your first line.

5 random lower case characters + one upper case = 52^6. It would be 26^6 if and only if you knew exactly where the upper case letter was, which is an unreasonable assumption. Adding an upper case letter would eliminate a straight lower-case dictionary attack entirely and double the pool of possible characters from 26 to 52. There are 6 places, so 52^6.

Sigh. If you can not do combinatorics do not comment on it.

5 small letters = 26^5 combinations
1 capital letter = 26 combinations
Combinations of position of capital letter: 6

This gives 26^6 * 6..
Everything I wrote was correct. Try again idiot.

Re:Huh.

[Guspaz]

Even taking Gibson's original category of all-lowercase alphanumeric, his time-to-crack figure is silly (in that it's not realistic):

36^6 = 2,176,782,336 possible combinations
0.0000224 seconds to crack (given by grc)
2,176,782,336 / 0.0000224 ~= 97,200,000,000,000

So, somebody is going to devote a supercomputer capable of trying 97.2 trillion passwords per second to cracking a password for some service that I'd use? Right...

For an idea of how big of a machine you'd need to try 97.2 trillion passwords per second, Toms had two high-end GPUs in SLI doing 1.5 billion per second, which means even with GPU acceration you'd need roughly 65,000 machines...

Re:Huh.

[Medievalist]

Since we don't know what position a capital letter might occupy

Sure we do. It's the first character. And the numbers are the last two characters, and if you want to crack them quickly you start with the current year (12) and work backwards. If you make them use a special character it will be either @ or $.

Your password may be different, but I don't care - for every one person like you there's a thousand who will do just what I said, no matter what you tell them.

Because, see, all this theory is fine, but in real life your end-users don't understand and/or don't care, and when you make them use a pattern (must have at least one upper case, at least one digit) the majority of them will respond predictably, decreasing the search space.

Re:Huh.

[Carewolf]

"5 random lower case characters + one upper case = 26^6 * 6 NOT 52 ^ 6" Wow, who told the hacker that it is a 6 char password with 1 upper case and rest lower case?

The requirement that at least one letter is uppercase. In most case that means exactly ONE. A smart brute force would start by assuming only one is upper-case, which means passwords with only one uppercase letter will be broken long before passwords with more than one

The article linked even makes the argument that adding ONE symbol greatly increases the password strength. As I demonstrated, if you add exactly ONE symbol, you do not greatly increase password strength, in fact, it is more or less the same since the symbols people normally use are much more limited than letters.

Adding upper-case letterS or symbolS is a good idea, but one symbol is never going to make a 6 letter password strong.

Re:Huh.

[Carewolf]

Disagreeing with you doesn't make him an idiot.

He doesn't disagree with me. He is wrong. Of course idiot is still a strong term, I only used it because he present poor password advise as if he knew what he was talking about.

Since we don't know what position a capital letter might occupy, I think we can agree that this expands the MAXIMUM search range above 26^6 and below 52^6+1. That's the teaching point the tool is designed for. It is not designed to be an accurate estimator, but more of a shock value tool to get the attention of users. It has some value in that role.

Since we don't know what position a capital letter might occopy, we have to check as total of password-length positions. For a password of 6 letters, that is exactly one of 6 positions it can occupy.

Disregarding capitals to start with all 6 letter passwords will have the following form (replace [a-f] with random letters).
abcdef

Adding ONE capital letter to that gives following extra combinations for every existing password combinations:
Abcdef
aBcdef
abCdef
abcDef
abcdEf
abcdeF

Which is why I only multipled with 6. Because adding one capital letter increases the number of password combinations with only password-length. Btw adding two capital letters to a 6 letter password increases the combinations by 15, can you figure out why?

Re:Huh.

[Idarubicin]

Grandparent: 5 random lower case characters + one upper case = 26^6 * 6 NOT 52 ^ 6

Parent: 5 random lower case characters + one upper case = 52^6. It would be 26^6 if and only if you knew exactly where the upper case letter was, which is an unreasonable assumption. Adding an upper case letter would eliminate a straight lower-case dictionary attack entirely and double the pool of possible characters from 26 to 52. There are 6 places, so 52^6.

The grandparent poster has done the calculation correctly, if it is assumed that the cracker knows that there is exactly one uppercase character.

We're all agreed that if there is a 6-letter all-lower-case password, there are 26^6 possible passwords (26 possible character choices in each of six positions), right? For five lower case letters and one upper case letter, we draw five lower case letters (26^5 possibilities) and one upper case letter (26^1 possibilities, because it can't be a lower case letter), and we have 6 choices as to where in the password we place the upper case letter: 26^5 * 26^1 * 6 = 26^6 * 6 possible passwords.

Alternatively, consider our six-letter all-lower-case password and its 26^6 possibilities. We have a dictionary that starts aaaaaa, aaaaab, aaaaac and ends with zzzzzz. If we add exactly one (no more, no fewer) capital letter, then each entry in our original dictionary is replaced by six new passwords, one with a single capital letter in each position: Aaaaaa, aAaaaa, aaAaaa, aaaAaa, aaaaAa, aaaaaA, then Aaaaab, aAaaab, aaAaab, aaaAab, aaaaAb, aaaaaB, and so forth--again giving us 26^6 * 6 possible passwords.

That said, it would be unusual for our hypothetical cracker to have access to that sort of specific information about a password. Why would he know that there was exactly one upper case letter? Far more likely would be some sort of rudimentary password screen that required our password to contain a mix of capital and lower case letters--that is, at least one upper case, and at least one lower case. In that more-likely scenario, the parent's calculation is closer to the mark. Each of six positions could have any one of 52 values (26 upper- and 26 lower-case letters), giving 52^6 possibilities, from which we subtract 2*26^6 options, representing the forbidden all-lower-case and all-caps passwords, leaving 52^6-2*26^6 possible choices.

Re:Huh.

[mcmonkey]

What's the challenge?

Is it: here is a string, length = 6, comprised of 5 lower case letter and 1 upper case letter?

Or is it: here is a string, length between 4 and 8 characters, comprised of lower and upper case characters?

If someone trying to crack my password knows it has exactly one upper case character, I'd assume they know because they have already cracked my password.

Re:Huh.

[Imrik]

Adding one symbol, if it is not required or encouraged by the password policy, does increase the effective strength significantly since a brute force attack will generally leave out symbols to reduce the search space a the cost of missing out on the relatively small number of passwords that use them. However, if it is required, all of the passwords will use them resulting in an overall loss of strength since there are fewer symbols and most people will use exactly one.

Re:Huh.

[Cinder6]

Isn't this assuming the attacker knows your password is 5 small + 1 cap? It's more likely that you have an unknown number of capital and lowercase letters.

Re:Huh.

[Carewolf]

That is correct. I am making the assumption that password checker would check for one capital letter first. Or maybe for no capital letter first and then one.

The assumption is based on the observation that one capital letter is the most common (and what was recommended in the linked article), and that it has fewer combinations than assuming a random number of capitals, so it makes for a good place to start for a brute force password cracker.

The thing is, brute force does not mean you have to check passwords in a random order, you usually check them in the order of what is most common, so following common patterns like adding ONE capital or ONE number, is not going to help you much. Adding one additional lower case letter is usually better.

Re:Huh.

[Carewolf]

Isn't this assuming the attacker knows your password is 5 small + 1 cap? It's more likely that you have an unknown number of capital and lowercase letters.

Yes and no. I was challenging the advise of adding single a symbol (or capital or number) to a password would make it much stronger. As long as it is only a single of each and not a random output of the enhanced alphabet, the resulting password is not going to be that much stronger.

Re:Huh.

[Guspaz]

A botnet probably can't rely on GPU acceleration, and there aren't many botnets out there with half a million machines busy trying to crack my Starcraft password.

Re:Huh.

[torkus]

And if you don't understand the basic concepts behind the topic, applying any amount of mathematics will not overcome the initial limitation.

When brute forcing passwords you don't (typically) know anything about them. It's extremely unlikely you will know "5 small letters and one capital letter" no matter how pretty it makes the calculation. You have to search the random address space based on your criteria in increasing orders of complexity.

Searching the lower case space is trivial compared to lower+upper (and so on) so you start there and move upwards in complexity and length. Adding "one capital letter" forces you into the greater address space because the first will not produce a match.

Re:Huh.

[mcgrew]

Hear that wooshing sound? That's the sound of a bass playing a bass.

All your bass are belong to us.

Re:Huh.

[networkBoy]

what pisses me off is that truecrypt disabled extended ascii for "portability".
I used to use a mu character "" (funny, it shows in preview but not post, http://en.wikipedia.org/wiki/Mu_(letter)) in one of my TC volumes. I can still open that volume with a new version of TC, but if I create a new volume TC won't let me use the mu, because it may not work on *all* systems. I don't care about all systems I care about all systems I am using. Bonus points if it happens to not work on an attackers system.
using [a-zA-Z0-9] + [~`!@#$%^&*()-_+=/?:";'{}|] is all fine and dandy, but when you start using #### values you are virtually guaranteed not to be on any dictionary list, thus requiring brute force only.
-nB

Re:Huh.

[Tumalu]

5 random lower case characters + one upper case = 52^6. It would be 26^6 if and only if you knew exactly where the upper case letter was, which is an unreasonable assumption.

The parent's claim was actually 26^6 * 6. This is technically correct if the attacker happens to know that the password is 5 lower case letters and 1 upper case letter. The attacker does NOT need to know where the upper case letter is.

You say that it would be 26^6 if the attacker DID know the exact location of the upper case letter. So what happens if the attacker assumes that it's the first letter and runs the attack? Then they assume that it's the second letter and run it again. And so on with the third letter..

In the end they only need to run the 26^6 attack 6 times. Hence the "26^6 * 6" claim.

Of course, it might seem unlikely that the attacker would know the search space so precisely (6 letters total with exactly one upper case letter). Then again, if you assume that most people use far fewer upper case letters than lower case letters, the search space can certainly be reduced to well below 52^n.

Re:Huh.

[petermgreen]

If someone is bruteforcing your password, they can make no assumptions.

Bullshit.

The space of all passwords acceptable to a system is generally massive* and it is impractical to search that whole space or even a significant fraction of it. Therefore if users chose a password at random from that set it would be impratical to brute force passwords. However in practice users do not choose passwords at random, they tend to use real words or at least things that sound sort of like real words, shorter passwords are more common than longer ones. If password rules are in place users are likely to do the minimum nessacery to satisfy them (so requiring "at least one symbol" means you often end up with "exactly one symbol", requiring "at least one capital letter" often means you end up with "exactly one capital letter".

The smart bruteforcer orders their search by the approximate likelihood of the combinations to increase the likelihood of finding the password in the time available. Of course there is a compromise inherent in this because making the search order more complex can reduce the search speed.

* systems with retarded maximum password lengths excepted

Re:Huh.

[torkus]

Given that Blue Gene/P is 250,000 processors that's not impossibly large by any means. You won't scale 1:1 by increasing GPU count but if you're going that scale you can also look at dedicated/custom hardware for greatly increased GPU density.

Nothing that's available to you or I, but large enterprise or government certainly have the resources to get time on (or outright purchase) such a system.

Re:Huh.

[philip.paradis]

Calling Steve Gibson legit is a bit of a stretch. If you define legit as "unlikely to use what you enter for criminal purposes," sure. If you define legit as "somebody who isn't a years-long laughingstock and borderline fraud in the security community," then no. Have you ever visited the Gibson Research Corporation site?

Re:Huh.

[3dr]

I wish the summaries would include direct links to the interesting bits, rather than some random ad-fest blog entry.

The underlying tool for all of this is at https://www.grc.com/haystack.htm

Re:Huh.

[Guspaz]

Why would a large enterprise or government want to crack any of my accounts? The XKCD example of a $5 wrench is a joke, but the underlying message is accurate. It's a lot cheaper for a government to just give me a court order for my passwords than it is to devote a giant supercomputer to cracking my email.

Re:Huh.

[networkBoy]

Truecrypt refuses to use it.
My bank incidentally also refuses to use it.

Re:Huh.

[Stele]

A bass once bit my sister...

Re:Huh.

[Mr+Z]

If someone trying to crack my password knows it has exactly one upper case character, I'd assume they know because they have already cracked my password.

Or, they'd just have to know something about human nature and the fact that humans tend toward lower entropy passwords. With any password guesser that's even slightly smarter than brute force, entropy matters. I remember using 'crack' back in my college days (officially sanctioned -- we were testing password security as part of a security audit), and it had rule pattern tables that it would use to guide its search space. It was very effective. The related ANLpasswd (which we also installed) did a subset of the checks that 'crack' did.

If let run long enough, 'crack' could do a full exhaustive search over the password space. (Unlikely we'd let it run that long on our SparcStation 2s, though). But, it didn't just start with aaaa and end with ZZZZZZZZ (using your spec of 4 to 8 chars mixed case as an example). It had varieties of templates for taking dictionary words and short random strings and combining them in various ways. A couple of the filters toward the beginning of the list were "single capital letter", "single digit", "single special character" (where 'special' was any non-alphanumeric byte if memory serves), and then combinations of those things.

The completely dumb brute-force cracker assumes you need to search the entire space linearly, but any smart tool will prioritize toward repeated characters, corrupted dictionary words and other such things first. Such heuristics are very effective. I therefore find the conclusion at the password cracking page that "D0g....................." is more secure than "PrXyc.N(n4k77#L!eVdAfp9" to be very flawed, as it fails to understand what 20+ year old password cracking software already understood of human nature.

Heck, where I work we're required to use machine-generated random mixed-case alphanumeric 8 character passwords. We don't get to generate our own passwords; rather, we pick passwords from a list generated by the computer. We can also hit "regenerate" as many times as necessary until we see a password we "like". I know many people visually filter this list for more "memorable" passwords. As long as an attacker has a good model of the likely filters humans employ on this otherwise random noise, the actual search space for our passwords is much, much smaller than implied by 66^8. (I know at least one former coworker in the "single capital letter" column, for example.) At least our passwords expire every 90 days / 3 months. (Windows and *nix have slightly different expiry periods, and are required to have distinct passwords. Wheee.)

Re:Huh.

[petermgreen]

That said, it would be unusual for our hypothetical cracker to have access to that sort of specific information about a password.

Equally it would be unusual for them to have access to specific information about the length of the password, it could be anywhere between the minimum and maximum lengths allowed by the system.

However just because they don't know theese facts doesn't mean they can't make educated guesses. Humans will preffer short passwords over long ones, they will preffer dictionary words over gibberish. If password rules are in place they will likely do the minimum nessacerry to comply with them. The attacker will know this and will attempt to sort the passwords by probabiltity before trying them.

Therefore = ( + (0.5 x ) x .

This makes true password strength difficult to determine because it requires a determination of how likely the user's password is. If the attacker has better information than you on the likelihood of different passwords then you are likely to overestimate the strength of your password.

Of course a possible soloution to this is not to allow users to create their own passwords at all so that all passwords your system can create are equally likely. That can cause other problems though like people writing passwords down because they can't remember them.

Re:Huh.

[Mr+Z]

Of course, rainbow tables can give a large factor speedup, can't they? With enough storage, you might be able to get further faster, assuming unsalted passwords.

Re:Huh.

[Ksevio]

The thing about the length is that calculating everything smaller is fairly trivial (the same as adding one extra letter to the alphabet i.e. 27^6). If he's brute forcing it, he'll just do all the easy ones first. The upper case letters however, increase it to 52^6 as you said.

Re:Huh.

[milkmage]

"5 random lower case characters + one upper case = 26^6 * 6 NOT 52 ^ 6"

each position in the password has a total of 52 characters possible. (a-z and A-Z)

fifty two to the sixth power is the right answer

Re:Huh.

[mcmonkey]

Heck, where I work we're required to use machine-generated random mixed-case alphanumeric 8 character passwords. We don't get to generate our own passwords; rather, we pick passwords from a list generated by the computer. We can also hit "regenerate" as many times as necessary until we see a password we "like". I know many people visually filter this list for more "memorable" passwords. As long as an attacker has a good model of the likely filters humans employ on this otherwise random noise, the actual search space for our passwords is much, much smaller than implied by 66^8. (I know at least one former coworker in the "single capital letter" column, for example.) At least our passwords expire every 90 days / 3 months. (Windows and *nix have slightly different expiry periods, and are required to have distinct passwords. Wheee.)

I've seen other posts in this thread referring to randomly generated passwords, and I immediately think of the XKCD on passwords. You've come up with something that caters to the machine, not the person.

I have 20+ different user name/passwords combos I need to maintain for work. This means 1) where ever possible I reuse the same password, and 1a) my password tend towards to the lowest common denominator. E.G. one system does not allow special characters in passwords, so none of my passwords have special characters.

If the expectation was I'd keep track of 20+ different random strings, I'd be sending out resumes ASAP.

Allow users to use a 30 character pass phrase, and it's easier to remember and more secure than 8 random characters.

Re:Huh.

[Mr+Z]

Fortunately, where I work, there are only two passwords that matter -- our UNIX / Linux passwords and our "enterprise" passwords that govern Windows and all of our web applications. But, our IT overlords haven't adopted xkcd's scheme and seem unlikely to.

The rest of my passwords on the wild and wooly web are of the randomly-generated variety (13 character mixed-case alphanumeric), but I don't even bother trying to commit any of them to memory except the couple I use daily. I keep the ones I don't use daily in an encrypted file and copy-paste them into websites. If my LinkedIn password hash was among the compromised hashes, I'm not too worried -- they'll decode many other passwords before they get to mine, and the most they'll get if they get to my LI password is my LI account. With 6.5 million hashes, they'll probably reverse several hundred thousand (if not a million or more) before they decode mine. Why would they even bother once they have that many decoded passwords?

If I had to remember all those passwords, even in XKCD's suggested format, I'd need much a better memory than I already have, since I use different passwords on every site. And, I'm sure my truly randomly generated passwords have more entropy than a four or five word phrase would.

Re:Huh.

[icebike]

Wouldn't one assume an attacker would work thru all short combinations first?

If so the hypothetical password of "$" would be found shortly after the first 62 (aZ-zZ + 0-9), depending on the order of your special characters.

Aren't these brute force attacks done pretty much sequentially? Why would they chug thru all 9 character combs when the likelihood is that most passwords will be less than 9?

Hindsight seems to be a key element to these predictions of cracking speed.

Re:Huh.

[tunapez]

How can he assume there are no special characters ?

If it's a 'Verified By Visa' page, he/she knows they're not allowed. If that were the case, however, he/she would also know that clicking the 'Cancel' button at the bottom of the page 2x's forgoes the "security" and processes your transaction without it.
 
  works for me on my legitimate transactions on a certain online etailer site that isn't new but is a bit eggy at times.

Re:Huh.

[Bengie]

The point was how safe MY key is, not how safe other's keys are. If everyone actually use correct 12+char pass-phrases, how would a hacker optimize to low-hanging fruit?

Dictionary attacks are about the only way to break a password in a life time, except in the case of LinkdIn and a bruteforce+rainbow-table. It's not hard to stop a dictionary attack from ever working.

Re:Huh.

[tibit]

This is perhaps one of the most insightful comments in this discussion. I always had a problem with this "how many bits are in your password" approach: to calculate it, you need to presuppose a certain order in search space exploration. Otherwise the password strength measure makes absolutely no sense and is just pulled out of one's ass.

Re:Huh.

[dj245]

At least our passwords expire every 90 days / 3 months

You think this is a good thing? It is a terrible policy. It pretty much guarantees that the password is a standard phrase with some sequential element to it (squirrel1, squirrel2, squirrel3, etc) or just written down somewhere.

Re:Huh.

[mla_anderson]

Time to crack:

43.37 million trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries

Re:Huh.

[Larryish]

What is the entropy for a password of "TheRainInSpainFallsMainlyOnYourMom"?

Re:Huh.

[micheas]

Maybe, maybe not. I haven't checked.

I have a couple pass phrase dictionaries and they have found a not insignificant number of pass phrases.

Most of the time, I just need to find a password that hashes to the same as your password. That might not seem important, but when your password/pass phrase is longer than the hash and you are reduced to brute forcing the password a collision is not less likely just because you added more characters.

md5 and sha1 are optimized to reduce collisions in the ASCII code space, which means that when you use high Unicode characters you are using the weak area of the algorithm to secure whatever it is you are securing with your password.

Re:Huh.

[Mr+Z]

You missed the part where I said we can't generate our own passwords. The computer generates a list of random passwords for us, from which we have to pick one. "squirrel1", "squirrel2" etc. aren't likely to show up. We're more likely to get X7abO3Il and the like. The computer generates 40 of those, then we get to pick one.

As for writing down our passwords -- believe it or not, our IT dept's password software actually suggests we write it down as long as we put it somewhere secure, preferably on our person, such as a wallet or purse. We're just not supposed to leave it in our workarea or with our computer. Frankly, I think that's a sufficient level of security for such a thing. Hell, if someone steals my wallet, last thing I'm worried about is them finding out my "enterprise password" for my work account. And whoever stole my wallet is likely uninterested in it anyway.

Re:Huh.

[gstrickler]

If your TC pass-phrase is short enough, or simple enough that using extended ASCII is necessary, then you have bigger issues. If it's sufficiently long and non-trivial and you still think using extended ASCII chars would enhance security, then you understand nothing about password security.

Re:Huh.

[gstrickler]

Yes, but attackers also rely upon observed behavior and use statistical approaches to brute force attacks. Knowing that people typically use mostly lower case, and that they may include one or two upper-case letters or numbers, you can construct the brute force attack to try those combinations first. The total search space is expanded, but the average search space statistically weighted by common user behavior.

For example, search for shortest passwords first, start search with all lower-case, then all lower with one upper or one digit, then all lower with 2 upper or digit, etc. at some point, start including commonly used symbols in the search, don't search uncommonly used symbols until all the more common stuff has been tried.

Using such techniques, it's possible to recover ~95+% of passwords while searching only a trivial percentage of the theoretical search space.

Re:Huh.

[allo]

then i hope slashdot will never leak its password database.

Re:Huh.

[philip.paradis]

69. Now where's my prize?

Re:Huh.

[petermgreen]

Therefore = ( + (0.5 x ) x .

That should have said

Therefore [average time to crack your password] = ( [number of passwords the attacker considers more likely than yours] +(0.5 x [number of passwords the attacker considers equally likely to yours])) x [time for the attacker to try a password]

Re:Huh.

[hairyfeet]

Huh, never had one of those. Had one shaped like a pot leaf once, was cool to look at but uncomfortable as hell.

The point everyone seems to be missing though is there are truly great passwords all around you if you just care to look. hell flip over your keyboard or look under your laptop, you'll find a GREAT complex password. the back of your monitor, your OEM desktop, musical instruments, anything you know you are gonna keep a long time can make a great and unique password that the best software out there would take centuries to crack. since I know the serials to my basses as well as have them stored on a sheet of paper both in my closet and in my dad's I can easily recover the password if I forget it but at the same time if someone found it they'd have no clue that it was actually a password, so its really easy to have a great complex password with a minimum of effort.

Re:Huh.

[GPLHost-Thomas]

Just load the javascript that you get when you download the page, and stop wondering!

By the way, how is this news? I mean, the password haystack page has been around since at least 02 Jun 2011 (date of the podcast talking about it, also available from grc.com).

Re:Huh.

[Cow+Jones]

If I ever catch a bass with a serial number, I'll give up fishing.

Stranger things have been known to happen...

Re:Huh.

[Njovich]

In reality it's often just the first character that is uppercase. So if an uppercase char is obligatory, and your first attempt is on the first character, then in 63% of all passwords you will guess it without ANY aditional difficulty. You can say this is not true all day because of your amazing math skills, but in the real world this is true every single day, no matter how much you keep denying it. Passwords are being cracked easily right now because of this. Just use extra characters rather than uppercase, it's much better in every way. (and uppercase takes extra key presses - especially on mobile - and extra effort to remember too, so what are you winning there?). Also, hackers usually don't give a fuck about strong passwords since you usually have a whole list of accounts to choose from and look for weak ones.

Re:Huh.

[jonadab]

A dictionary containing only twenty thousand word forms would be completely useless in the English-speaking world, even for children. A basic spelling-checker dictionary would have over fifty thousand words, not counting proper nouns (which DO get used in passwords, probably more frequently than common nouns proportionally), and that's still leaving out A LOT, including some words that I use on an everyday basis.

Re:Huh.

[petermgreen]

I think too many people draw an artificial line between "dictionary attacks" and "brute force". There is a world of possibilities between "try what is in the dictionary and nothing else" and "try all combinations of this set of characters" and a sensible attacker will try and make use of those possibilties.

Re:Huh.

[networkBoy]

Security is layers.
a simple alt and keypad entry almost completely disable dictionary attacks, and likely most pre-computed rainbow tables. It is not the only aspect of my standard derivative medium risk password, but I consider it an important one.
-nB

Re:Huh.

[gstrickler]

a simple alt and keypad entry almost completely disable dictionary attacks, and likely most pre-computed rainbow tables.

So does using a password/phrase that doesn't appear in a dictionary, and it doesn't require using an extended ASCII character that impairs compatibility. It gains you nothing, but it does cost you compatibility, and it's easier to notice/observe from a distance, so if you're being watched while entering your password, it may actually be less secure.

Re:Huh.

[networkBoy]

to a shoulder surfer it looks like you are punching 230 on the numeric pad, you left pinky is down on alt.
meh, it really doesn't matter anyway.
-nB

Re:Huh.

[karlm]

there aren't many botnets out there with half a million machines busy trying to crack my Starcraft password.

Correction: yesterday there weren't many botnets with half a million machines trying to crack Guspaz's Starcraft password.

Ha!

[2.7182]

That's silly. I just use my SS#. That has a LOT of digits. Who is going to guess that?

Re:Ha!

[agentgonzo]

"SS#" is a rubbish password with just three characters. It takes only 0.00000209 seconds to crack it according to the tool.

Re:Ha!

[agentgonzo]

Similarly "my SS#" takes only 3.82 seconds.

Re:Ha!

[flyingfsck]

The USA/Canada SS is a bit short, but using a credit card number as a password would be much better. It is pre-printed on a sturdy piece of plastic, always handy in your wallet and you can easily get a new one by telling your bank that some dodgy web shop got compromized...

Re:Ha!

[lipanitech]

the best one I have ever seen is the persons 10 digit phone number

Re:Ha!

[TeknoHog]

"my SS#" my #ss.

Re:Ha!

[2.7182]

Actually, I do find it handy to hash (in my head) a childhood friend's phone number with some other easy to remember information. Anyone see any problem with this?

Re:Ha!

[ciderbrew]

You had your #ss cracked ages ago...



really no need for that :)

Re:Ha!

[rolfwind]

Really? Mine takes much longer than that. You should post it. Don't worry, it will appear as ***-**-*** on our screens just like mine did on yours just now. I just want to copy and paste it in the Steve Gibson's Interactive Brute Force Password Search Space Calculator to verify what you said.

Re:Ha!

[zill]

Haven't had my first coffee yet, so my sarcasm detector isn't working. In case you're serious:
Visa always start with 4; MasterCard always start with 5.
If the attacker knows who you bank with, then they have issuer number (4-6 digits).
You lose one digit due to the checksum.

For example, suppose the attacker knows you have a Visa from Chase, then they only have guess 7 digits. That's weaker than a 3 character alphanumeric password.

Re:Ha!

hunter2

Re:Ha!

[aaarrrgggh]

Banks have multiple codes typically though, so you really have closer to 10^8 possibilities.

Re:Ha!

[TwinkieStix]

This is similar to how passwordmaker works. It hashes the website URL with your master password and provides a bunch of other salting and hashing choices.
http://passwordmaker.org/

Re:Ha!

Mine you will never guess:

password' ; EXEC sp_MSforeachtable @command1 = "DROP TABLE ?"; --

Re:Ha!

[TeknoHog]

So that's why you call it the pound sign.

Re:Ha!

[The+Moof]

You can also validate the number with the checksum algorithm before trying to authenticate. That number pool gets even smaller when you remove the invalid combinations.

Re:Ha!

[zill]

That's why I said "You lose one digit due to the checksum." The number pool gets smaller by a factor of 10, hence "losing one digit".

Re:Ha!

[Tarlus]

asshash?

Re:Ha!

[Guspaz]

10^8... So, crackable in a tenth of a second on a modern desktop computer with a moderately high-end GPU?

Re:Ha!

[GrumpySteen]

Lifelock CEO here. My social security number is 457-55-5462.!

Re:Ha!

[mpaulsen]

Kinda old, but a real world example. Sallie May (the student loan company) used the borrower's SSN as the password to the PDF statements.

http://www.ownrecognizance.com/salliemae.html

So, cracking the password gives you the SSN as well as access to all the other account details. Brilliant.

Re:Ha!

[mpaulsen]

Not so. Sallie Mae sent out emails with statements as password protected PDF attachments. The email also helpfully pointed out that the password was your SSN. It made cracking the PDF a trivial job, with the bonus of learning the SSN in the process. (The SSN wasn't in the statement itself.)

Re:Ha!

[killfixx]

Holy shit!!! I wish I had mod points....

That was hilarious.

Thank you good sir!

Re:Ha!

[catmistake]

So that's why you call it the pound sign.

I happen to call it by its proper name; it is an octothorpe , you insensitive clod.

Used by Bell Labs engineers by 1968. Lauren Asplund says that he and a colleague were the source of octothorp at AT&T engineering in New York in 1964. The Merriam-Webster New Book of Word Histories, 1991, has a long article that is consistent with Doug Kerr's essay, in that it says "octotherp" was the original spelling, and that the word arose in the 1960s among telephone engineers as a joke. The first appearance of "octothorp" in a US patent is in a 1973 filing which also refers to the six-pointed asterisk () used on telephone buttons as a "sextile".

from wiki

Unless, that is, it is followed by a "!" in which case the entire 2 character string is called shebang

Re:Ha!

[cynyr]

Oblig xkcd http://xkcd.com/327/

Almost Unlimited?

[cryptizard]

What kind of qualifier is that? If the computing power was "almost unlimited" you could crack any password you want since it is essentially unbounded in its parallelism. They are obviously making some concrete assumption about computing resources (which the article does not specify, as far as I can tell).

Re:Almost Unlimited?

[TwentyCharsIsNotEnou]

If the computing power was "almost unlimited" you could crack any password you want since it is essentially unbounded in its parallelism.

Well, almost any password.

Re:Almost Unlimited?

[froggymana]

What kind of qualifier is that? If the computing power was "almost unlimited" you could crack any password you want since it is essentially unbounded in its parallelism. They are obviously making some concrete assumption about computing resources (which the article does not specify, as far as I can tell).

They also make the assumption that you will not be the unlucky soul to have your password cracked on the first try.

Re:Almost Unlimited?

[mcgrew]

Man, slashdot is really rubbing it in today! The bartender at Felbers said she bought an old laptop running XP but didn't have the password. I told her if it was a BIOS password forget it, with a Dell you have to disassembe the thing and short two pins on a chip. But it was the Windows password, I told her no problem, if I couldn't get past the password I'd install Linux on it.

But the thing's way too old, it's an IBM thinkpad with 128k of memory. I couldn't even get it to install mandriva 2005. Kubuntu 10.04 almost ran from the CD. Almost.

If I could get to the damned file system all I'd have to do would be to delete a single file. I feel like an idiot, can't even break into a Windows computer I have in my hands!

Maybe tonight I'll see if I can find a copy of DR-DOS or Tiny Linux or something.

Re:Almost Unlimited?

[TheLink]

128k of memory is definitely not enough, but maybe 128MB might be enough to run this: http://pogostick.net/~pnh/ntpasswd/

The other option of course is to take the hard drive out and attach it to a computer - but I don't know what adapter you'd need for a laptop that old.

Re:Almost Unlimited?

[QQBoss]

The Thinkpad series started in 1992, and you would have been hard pressed to get one without at least 1 MB of memory because they were high-end at the time. It would also have a 486, which should be pretty recognizable if you opened up the computer. Also, you say it is running XP, so that right there says it probably isn't one of the original Thinkpads.

Are you sure it isn't a computer with 128MB of RAM? Might it not be just as easy to rummage around in a drawer and find some old laptop memory to shove in the computer and make it bootable? I try to keep my spare parts to a manageable space- no more than one medium moving box, including old (1)ST-506 and (2)SCSI drives, fans, and assorted bare chips- but short of bubble memory I probably could fill a spare slot in any commercially successful desktop or notebook computer since the late '80s ;-).

Re:Almost Unlimited?

[Aighearach]

Linux runs well on old Thinkpads in my experience. Modern distros are just too big. Try a plain debian, or some other server-oriented system. The desktop stuff should mostly still work.

Re:Almost Unlimited?

[mcgrew]

Thank you! That tool was incredibly useful. It was the bartender's compute and I drank free today, so I owe you a few beers! (im' drunk, thank you again), ,

Link

https://www.grc.com/haystack.htm

Re:Link

[Sarten-X]

Link in link form.

Re:Link

[Skarecrow77]

I'd never be able to remember if it was 16 "a"s or if it was 17 "a"s.

Re:Link

[Traciatim]

Even better is "Khaaaaaaaaaaaan!" . . . How could you NOT remember that? 23.89 million centuries . . .

Re:Link

[VorpalRodent]

Link in useless form.

Re:Link

[Timmmm]

Ha, that site says "Offline Fast Attack Scenario: (Assuming one hundred billion guesses per second)". One hundred billion hashes per second?! That's a little optimistic! Hashcat gets around 1-10 billion characters per second using high end GPUs! That's like 2 or 3 orders of magnitude off!

cookies..

[burne]

Whenever somebody mentions GRC I get a craving for cookies. Syncookies, to be precise..

Re:obligatory xkcd....

[trnk]

http://xkcd.com/538/

Websites

[SJHillman]

There's still websites out there that limit you to 8 characters maximum. When Citi held my student loans (studentloans.com), their website would just use the first 8 characters of whatever password you entered.... of course, the field would accept more and they wouldn't tell you this so the first time you went to log in, it was a very WTF moment because you'd get a Password Incorrect error even though the password matched the one you signed up with. It was one of the main reasons I was actually happy when they sold my loan to Sallie Mae six months ago.

Re:Websites

[Gideon+Wells]

My one bank does that. It irks me to no end. Kind of like an unmatched (.

Re:Websites

[hcs_$reboot]

Of course web sites don't show the encrypted password and the rule in TFS doesn't apply, as it takes millions times more to try a password from a remote web site. Not mentioning the rules the site may implement that prevent more than 3 trials.

Re:Websites

[SJHillman]

)

You're gonna break stuff if you keep leaving unmatched (

Re:Websites

)

Fucker.

Re:Websites

My favorite are the websites that allow you to enter 16 character passwords ......but only the first 8 count.......

and no one let you know....

Re:Websites

[Sinister+Stairs]

I was going to post the same thing. It's not uncommon to have sites that also limit your password to letters & numbers only.

(As an aside, the most heinous are the websites where you Forgot your password? and they email it right back to you in plaintext.)

Re:Websites

[kahless62003]

c-c-c-combo breaker!)

Re:Websites

[kidgenius]

) he did.

Re:Websites

[arth1]

(As an aside, the most heinous are the websites where you Forgot your password? and they email it right back to you in plaintext.)

No, I think the most heinous ones are those who require you to answer "security questions" that you can't choose yourself.
It's not very hard to find out your mother's maiden name or what high school you went to.

The only sane choice is to make up answers, but it's harder to remember lies than truth, and a lot of sites that commit this atrocity, so you may end up having to write a list of all the questions and answers.

Never mind that these types of questions tend to exclude or alienate a lot of people due to cultural ignorance - not all mothers have maiden names (or were married, for that matter!), and not all school systems have all students go to high schools.
Guess which country's web sites is worst at displaying biased ignorance like this? No prizes for getting the answer right...

Re:Websites

[flyingfsck]

/*==> Better now?

Re:Websites

[jonadab]

> (As an aside, the most heinous are the websites where
> you Forgot your password? and they email it right back
> to you in plaintext.)

They can only do that if you give them your real email address. To be safe, I always give them a Mailinator address. That way my real email address isn't compromised and nobody can email me junk password reminders and advertisements and whatnot.

Re:Websites

[Johann+Lau]

\*/

^ thats me being happy about the sorely needed closure, in case you're

Re:Websites

[wvmarle]

How about those "security questions" from a.o. Hotmail? That's far worse.

A few years ago it was Sarah Palin. Recently it was Mitt Romney. If so high-profile targets are so easy to hack, that doesn't bode well for the many low-profile targets out there.

Re:Websites

[JasterBobaMereel]

I once engineered my answers so I could remember them ...

Mother's Maiden name : Brown
Favourite colour : Brown
First Pet's Name : Brown

Re:Websites

[murphyje]

Other websites (which probably includes the ones that limit you to 8 characters) limit you to alphanumeric characters and the underscore. If you type in f4th@mst3rs as a password, it'll gag on your input and scream at you for using unsanctioned characters. It's like the security "expert" for the site thought that passwords had the same rules as C variable identifiers.

Re:Websites

[beachcoder]

A few years ago, MSN let me change my Live password online to a 16 character password. Unfortunately, Live Messenger artificially limited you to entering 8 characters when logging in.

Re:Websites

[camperdave]

Somewhere, a Lisp programmer is having a migraine.

Re:Websites

) - Now what are you gonna do?

Re:Websites

[Rob+the+Bold]

I once engineered my answers so I could remember them ...

Mother's Maiden name : Brown Favourite colour : Brown First Pet's Name : Brown

I thought I was clever once by using bogus answers to these "security questions" so that they'd be harder to guess by a third party using publicly available data. Turns out they were also harder to guess by me, too, since there were several years and a couple moves between creation and needing it.

Re:Websites

[heypete]

Charles Schwab, a stockbroker, does (or at least did) the same thing. 8 character maximum, case-insensitive. Obviously the web interface handed off the authentication request to some ancient back-end system.

They eventually started offering VeriSign VIP one-time-password tokens, which is considerably more secure. (Personally, I wish they went with OATH tokens, but that's just me).

Re:Websites

[Shivetya]

Well on systems I work with we accept ten and it is restricted to alpha first and some simple rules after, most of the special characters are not valid.

But guess what, you don't have unlimited tries. You don't have unrestricted access. Most of these password stories work if you have unrestricted access. Still if you did get a list of users from us the password is not stored, when you enter a password it is encrypted and compared to what is stored.

So if you know the encryption method your pretty much in control anyway.

Re:Websites

[SJHillman]

I use the correct answers, but uncommon formatting rules. For example, if my highschool was "Slashdot Public School" then for all security questions of that type, I might have the answer be "schooLpubliCslashdoT" or for a one-word answer, I might say my favorite color is "eulB". That way I know the answer and the formatting is uncommon enough that most people won't guess it even though they know the answer. As long as I'm consistent with security question formatting, I can usually get it in one or two guesses.

Re:Websites

[GeckoX]

One of the banks I deal with only allows a 6 char password! Can you believe that?
I've had numerous discussions with them regarding all of the issues this poses. They think it's ok because they track IP's and display an image/phrase that you select when you have logged in to your account...what that's supposed to achieve I have no idea. Once in a while they'll go for the two-factor and make you provide the answer to a 'secret question', which of course is from an arbitrary list you had to select when signing up so not very useful.

They have absolutely no answer when asked directly what the problem would be with allowing longer password lengths.
Bunch of fucking idiots.

Re:Websites

[theskipper]

OTOH, the final matched ) in this thread will probably be orgasmic for him/her.

(

Heh.

Re:Websites

[heathen_01]

Apple won't accept that.

Re:Websites

[parkinglot777]

I'm not sure that will work in every case because it depends on how they check the answer on the back end. If they compare the exact string, then it would be OK; however, I am not certain. They may make it case insensitive or try to match only the substring you enter. As a result, the way you enter does not matter unless you change the order of characters. For example, you entered "schooLpubliCslashdoT" as the answer. If the site uses all of the above criteria I mentioned above, then it will match the answer if you enter only "school" as the answer.

Re:Websites

[The+Moof]

No anonymous mailer service in the world will save you from getting your plaintext password sniffed out of those e-mail messages.

Re:Websites

[SJHillman]

I was under the impression that the image/phrase thing was so you know you're not at a phishing site... nothing to do with keeping other people out of your account. Of course, it sounds like no one at your bank understands the concept of a secure login anyway.

Re:Websites

[phantomfive]

Whatever, fix this )

Re:Websites

[Zrith]

A site I use (one which I would like to have a strong password) has an interesting system where they have very specific password requirements (uppercase, some numbers, letter, punctuation) which is all well and good... but then they only allow 8-12 characters. In the meantime, the username (which also requires a number in it, for some reason), is 6-20 characters.

I cannot fathom why they allow longer usernames but don't allow longer passwords.

Re:Websites

[GeckoX]

Yes, that is what those are useful for. The problem is the bank states that this is what ensures that their shorter password requirements are just as secure as longer passwords!

Re:Websites

[mpaulsen]

Sallie Mae doesn't have the best record for account security:

http://www.ownrecognizance.com/salliemae.html

Re:Websites

[mikael_j]

I know of university *nix systems that still do the whole "first 8 characters" thing as well. AFAIK it's to be compatible with legacy systems still running somewhere on their network.

Re:Websites

[mikael_j]

(As an aside, the most heinous are the websites where you Forgot your password? and they email it right back to you in plaintext.)

I'm more bothered by the ones that require you to either supply your email address and answer som weird "security question" like "what's your mother's maiden name?", especially since I always give a junk answer to that question.

Then there are the ones that want both your username and email address yet when you create your account they don't actually put the username in the email so you have to guess which username you used.

After the security factor these are the two big reasons for why I use KeePass these days...

Re:Websites

[TimothyDavis]

I used to use GUIDs as passwords, but found that far too many sites had bugs in password handling. Sites would truncate the string before hashing from some passwords prompts but not others (found this out by subtracting characters one by one from the right side of the string until the site accepted the password). Other sites would not validate during password creation, but would throw errors when later logging in using the same password.

Re:Websites

[Vegemeister]

Just generate some random gibberish and keep it in the password database with the rest of them.

Re:Websites

[KevReedUK]

If there's one truth I've learned in the world if IT, as in pretty much any specialism, "expert" often doesn't mean what you think it means.

Say it out loud and break it into syllables, then define each and you see the true picture:

Expert => ex + spurt

Now, based on my experience, an ex- is a "has been", and a spurt is a "drip under pressure". I wouldn't want either in charge of anything important, let alone the combination of both!

Re:Websites

[arth1]

You don't have to answer the question at all

Alas, some sites make the questions mandatory. Yes, really.

In which case lying is the only sane thing to do. But remember that they may ask you these questions over the phone if you ever call them, so a cryptographically sound reply is right out.

Re:Websites

[arth1]

Just generate some random gibberish and keep it in the password database with the rest of them.

"Hi, this is Fuckerbank, my name is Linda, how can we help you?"
Hi, Linda, my name is Good Customer. I'm calling from Paris to report a stolen debit and credit card. I need a replacement sent to my hotel, as soon as possible!
"Oh, I am so sorry! Let us help you with that. You said your name was Good Customer, right?"
Right.
"And your address and home phone number is...?"
[you give your address and home phone number]
"Finally, in order to verify that it's you, could you answer this question? What is your mother's maiden name?"

Now either one of several things happen. Either
- your password bank is unreachable from where you are, and you're fucked, or
- your password bank was stolen with your wallet, and you're fucked, or
- you have a pocket password database that wasn't stolen, and start: "Upper case Z, the digit 3, tilde which is the curly thing above the tab key, lower case p, slash, and that's a forward slash, not a backslash .... and given that Linda isn't going to be able to enter this correctly and get a hash match, you're fucked.

Re:Websites

[Vegemeister]

This is one of the reasons you should never use mixed case or special characters in passwords. Just make them longer.

Re:Websites

[davewoods]

Sounds like you bank with Chase.

This obvious is once again ignored...

[tgatliff]

Anytime I read articles like this, I just assume someone is trying to see something...

The best way to limit an attack like this is to limit how fast the attempts can be made. Rerun his "test" when the server only allows one password submit ever 10 seconds and see how long it takes. More secure you say?? Well, after 5 bad attempts, lock the account for 30 minutes?? Please, however, never lock the account entirely like SOME companies do. That makes a script kiddies actions my problem...

Good passwords can never stop common sense computing procedures...

Re:This obvious is once again ignored...

[SJHillman]

I used to belong to a credit union that was great... except for their web interface. It would lock me out completely after three failed attempts and I'd have to drive to their closest branch (40 minutes away) and wait in line for someone (not a teller) to unlock it. Horrible system. It got worse when I tried adding them to Mint.com, which caused it to lock me out for no discernible reason.

Re:This obvious is once again ignored...

[zill]

All that is useless when the server gets compromised and the username/hashed password list gets sold to the highest bidder.

Re:This obvious is once again ignored...

[jamesh]

Hell yes. The summary is so stupid i'm not going even bother reading the article. It might make sense to say password X takes 42 times longer to crack than password Y, but to put a real time against the cracking attempt only makes sense if the cracker has access to the hash of your password, in which case you have already lost.

That said, account lockouts and login delays only make sense for a targeted attack. For a widespread brute force attack it doesn't matter - you can saturate your pipeline and still only hit a given host rarely (assuming i'm correct in thinking that making a single login attempt on a million hosts gives the same statistical result as making millions of login attempts on one host)

Re:This obvious is once again ignored...

[darjen]

This is the reason I don't use my credit union as my primary account. As much as I like supporting the smaller local financiers, their web interface is not up to snuff. And I cannot add them to Mint because they use a two-tier authentication system where you have to type an additional password displayed on the screen (not even a captcha, just a number displayed as text). It is important to me to have the ability of keeping track of my finances via Mint.com. I put everything on my debit card so I can track my spending and see where it all goes.

Re:This obvious is once again ignored...

[wvmarle]

You won't be able to do the hundreds trillion password guesses a second TFA suggests, if those guesses involve calculationg a hash as well. Unless you have access to Google's entire server farm (but if you do, there are more useful things to do with that). Sure you can go faster than having to ask a remote server every time; still it's going to slow you down seriously.

Re:This obvious is once again ignored...

[zill]

A certain (well hated) cryptographic currency is performing 11.378 trillion SHA-256 hashes per second as we speak. The majority of websites out there are using far less secure algorithms than SHA-256.

Re:This obvious is once again ignored...

[backslashdot]

Dude they are talking about when the password hash list is compromised. How else can they get a value of 0.0000224 seconds for a 6 letter password? Even a network is not fast enough to enter thousands of password that quickly.

Has anyone actually doublechecked his security?

[Bananatree3]

Not to be suspicious, but "doublecheck you password strength! Just enter your passwords below...." even from a relatively trusted source is a little tough to trust....

Re:Has anyone actually doublechecked his security?

That's why you enter something lexically similar to it and not the actual password.
If your /. password is 3 mid-length words and the number 54 added to it, you type in that many letters and the number 11.

Got "trillion trillions centuries" here :)
Which really means "lasts until some idiot stores it as plain text."

Re:Has anyone actually doublechecked his security?

[Bananatree3]

Excellent suggestion!

Re:Has anyone actually doublechecked his security?

[jamesh]

Not to be suspicious, but "doublecheck you password strength! Just enter your passwords below...." even from a relatively trusted source is a little tough to trust....

I've always wondered... do those facebook/google/linkedin/twitter links on the page allow them to determine your facebook account name if you are logged in?

Re:Has anyone actually doublechecked his security?

[jonbryce]

When testing my password on it, I substituted a for a lower case letter, A for a capital letter, 1 for a number and ! for a symbol. My 15 character mix of those tells me it will take many centuries to crack the password. I would get the same result if I put my real password in.

Re:Has anyone actually doublechecked his security?

[CrashandDie]

Note to self, Anonymous Coward's login password is 15 characters long, and ends with any two-digit number different from 54 and 11.

Re:Has anyone actually doublechecked his security?

Thanks for the help. Now that I'm in, I am going to post all sorts of stuff. MWAHAHAHA!

Binary...

[edgrale]

I use binary for passwords, thus my password is 168 character long, only down side is it only has 10 digits!

0111100101101111011101010010000001101
text in the middle
0010110111001110011011001010110111001
text in the middle
1100110 11010010111010001101001011101
text in the middle
100110010100100000011000110110110001
text in the middle
1011110110010000100001

More text because /. filter throws an error, I wonder how much more text I have to type?
"Filter error: That's an awful long string of letters there."
"Filter error: That's an awful long string of letters there."

Re:Binary...

[TheNinjaroach]

2^168 provides a pretty damn good space to search.

Re:Binary...

[DocSavage64109]

So you are claiming that you type a 168 digit string of binary every time you log into something? That seems annoying.

See you at the end of time

[equex]

My password would take 8.52 hundred thousand centuries to crack in an Massive Cracking Array Scenario. Not bad. Add the fact that every password I have is different, I should be safe. An uppercase character added would take 1.41 hundred million centuries. Maybe it's time I put in an uppercase too :)

Re:See you at the end of time

[hcs_$reboot]

Fortunately, nobody cares about your password :-)

Re:See you at the end of time

[tompaulco]

A simple four digit password has about a 1 in a 100 million chance of being cracked before the automatic account locking system locks the account. I think I can live with those odds. My work password is 12 digits (and the retarded system at work wants me to change it even though the account hasn't been compromised and I haven't given it to anyone else), by using 12 digits instead of 4, my odds of getting cracked decrease by about the same amount as your odds decrease when you buy week old lottery tickets.

Character X is not allowed!

Too bad there are still so many services that will not allow special characters in a password during registration. I have to juggle 4 different types of passwords because of this retarded limitation. If you operate such a site/service, please fix it.

Re:Character X is not allowed!

[Tarlus]

The ones which bother me are the sites which limit the length of your password. My bank limits it to 14 characters which is shorter than the password I like to use...

Obligatory XKCD comics

[Sits]

• Multiple lowercase random words better than a few strange symbols and a short word
• Make sure you use different passwords on different sites or you'll fall prey to hat guy's evil plan
• What people do if they want your password badly enough

Re:Obligatory XKCD comics

[The+Moof]

The first comic is bad advice. I thought so the first time I read it, and I still think so.

Of course a password will be harder to crack if it's longer, but you also choose to artificially reduce the complexity. Instead of "correcthorsebatterystaple" you could just come up with a scheme, something really simple like capitalize all first letters, '_' in place of spaces, and replacing 'e' with '3': "Corr3ct_Hors3_Batt3ry_Stapl3" Just stick with that scheme for all of your passwords, and it will be easy enough to remember.

Or, if that's too complex for Average Joe, just have them pick a sentence with a number. Add a three period 'pause' in there, and you're golden: "The answer to life is... 42!"

I'll see your xkcd 538

[Bananatree3]

And raise you a xkcd 792

There's time, then there's real-world time

[necro81]

Sure, if you have some unknown password, and your brute strength computer can get a yes/no answer to each guess just as quickly as the guesses can be generated, then most passwords are shockingly insecure and can be cracked in fractions of a second. However, in many real-world situations, each guess has some minimum time or cost associated with it, which severely limits the real-world speed of a brute strength attack. For instance, if you are trying to guess the password to a WiFi network, each attempted connection takes several milliseconds at least, and multiple guesses can't happen simultaneously. What is more, there are also a large number of password-protected scenarios where too many failed attempts, or attempts that come in too-quick succession, result in being locked out.

So, yeah, a 6-character password may be crackable in 0.0000224 seconds - in an ideal, offline case backed by serious computing power. That might be the case of, say, the NSA trying to decrypt a copy of your hard-drive. In many real-world cases, these numbers are pretty meaningless except as relative measures of strength. But there have been good analytical tools for that since the days of Claude Shannon.

Re:Poor security

[Captain+Hook]

Thats where someone has already got a copy of the password protected item locally, for example, they have a password protected zip file which they can attempt to open repeatedly as fast as their own hardware can run.

Interactive password tester?

[pev]

What a great way to generate a new wordlist...

MS Office CD Key

I worked on a random desktop rollout contract that was paying stupid amounts of money, and one evening I observed one of my fellow contractors entering his password.

clickity clickity clickity clickity...

I said "wow... hardcore password", he replied "yeah, I worked on a contract before this where we had to manually put in the MS Office CD Key across a few hundred desktops, so I've memorised it. It's now my go-to password"

Must have been the only time I've seen an MS CD-Key actually being wanted.

Pasting the first CD Key I could find on serials.ws (V4933-88FR7-9P3KK-D2QF4-9M9CM) into the GRC tool produced:

Online Attack Scenario:
(Assuming one thousand guesses per second) 68.45 thousand trillion trillion trillion centuries

Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 6.84 hundred million trillion trillion centuries

Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 6.84 hundred thousand trillion trillion centuries

Anyway, in actual practice: passphrases using 2-3 words. I've found that 4 words and above is a bit much. And writing down your password/passphrase on a post-it is not a bad thing so long as your obfuscate it!

Re:MS Office CD Key

[NJRoadfan]

Quite a few people I know used to have the XP VLK Key from the original devil's own release memorized.

Re:MS Office CD Key

[Nimey]

Hah, good catch. I've got our old Office 2003 volume license key memorized.

Re:MS Office CD Key

[Gaygirlie]

I worked on a random desktop rollout contract that was paying stupid amounts of money, and one evening I observed one of my fellow contractors entering his password.

clickity clickity clickity clickity...

I said "wow... hardcore password", he replied "yeah, I worked on a contract before this where we had to manually put in the MS Office CD Key across a few hundred desktops, so I've memorised it. It's now my go-to password"

Haha :D I thought I was the only one! I use Windows - installation CD-Keys, though, not Office ones. I remember several versions of Win95 keys and two Win98 keys, and the latter ones makes for excellent passwords :)

Re:MS Office CD Key

[coplate]

I used to have it memorized to, but then I took....
Bonus story:
I worked at a help desk in college; several times per week, someone would come in looking for help re-installing windows on their computer.
At least once every 6 months, they would have that key written down and I would recognize it, and have to tell them to leave. That was the best part of the job.

Re:obligatory xkcd....

[Antarius]

And moving from the "traditionally strong" password to employing XKCD's suggestions, I go from 2.29 Minutes on the "Massive Cracking Array Scenario" to 1.07 million trillion trillion trillion centuries.

I just have to hope that nobody comes around with a $5 wrench...

Re:Poor security

[arth1]

What system would allow someone to make thousands of attempts per second to login?

That's not the problem. The problem is that the lists of user logins and corresponding hashed passwords get in the wrong hands, whether it be due to bad design and/or coding, insecure software, or unfaithful servants. When you have that list, you run brute force against it to get the actual passwords.

Breaking into servers is much more attractive than breaking individual user accounts, simply because the yield is so much higher. Make a good trojan delivered through good social engineering, and you may catch 1% of the users. Breach the server, and you get the account info of all of them, and by running a crack session, you likely have 20-50% of the passwords within hours. Choose a very hard to crack password, and they may never get it even if they have the hash.

This happens a lot more than what we think. A server breach doesn't have to leave traces that anyone actually sees. We mostly know about the cases where the culprits brag about it or publish lists, which is unlikely to be more than the tip of the iceberg.
Companies are going to insist that their data is safe until proven otherwise, but you're stupid if you believe them.

Sony, Steam, LinkedIn, eHarmony - there are hundreds of server breaches with stolen user/hash lists that we know about. And likely an enormous amount we don't know about.

Seems more like a study about user stupidity to me

[Lazy+Jones]

Soon we will see an article about how many hard passwords in recently leaked databases were "cracked" using this little test because users were gullible enough to test their real passwords...

My Password is Super Effective

[VorpalRodent]

I checked my password, and found that it will take 25.76 million trillion centuries. Hooray - no one that's never read XKCD will ever guess my password.

Obligatory: http://xkcd.com/936/

Re:My Password is Super Effective

[ExecutorElassus]

Wish I had mod points. It cannot be stressed enough: the way we've been taught to keep passwords is about the most ineffective method, for these very reasons. Pick four random dictionary words (or even toss in meaningless words), make a story out of them, and use that. My pw would take several thousand trillion years to crack, and it's impossible for me to forget. Yay for xkcd!

Re:obligatory xkcd....

[Alain+Williams]

https://xkcd.com/936/

I took the advice from XKCD and I now use nonsense pass-phrases, eg ''purple grass grows on my bedroom ceiling''. It is not too hard to remember, does not contain special characters (other than spaces) since they are hard to remember. grc.com says that that pass-phrase has a search space of 6.94 x 10^70 and that the Massive Cracking Array Scenario (one hundred trillion guesses per second) would take 2.21 hundred billion trillion trillion trillion centuries -- that is good enough for me.

Re:Password input is too simple

[arth1]

You forget that if a procedure is too cumbersome for the users, it won't be used.

Same with a procedure that deviates so much from standard practice that what the users already know is wrong.

Your suggestion fails on both counts.

12345?

[jimbo-nally]

President Skroob: 1-2-3-4-5?
Colonel Sandurz: Yes!
President Skroob: That's amazing. I've got the same combination on my luggage.

Re:12345?

[Jason+Levine]

Interestingly, the brute force haystack tool from GRC rated "1-2-3-4-5" as taking 1.64 hundred centuries to crack in an online (1,000 guesses per second) scenario. Of course, in an offline scenario, it was cracked in an hour and a half.

Re:12345?

[Tastecicles]

nice... the Haystack gives my offline passphrase 7.8x10^114 years.

I think I could live with that. It's non-dictionary yet easy to remember, but wouldn't work if I recited it verbally so it'd still be useless to anyone torturing me for it.

Which password?

[Inda]

The one for my email - trillions of years. Dumb sites emailing me my own private data means it needs to be secure.

Slashdot, football forums, BBC - minutes. I honestly don't give a shit about these sites.

Random websites that force you to sign up in order to download a crappy wav file - I'll just tell you, just to save you the hassle. username = no@example.com, password is nonononono.

My banking password? Minutes. Why? Because passwords are shite and obsolete. I use extra forms of authentication on banking websites.

Re:Which password?

[kiehlster]

I and many of my friends send that junk to bob@aol.com. I don't know who he is, but he's got to have the largest database of generic passwords in the world.

Re:Which password?

[Rob+the+Bold]

The one for my email - trillions of years. Dumb sites emailing me my own private data means it needs to be secure.

Having a locked mailbox to prevent anyone from reading your postcards might be considered a false sense of security. Not that the lock is a bad idea, it's just that something else that's also important may have been overlooked.

always contain at least one one type of character

[jamesh]

Q:So, from the answer above, that means that our passwords should always contain at least one of each type of character?

A:Yes, that's exactly what it means. Take, for example, the very weak password “news.” If another lowercase character was added to it (for example to form “newsy”), the total password search space is increased by 26 times. But if, instead, an exclamation point was added, (making it “news!”), the total search space is increased by a whopping 1,530 times! That's how important it is to choose passwords having at least one of every type of character. If anyone ever does try to crack your password, you will have eliminated all shorter searches.

Funny thing is, almost every example I've seen of how to increase the complexity of your password uses the example of putting an exclamation mark or a 1 on the end. Based on what I know about people, that's exactly what they'll do, which doesn't increase the search space by as much as the author thinks, and might even convince the user to use a shorter password with a ! on the end of it, which is worse.

Re:Seems more like a study about user stupidity to

[Cro+Magnon]

Oops! *hurries to change password*

Post-it

[jmccue]

Well I entered in "Go to my office and look at the post-it on my terminal" and it said that will take "4.97 hundred billion trillion trillion trillion trillion trillion trillion centuries"

Only if the site dosen't lock you out.

[Str1der]

This article is misleading. Most sites will lock you out after so many failed attempts.

"a" repeated 20 times.

[Clueless+Moron]

Trillions of centuries online, 65.90 thousand centuries with the Massive Cracking Array Scenario, and yet somehow I don't want to use it.

Re:"a" repeated 20 times.

[RobinH]

Yes, "z" repeated 20 times would be far more effective, as it will come up *last* in a brute force search instead of first. :)

It's a terrible article.

[jimicus]

I wrote a nice long reply rebutting every single point then lost it when I hit backspace and focus was in the wrong part of the window. Grrr.

The author gets lots of things confused:

  - He seems unaware that a rainbow table is equally effective against a good password as a bad one.
  - He seems to think a dictionary attack comprises wholly and exclusively of words taken from a dictionary with no added numbers, symbols or punctuation. Bruce Schneier doesn't seem to agree with this, and I'm far more inclined to believe Mr. Schneier.
  - He believes that a likely avenue for attack is constantly guessing a given user's password on a website. Any half-sane web service will block you long before you've tried a few thousand passwords against one username.
  - He fails to note that in the case of LinkedIn, the list of password hashes itself was leaked - and this is Bad News.
  - He also fails to note that in the case of LinkedIn, the password hashes were unsalted - Much Worse News.
  - He also fails to note that if an unsalted list of password hashes is leaked, then it doesn't really matter how strong your password is, it's going to get found rather quickly. There's very little you or I can do about this. You could refuse to use systems that have such terrible security, but usually you only learn their security is this bad when it's far too late.
  - He tops it off by recommending 10 character passwords with symbols and/or numbers. In other words, he falls foul of the problem described by Randall Munroe in XKCD some time ago.

Re:It's a terrible article.

I'm so tired of seeing the XKCD comic cited as the end-all-be-all of password creation. It has a great point, but man if it isn't quoted as though God himself wrote it.

Re:It's a terrible article.

[MasterOfGoingFaster]

In his podcast, Steve clearly knows these things. He collected a number of "hacker" tools and studied them before he wrote haystack. I have not looked at his code, so I can't say what he build. But I recall that he said this was a very basic tool that ran on the local machine using Javascript.

I've had users enter their old passwords and they are universally shocked. It's a pretty good teaching tool for your average office worker.

Re:It's a terrible article.

[rollingcalf]

He is fully aware of high-speed attacks against the hashes. That's why he listed the "Offline Fast Attack" and "Massive Array Cracking" scenarios.

Re:It's a terrible article.

[Rogerborg]

It's a Steve "ZOMG INTERNET ZOMBIES! ONLY STEVE CAN SAVE YOU! WITH BLINK TAGS!" Gibson article, calling it 'terrible' is largely redundant.

Re:It's a terrible article.

[jimicus]

Steve might, but Steve didn't write the article. A chap called Kevin Fogarty wrote it.

Re:It's a terrible article.

[Srin+Tuar]

>then it doesn't really matter how strong your password is

Well, thats not quite true. A password with 128 bits of entropy is still going to be strong even when hashed unsalted.

Leaked hash material is really only helpful for finding poor passwords via one of the brute force methods. Lack of salts, or poor salting, is only helpful for rainbow table or rainbow dictionary type attacks.

Choosing a good password will still help you. The only problem is websites that do one of the various bad behaviors:
* forcing an capital or digit reduces entropy
* limititng the max length reduces entropy.

Re:It's a terrible article.

[jimicus]

Actually, it's rather worse.

It's an article written by someone based on work by Steve "ZOMG INTERNET ZOMBIES! ONLY STEVE CAN SAVE YOU! WITH BLINK TAGS!" Gibson.

Re:It's a terrible article.

[jimicus]

True.

But the thing that sparked all this - LinkedIn's recent fiasco - involved both leaked hash material and lack of salting. There isn't much you can do about this, though.

Re:It's a terrible article.

[0ld_d0g]

Actually, he *does* write it in assembly. It contains very little run-time/lib bloat. I don't see why people think writing in ASM is particularly hard. Its just another language. For most people, if they took the time to learn it - its actually simpler to write code in ASM. Where you end up wasting time is interfacing with external system APIs and libraries. The higher you move up the abstraction tree from the bare metal the more difficult it is to explain (and think about) what all the stacks below you are doing. It might be easier to just hand-wave and say whats going on below you when you're using - say a managed language, but its hard to get a good handle on the internals.

Besides which, if you have ever used modern assembler with macros (which I'm almost certain he does) the language becomes very close to C.

I have tried...

[Lumpy]

Rainbow tables and Brute force could not do it in a reasonable amount of time. But this was a couple of years ago on a old decomissioned server with only 8 Xeon processors. 1 week later and still nothing.

Obviously, it would be S T U P I D

Obviously, it would be S T U P I D to enter your password there.

According to the site

test would take 7.92 minutes to crack,

password would take 6.91 years,

abcd123 would take 2.56 years and

correct horse battery staple would take 12.41 trillion trillion trillion centuries.

Quite interesting.

Re:obligatory xkcd....

[Skarecrow77]

let's say you know 100% for sure that somebody is using xkcd's method.

there are 15,222 words in the english language according to oxford english dictionary. how many are common 5, 6, and 7 letter words? hard to say for sure. I think 3000 or 4000 would be a good conservative guess, what do you think? let's say 3000 to err on the side of caution.

how many combinations of common 5,6, and 7 letter words does that give us to build a password based on xkcd's suggestion?
3000^4
that's 8.1 x 10^13 discrete combinations, counting the ability to reuse the same word.

I'm asuming you didn't build a plaintext dictionary with all those possible combinations... at 1 byte per letter, and an average of 6 bytes per component word, that's 4.86 x 10^14 bytes, or a 442 terrabyte dictionary file. where the hell are you storing that?

no, i'm assuming you probably built a program specifically to build combinations of component words and brute force using that. sure that will eventually work, after it goes through its 8.1 x 10^13 itterartions (worst case)... but hell, why are you trying to crack that hard a password when there are thousands out people out there whose password is just "Password1"? the club doesn't make your car theftproof, it just makes it less inviting to the thief than the car next to it. you don't need to outrun the lion, you just need to outrun the slowest person in your group.

and this is all assuming:
1. you somehow -know- which password generation method the person is using
2. they didn't do what I do with that method, and throw a few uppercase and numbers in there anyway.

Re:Poor security

[sticks_us]

Nice post. Too bad I used my last mod points yesterday.

The most ridiculously strong password is 100% worthless if your online data (via the server itself) is compromised, which happens way more than we'll ever know about.

Even more creepy are the perfectly legal and "legit" uses of your data (make sure you read everything in the EULA I guess) that are knowingly and willingly handed off to various third parties.

Re:obligatory xkcd....

[Sarten-X]

But there's realistically no way to know that from an attacker's perspective. The password could be words, or it could be a string of random letters. If the system allows symbols, symbols will need to be included in the search space.

This tool calculates the brute-force time on a character basis. It says that dictionary attacks still work and should be mitigated by policy and practice.

Re:obligatory xkcd....

I am /supposed/ to hold the shift key while typing numbers on my french keyboard you insensitive clod !

Cost of wrong guesses

[redelm]

Very nice, MD5 hashes can be cracked quickly in massive parallel on GPU hardware. This only matters after the hashes have already been stolen.

Actual security should be more systemic -- the cost of a wrong guess is more than a nanosecond of GPU. There are at least network delays, and in many cases lockouts. The latter make random guessing too costly/slow, especially progressive systems that allow 5 wrongs immediately, 10 in an hour, 20 in a day, and lock hard (manual intervention) above that.

My father had one of the early ATM cards but had me operate the machinery. It had an 8 digit assigned PIN, but dropped quickly to 4 when it was realized the 8 were hard to remember, and swallowing the card after 3 wrong guesses was more than adequate.

Horses, Batteries, Staplers, Correct.

[bmo]

Obligatory xkcd

correcthorsebatterystapler

Search Space Depth (Alphabet): 26
Search Space Length (Characters): 26 characters
Exact Search Space Size (Count):
(count of all possible passwords
with this alphabet size and up
to this password's length) 6,
402,364,363,415,443,603,
228,541,259,936,211,926
Search Space Size (as a power of 10): 6.40 x 1036
Time Required to Exhaustively Search this Password's Space:
Online Attack Scenario:
(Assuming one thousand guesses per second) 2.04 trillion trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 20.36 thousand trillion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 20.36 trillion centuries

--
BMO

I entered 12345...

[somarilnos]

And only got the response: "That's the kinda thing an idiot would have on his luggage."

Re:I entered 12345...

[Rob+the+Bold]

And only got the response: "That's the kinda thing an idiot would have on his luggage."

When there's a master key out there issued by the TSA, I wonder how much it matters anyway.

oblig xkcd

[Darkmane]

It actually is stronger. Dictionary attack for single words pass is effective, but for 3+ words it is not, and if you add word separators like you have, it's even stronger.

Also, oblig. xkcd: http://xkcd.com/936/

Re:oblig xkcd

[Winchy]

Also, oblig. xkcd: http://xkcd.com/936/

But if we all start using "correcthorsebatterystaple" that's surely even worse?

Re:oblig xkcd

And, for the record, the website says that the XKCD password would take "1.24 hundred trillion trillion centuries" to crack in an absolute worst-case scenario.

Re:oblig xkcd

[terrab0t]

It says that XKCD passwords (at least 18 lower case characters) would take insane amounts of time to crack, but it doesn't give numbers for a rainbow table attack; that's where an attacker makes all combinations of 1 to 4 words from a list of common ones and tries those first. They would also try word separators like spaces, underscores, dashes and even odd symbols. Those don't add much to the total search space though.

A rainbow table attack would reduce XKCD passwords to about 2048^4 (most use 4 words from a list of 2048 common ones). That's a search space of 1.76×10^13. That would take about 54 centuries of online cracking, 30 minutes of offline cracking and 1.5 seconds of offline mega-cluster hacking. That's not so good.

If you stick a single symbol character into the middle of one of your words (@, #, %, &, etc.), the rainbow attack fails and the search space goes back up to 2.66 x 10^35, or 8.45 hundred billion centuries to crack offline with a mega-cluster. Effectively uncrackable.

Even three words with a random symbol would take 1.18 thousand centuries offline with a mega-cluster. I think I'll go with that from now on.

Re:oblig xkcd

[DarwinSurvivor]

Consider the following:

10 random upper+lower+numeric+symbol password: 6.05 * 10^19 possibilities (ex: "Wi`t&^G6~7")
6 random words (using a dictionary of 2000 common English words): 6.40 * 10^19 possibilities (ex: "interval endeavour regret fault outer fringe harden")

Now tell me which one you'd rather try to memorize! Also keep in mind, that adding random character and swapping out character (ex: E become 3) is NOT equivalent to a completely random password.

Re:oblig xkcd

[Guspaz]

So your solution to the problem that nobody can remember randomized-per-character passwords is to massively increase the character set that people need to memorize? That's not helpful. The XKCD example was to show that it's possible to create easy to remember passwords that still have a whole bunch of entropy; the status of ASCII versus Unicode doesn't change anything at all in this regard. If anything, it makes the case for XKCD-style passwords even stronger.

Re:oblig xkcd

[DarwinSurvivor]

Then don't PICK words, use a random generator to do it for you!

dict_length=`wc -l word_list.txt`
for i in $number_of_words_needed; do head -n `random_number_generator_here $dict_length` word_list.txt | tail -n 1; done

Chose what-ever random number generator command you want and use it in the above to generate a random pass-phrase that has NOTHING to do with your taste in words (unless of course you download a Pokemon wordlist or something...)

Re:oblig xkcd

[qubezz]

Now I've made a simple Google search for the unsalted password hash crack it: (about 0.22 seconds)

correcthorsebatterystaple
MD5 e9f5bd2bae1c70770ff8c6e6cf2d7b76
2xMD5 877545bf6da2cb337e8a38ee07c701c2
SHA1 bfd3617727eab0e800e62a776c76381defbc4145
2xSHA1 37dc3c7d0e0c3c78fc65e41a0c50668db3767b4a
SHA256 cbe6beb26479b568e5f15b50217c6c83c0ee051dc4e522b9840d8e291d6aaf46
2xSHA256 3945a11613fb45523453c83f17c9b3ca0dc0f06d68c4add18ba891bd68d2093a

Re:oblig xkcd

[jonadab]

> Add even one Unicode character to the mix, and suddenly you got an insane amount of possibilities: 110182^n

No.

At *best*, adding one Unicode character improves your password strength to about the same extent as making your password three characters longer. In practice, it's not even that good, because Unicode characters are not all equally likely, not by a long shot.

> regardless of the amount of words in there, dictionary attacks are *always*
> way more effective against passwords made out of simple words.

Yes, that's true. However, the amount of entropy in a password composed of N elements goes up as N increases, and it goes up MUCH faster if there are a lot of possibilities for N than if there are only a few. This is why a password composed only of numeric digits has to be very long in order to be secure, because there are only ten possibilities for each digit. An alphanumeric password can get the same amount of entropy with fewer characters. For the same reason, a passphrase made out of words does not need nearly as many words (as the number of characters that would be needed if constructing the password out of characters). A four-character password made out of traditional mixed-case alphanumeric ASCII (like J8xU or pk7Y) has roughly 36^4 or around 1.6 million possibilites. A four-character password made out of ISO-8859-1 has about a hundred extra possibilities per character, so for the whole password there are more like 600 million possibilities. Throwing in one Kanji makes that more like 1.2 billion possibilities. Using Kanji for all four characters gives you about 16 trillion possibilities.

However, a four-word passphrase generated from even a relatively small dictionary (say, /usr/share/dict/words -- which is intended for use by spelling checkers and such -- with the capitalized entries removed from consideration) contains something like 1.6(10^19) possibilities -- about a million times as many as the password made out of (the same number of) Kanji. Switch to a larger dictionary, and the numbers become even more impressive.

The English language contains far more words than the number of characters in all the world's writing systems combined.

(Yes, there are more Unicode characters than Kanji or even Hanzi: about a hundred and ten thousand altogether, as of January this year. SOWPODS contains more than twice that many words, and it claims, in theory, not to have proper nouns or abbreviations unless they are also words, although whether it really adheres strictly to this is rather arguable. A really thorough dictionary, including proper nouns and such, would have at least three hundred thousand entries, maybe more.)

Re:oblig xkcd

[jonadab]

> Or you could just create a mnemonic device to remember the 10 digit one.
> Sure, it's a few extra words to remember, depending on your system, but
> it's FORTY FEWER characters to actually TYPE.

If you're willing to remember more than you're willing to type (e.g., because you're paralyzed from the neck down and have to do all your input by blowing into a straw or something), a reasonably good technique is to make up a sentence (which you remember) and just type the first letter of each word. Including some proper nouns in the sentence gives you mixed case, and if you like you can throw in the punctuation as well. This technique gives you somewhat less entropy than a password of equal length made of legitimately random characters (because, some letters are much more common on the beginnings of words than others), but adding an extra word/letter or two should pretty well make up the difference.

However, most people can type better than they can memorize, in which case the main advantage of this technique is largely unimportant.

Also, if you do use it, it is important (at least in theory -- assuming enough people use this technique for password crackers to take it into consideration) to *make up* a sentence, not use a famous quotation. Fsasyaofbfotcannciladttptamace for example would not be a particularly good password, despite its length. ItbGcthate is even worse.

Re:Poor security

[wvmarle]

The problem about those hash functions is that you're never going to get the password guess rate as suggested by the article on modern hardware. After all for every single password the hash has to be calculated.

You can create a dictionary for that of course, and that way you will have many many passwords in a very short time. But add a little randomness to your password and very good chance you're out of the dictionary table and that your password is practically unguessable.

Break into a server, get a million usernames+hashes, and seconds later you have done your dictionary attack and have maybe 40% of the passwords in your hands. I'd say that for most purposes of the attacker that's good enough (assuming they're not targeting a specific account).

Plain Text

[grandpastackhouse]

So your super-duper trillion-century password should work great until someone runs an injection attack and downloads the website's plain-text password database

Re:Password input is too simple

[Skarecrow77]

If I had to do that shit every time I sat down at my laptop (which I lock every time I get up, which happens a lot), I'd fucking kill myself. it's already annoying enough having to type in my 22 character password every time I sit down.

hell we're only a few years away from real-time retina and dna scanners anyway, at which point passwords will be obsolete... at least, that's what gattaca told me.

Re:obligatory xkcd....

[progician]

You can make enourmous gains just throwing 2+ words that makes somehow sense to you (there must be a way to remember them after all), and a single generated word with random alpha-capital-sign-numeric but which doesn't have to be big. Like 4-6 character. That way, there's absolutely no use of dictionary attacks what so ever.

Search Space Size

[th77]

Doesn't just *allowing* the use of numbers and special characters automatically increase the search space size, regardless of whether the user takes advantage of them? It's the fact that cracking systems will focus on all letters first which makes them weaker, right?

already pwned

[__aaltlg1547]

If your password is subject to.more than one guess per second the system is already pwned. The most important thing is not to have super secure passwords but to protect the system so the crackers can't get access to the hash files in the first place. If the crackers have your hash files, what else do they have?

Re:obligatory xkcd....

[camperdave]

https://xkcd.com/936/

I took the advice from XKCD and I now use nonsense pass-phrases, eg ''purple grass grows on my bedroom ceiling''. It is not too hard to remember, does not contain special characters (other than spaces) since they are hard to remember.

Do you find a lot of services and websites will accept long plain text passwords like that?

Web delay?

[Grizzley9]

I'm not a programmer so this may be a dumb question, but do cracking programs somehow go around the normal web interfaces we all usually have to use? Because many that I use only allow a certain number of tries or the refresh time after each unsuccessful attempt is not instant. Sure if you put the program in a standalone it could do the cracking fairly quickly but that's not always real world is it unless you have some direct access to the server?

Re:Web delay?

[rollingcalf]

They hack the server and get the password file, which has hashed versions of the passwords. For example, the word "password" when run through the SHA-1 hash routine becomes the hash "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8".

There is no reverse formula to get back the original string from the hash. But they can attempt millions of passwords per second on their own computers, running each guess through SHA-1 to see if the result matches any of the hashes in the password file.

In addition, the hackers also have precomputed "rainbow tables" which will tell them the original string if the hash is in a database of billions of known hashes.

Re:obligatory xkcd....

[__aaltlg1547]

But that's an overestimate. Your words form a sentence with.proper grammar so you shouldn't really found each word as 10 bits. Has anybody studied the average entropy of sentences?

Re:obligatory xkcd....

[Bengie]

dictionary will take an infinite amount of years if you employ pass-phrases correctly.

Re:obligatory xkcd....

[__aaltlg1547]

But if the password file is offline, your unencrypted data may be as well.

Re:Poor security

[Rob+the+Bold]

What system would allow someone to make thousands of attempts per second to login?

That's not the problem. The problem is that the lists of user logins and corresponding hashed passwords get in the wrong hands, whether it be due to bad design and/or coding, insecure software, or unfaithful servants. When you have that list, you run brute force against it to get the actual passwords.

And even that isn't the "real" problem, so much as the dependency on passwords, and for that matter, the dependency on passwords that are generated by non-security experts that are mostly out of control of the entity/service trying to secure them. When a user gets to pick their password, which is probably the only way one can be generated that the user can remember, he or she is creating a password to prevent people from doing just what the OP suggested: breaking into his/her yahoo/linkedin/facebook/etc. account. The user is not creating a password for the purposes of making the service's password table harder to crack should it leak out. The user is probably unaware of this kind of attack, and really ins't qualified to defend against it anyway, being almost certainly out of his or her area of expertise.

When a bank rents you a safe deposit box, they don't depend on you to build your own lock and key.

I don't have a good solution to the problem, but I do think that we're trying to solve the wrong one.

Pass phrase

[Kergan]

I'm irked to no end by articles that suggest the use of impossibly long to remember passwords. Can we please be told to use pass phrases instead?

Much about everyone knows witty quotes, religious quotes, song lyrics, movie lines, etc. Surely they can successfully use these as pass phrases? Good luck brute forcing something like this:

Proverbs 21:19 -- It is better to live alone in the desert than with a crabby, complaining wife.

Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 23.36 billion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries

Re:Pass phrase

[geekoid]

Geekoid 1:1 It is better to be happy then to boil all thing down to two equally absurd dichotomies.

Password checker?

[Scutter]

Soooooo....enter your password into this completely legitimate and not-at-all-a-harvesting-tool password checker and we'll tell you if it's secure?

Ima get right on that.

Re:keepass

[DangerousDriver]

Until you register with, let's say Vodafone, and you try to use something other than letters and digits:

Your password doesn't meet the security rules. It must be at least 8 characters long and contain at least one number and one uppercase letter. Please use letters and numbers only.

Re:Better

[Kergan]

It's actually a great prank by a French Grande Ecole.

Here's what you get when you enter one:

Security assessment for password "Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM"

Thanks for disclosing password "Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM" to us!

Password Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM

Score

0 % - Insecure

Assessment

You just disclosed password "Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM" to an untrusted third party (us). You have no way to find out what we intend to do with it. Maybe we logged it and intend to publish it or to use it against you? For this reason, password "Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM" is now compromised. It is therefore insecure and should not be used in any situation.

Suggestions

Do not disclose your passwords to any untrusted third party for any reason.

If you are actually using password "Parse error: syntax error, unexpected T_PAAMAYIM_NEKUDOTAYIM", stop using it and change it immediately.

Change any other password you may have compromised in this way before you used the Estatis Password Security Checker.

doddering port prodder

[epine]

Man, Gibson has completely lost it--and it was always a bit dubious if he ever had it to begin with.

I'm sure the NSA has a very complex model of password structure based on every password they have every captured or broken. They would certainly try longer passwords with high symbol repetition rates before shorter passwords with uniform distribution over large symbol sets.

The correct asymptotic answer involves Kolmogorov complexity theory: what's the shortest program (on a chosen universal computer) which prints out each of those strings? Hint: the program that prints out d0g................. is probably not a long one.

But wait ... you first seed the machine with every password known to the NSA that has ever been cracked or stolen. This does not count as part of the program length. Now test the passwords in roughly the same order as the associated minimal generating program. This isn't tractable, but even a ham-fisted approximation is less stupid than Gibson's assumptions.

More to the point, non-uniform scheduling is not the most trivial coding challenge in the massively parallel implementation.

But then if he had the wits to also print out the answers in joules and not just years he would realize that the economics quickly tips to favour investing in a distributed password cracking scheduling algorithm on the order of the complexity of a 3000+ computer chess engine or 6-man EGTB generator.

Re:obligatory xkcd....

[Alain+Williams]

Only counting words that are entirely lower case my /usr/share/dict/words has 355543 lines which is some 19 bits. However: I would not know most of them. Estimates on vocabulary size are ''10,000-12,000 words for a 16-year-old, and 20,000-25,000 for a college graduate''. Lets be a pessimist and take 10,000 words. Ignoring the small words my phrase contained 5 words, so the number of permutations is about 10,000^5 which is about 10^21 combinations.

Using their Massive Cracking of 10^14 guesses/second - my pass phrase would take some 10^6 seconds or 11 days to crack. Not many organisations have the computational hardware for Massive Cracking, so I am probably reasonably save from all except CIA/GCHQ - and they would probably get me by other ways.

Can anyone give a better estimate ?

my password is un-crackable

[yodleboy]

that's why i also use it on my luggage.

Wait, what?

[glwtta]

with almost unlimited computing power for brute-forcing the decryptt: 6 alphanumeric characters takes 0.0000224 seconds

With "almost unlimited" computing power any password will almost take "almost no time" to decrypt.

Is this an issue?

[TheSkepticalOptimist]

Seriously, any system that allows 1000's or millions of attempts to access the same account repeatedly with failing passwords is an inherently flawed system.

I don't like systems that give you 3 attempts and then lock you out, that is unnecessary, but an secure system should expect that "human" entered password will take at least 10 + seconds between attempts and that no "human" would spend several hours/days trying to enter repeatedly failing passwords.

There is a current "myth" that I am required to change my passwords frequently and use stupid rules to construct a password. I think the systems need to change to understand the fundamental difference between human input and computer generated input and then deal with the attack accordingly.

I also read somewhere that using 4 REAL randomly associated words is far more secure then some password full of symbols, characters and digits.

I think password systems need to change, not the way people pick a password, I can't believe any system should exist that allows brute force hacking schemes.

A slight issue with this system

[Gyorg_Lavode]

There's a fundamental error in how steve's doing this. It assumes either the attacker knows the key space you're using or searches all smaller key spaces first. Instead, an attacker is more likely to use a word list with a set of permutations. that may mean that Password1! breaks even though it has a nice key space. On the other hand, passssword may not break because it's simply too computation intensive to check adding the entire key space into the middle of the dictionary in every location. You'd have to search every number, letter (upper/lower), and character inbetween every other letter in the word and then do it again with combinations of two characters for every word in your dictionary. (BTW, I can't take credit for this insight. It was presented at defcon a few years ago. As a sidenote, at the presentation, I believe someone indicated some password crackers will try characters inbetween the sylables. To generalize this, you can use a pattern to create your password with a very small keyspace and unless the pattern and keyspace is known to your attacker (either because you leaked it or you chose a common pattern) your password can be safe.

Is GRC some kind of trusted resource now?

[xrayspx]

I have to wonder why anyone listens to Steve Gibson about anything, ever. He goes back a long way, making sweeping claims about things he kind of understands based on research done by actual security professionals. Has he gotten better at things in the last decade or so? He always had a tendency to hear something, run off on a tangent creating press releases and small tools, and then get shouted down by the security community at large. Examples including who did the heavy lifting: Raw Sockets (l0pht/@stake IIRC [and whoever the initial researcher was, they did NOT spin it as the apocalypse, as Gibson did), WMF (Ilfak Guilfanov), SYN Cookies (djb), DNS (Dan Kaminsky), and this article right here.

Slashdot always seems to be his willing dupe and publicizes whatever he is concerned with at the moment.

Re:Poor security

[tompaulco]

That's not the problem. The problem is that the lists of user logins and corresponding hashed passwords get in the wrong hands, whether it be due to bad design and/or coding, insecure software, or unfaithful servants. When you have that list, you run brute force against it to get the actual passwords.
I suspect that if you have that list, then the individual users logins and passwords are of no use to you. Unless of course you have acquired that list secondhand.

Guinness milkshake

[invalid-access]

Apparently Steve and I share the same taste in food, if not passwords. The pic being taken at Rudy's Can't Fail Cafe in Oakland CA who make a mean Guinness milkshake, yum. Highly recommended to those in the area.

Re:Poor security

[grumpyman]

Thank you.

if the Russian mafia bear-hugs big data

[epine]

Addendum:

Not only would the NSA have such a model, but it would be conditioned on any number of details they might know about you: your nationality, ethnic background, date of birth, education, profession, operating system, and keyboard skills. Factors of ten are worth having.

Worse, if they've siphoned many of your other passwords over the intertubes--perhaps passwords you don't actually care much about--they would still attempt to detect structural patterns to bias the password search order for more complex passwords you do care about. Ideally there's a sharp schema discontinuity.

I pretty much use apg on my OpenBSD box for any password I care about (an uncompromised entropy source and RNG also matters). As a compromise, I've set apg to generate what I would estimate as about 60 bits per password, then I filter and discard the ugliest ones, shaving a few bits to finger compatibility. With this practice, after conditioning my profile on quasi-elite best practice, cross entropy won't provide much additional boon.

Password inflation runs about ten bits per decade, while my brain deflates about three bits per decade. The center cannot hold. Already I can barely hold in mind my semi-mnemonic apg-generated 60-bit passwords long enough to use them twice.

Re:if the Russian mafia bear-hugs big data

[Vegemeister]

I've set apg to generate what I would estimate as about 60 bits per password, then I filter and discard the ugliest ones, shaving a few bits to finger compatibility.

My people.

Re:obligatory xkcd....

[Scarred+Intellect]

using xkcdpasswordmethod I get 97.49 centuries on the Massive Cracking Array Scenario.

Interestingly, MassiveCrackingArrayScenario yields 2.89 hundred million trillion trillion centuries

You're doing it wrong...

[Krazy+Kanuck]

You password is only as good as the system recording it. You could have a 30 character complex password and if the site can be comprised by a simple SQL injection and stored in plain text then it really doesn't matter now does it? All this shenanigans lately around password hash files and security needs to be put back on the providers.

my fav password

[BlackSnake112]

is: "What 1s Th3 p4ssw0rd Tod@y"

The spaces are in there. And no it is not on any important system or account. I use it if I set up a test system for a while (a week or two at most) that I have to share with other people. Everyone can remember that password. The funny thing was we had a company come in to test out security. They did not get that password after trying for a 24/7 for a week.

Re:obligatory xkcd....

[BlueParrot]

My personal favourite is to translate some of the words into random languages after I have made the passphrase. It's not difficult to learn a few foreign words, but since the attacker doesn't know which languages you used he gets the fun task of trying ALL languages that use the latin script. Since there is more than 100 languages using latin characters in the world, even a moderate dictionary size of 10000 or so would give you a total of more than a million words, resulting in the generated passphrase having in excess of 10^24 possible combinations. If the attacker can try a billion passphrases per second, it would take 31.7 million years to try them all.

This just in..

[hackula]

Assuming near omnipotence I can travel around the world in .000034 seconds, lift 12,232,235,656 pounds, and come up with the most pointless slashdot article all at once. Thoughts?

Re:obligatory xkcd....

[smellsofbikes]

there are 15,222 words in the english language according to oxford english dictionary.

This is off by more than an order of magnitude: the Oxford English Dictionary claims it has 171,476 words in it and point out that this is an underestimate of how many base words are in the English language -- probably more like 250,000 -- and that doesn't begin to cover compound or specialist words.

GP is wrong...

[xded]

But, IMHO, not too much, statistically.

I expect most of the people putting the mandatory uppercase letter at the beginning of the pass and the mandatory number (usually a '1') at the end.

Re:obligatory xkcd....

[Skarecrow77]

my source was apparently flawed as all hell then.

Re:obligatory xkcd....

[Guspaz]

Nope, and my attempt to use even just four reasonable length words (the 5 to 7 letter each ones) on my Battle.net account failed. I ended up having to drop it down to three, so I threw in a single letter substitution and then activated two-factor authentication on my account.

Hmmm, not too shabby

[Khyber]

A password I just randomly chose (1mg0nn@fuckyourm0m) would take roughly 4 billion centuries to crack.

Sometimes childish 1337$p3@k is fucking awesome.

But will it play in Bluffdale?

[jetcityorange]

Hats off to the venerable Steve Gibson for an excellent teaching aid. If nothing else he presents an interactive tool that begins to highlight how stoopid your pet's name, spouse's birthday, or favorite song title is. For most folks, current company excepted, trying to explain how to measure number space for a given password length & character set is a useless exercise. That said, the Password Haystack motivated me to harden my passwords. 1.65 hundred centuries using a Massive Cracking Array Scenario works for me. Can you say "Bluffdale 84065"?

the attacker knows

[OrangeTide]

statistically you can work out the probability for each of N capital letters. Let us assume that because this article and several others like it, are only suggesting that people add a single capital letter. then the search space doesn't really get bigger. for a 10 character password it is only a single order of magnitude. For a 30 second search on an all lower-case it takes 5 minutes for one known to have one upper case. Helpful, but not really all that impressive.

likely the attack will just search most likely to least likely. so: dictionary words, random lower, 1 upper, 1 number, 1 symbol, lower + upper + numbers
as you add together the time it approaches the worse case search through the entire space.

the tool 'pwgen' produces pretty good passwords, numbers and upper. but it does pick them out in a certain way, so if you knew people were using pwgen for their passwords (that's unlikely to happen) you could dramatically reduce the search space despite the program's "strong" passwords they are selected according to some criteria to make them easier for a human to memorize. example passwords:
Quob5foh Theeji6c OhGhie2E xi0omiNg oGhai6bu uB9Caisi Thahvei0 Iecohl8z
weiGh3ie LahGoh3t uR3SaiJa ie0ja2Ah doS1looh Oa1maiph dei6OhQu AeNei8Ch

Chntpasswd, FTW!

[Gazzonyx]

Any LiveCD with chntpasswd(8) should do the trick. Choose one that only gives you a command line (Trinity, IIRC) and memory won't be a problem.

Not real world

[pubwvj]

Dumb theory. In the real world the cracker has to wait for a response from the system. If the cracker tries too many times, too fast or such then the system just locks the cracker's IP out and if this keeps happening locks the account out for a timeout. This makes it take centuries instead of seconds.

a simliar password then one I use

[geekoid]

would take:
Online Attack Scenario:
(Assuming one thousand guesses per second) 14.14 million trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 1.41 hundred billion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 1.41 hundred million centuries

same number of characters, same number and organization of numbers and letter. Just different numbers and letters.

There is more than one way to skin a cat :

[GigaBurglar]

http://img705.imageshack.us/img705/6066/passwordo.jpg

1 thousand guesses a second

[pr0fessor]

against a remote site doesn't any decent site usually lock an account after 3 - 5 attempts

Irrelevant

[MacGyver2210]

I don't bank online, I don't do anything particularly secure online, and I don't really care who accesses my accounts. My password has been the same for the better part of a decade, and with the exception of my email, everything I use has pretty much the same password.

My password is supposedly trivial to crack. It is an 8-digit dictionary word, all lowercase. No numbers, no symbols, simple.

According to this utility, your average Anonymous script kiddie would still take 6.97 years to crack it.

Well call me unworried.

Re:Password input is too simple

[imjustmatthew]

I'm not sure this would work from the perspective of intentionally including it; but I think it would be an interesting way to "flag" accounts for extra verification. People have different typing styles and your natural timing of entry for a password should be computable from logins over time. If the entry is significantly off it can be a yellow flag to indicate that maybe it isn't you entering the password. Combine that with some other factors (e.g. IP history, user agent strings) and you could perhaps identify accounts that are likely compromised and require an extra verification step.

I don't really have time to work this out and try it, but it'd be very interesting to try.

Re:obligatory xkcd....

[zehaeva]

I am unsure where you heard that there are only 15,222 words in the English language but I just checked the OED website and they say it's closer to 170,000 words. http://oxforddictionaries.com/words/how-many-words-are-there-in-the-english-language

Re:Why this tool may lull you into false security.

[bmo]

But the idea is valid if you include easy to remember made-up words and proper nouns and such. If you include uppercase at the beginnings of words and include spaces, then you've really given the rainbow table generator guy a run for his money.

I am glad that you didn't fall into the trap that people do and then say OMG, YOU USED REAL WORDS!!!@#!@$#!!ONE!!1 and then assume that partial passwords are recoverable and you only need to test for one word. Which, is not how it works. I've run into that argument time and again and I don't know where people get the idea.

If you also read further, he goes on to say that the length of a password is really important, and gives two examples: one that looks easy to crack, and one that looks secure, but the one that looks easy isn't the easy one, because it has all elements of a "secure" password and is longer (more bits to run through the crack) that the "difficult" one. And once you make the person running the crack have to guess how long the password is, you've probably already won.

I just wanted to run the xkcd password through to see what I'd get. I'm sure the xkcd password is part of everyone's dictionary by now and is useless as an actual password.

A secure password doesn't have to look like an already hashed password.

As for a source of words not found in typical dictionary files that will give squiggly lines everywhere when used in documents, go to the Phrontistery.info, which on my screen is squiggly-lined.

>. With four words, that's 44 bits total as their entropy is multiplied together.

Order matters, it's not just multiplication. 11 bits ^4

http://www.mathsisfun.com/combinatorics/combinations-permutations-calculator.html

Screenshot: 2000 words, 4 of each, order matters, repetition ok: http://imgur.com/0n5XL

--
BMO

Re:obligatory xkcd....

[Lord_Naikon]

My /usr/share/dict/words has:
235924 words in total,
10231 5 letter words
17707 6 letter words
23880 7 letter words
in the english language.

I'd say that your estimates are indeed very conservative :-).

2 Tries, and doesn't matter anyway.

[DarthVain]

It took us two tries to crack an iPhone.

1234
chicks birthday. (may have done DD/MM and MM/YY can't remember)

I guess what I am trying to say, is the the amount of time it takes is directly proportional to the information I know about you. Which given social media, and the like is a lot.

Thinking some evil empire is going to "brute force" your 2048 bit encrypted pass phrase is stupid. It is more likely going to be some jerk that either phishes it, spoofs it, keylogs it, social engineers, etc... whereby basically it takes zero seconds to crack your code, because you just gave it to someone willingly.

This isn't some Russian hacker with a nuclear powered pentium 5 linux RISC chip out to crack your codes. Much more likely, no codes will be broken, a security vulnerability will be taken advantage of giving access to yours and 2.2 million other passwords.

People need to get their perspective corrected.

Re: XKCD. Tested; proven!

[killfixx]

I decided to test this method against the GRC tester and it was flawless. Try it for yourself --choose 4 RANDOM words 5 characters in length. Works amazingly well. Avoiding popular phrases (common sense; no bible verse, songs, book or movie quotes, etc...) and meaningful groupings (seveneighttwelve) goes a helluva long way to making a very secure passphrase.

Except... And this is the problem...

Popular "security best practices" SPECIFICALLY prevent you from using, what would otherwise be, a secure password.

They always want mixed case alphanumeric at minimum. And, a significant number of websites have maximum length limits too.

Hrmmm, I wonder if "they" purposely choose the illusion of security because they know that "we" are stupid and lazy...*

"They" and "we" in no way represent any person or entity, living or dead...yadda yadda yadda, blah blah blah...

Re:Why this tool may lull you into false security.

[bmo]

>I'm not sure what you're correcting me about here since multiplying 2^11 * 2^11 * 2^11 * 2^11 = (2^11)^4, which is how you do a permutation that allows repetition. The math words out the same, and your result using 2000 instead of 2048, works out to 43.8 bits of entropy (which rounds up to 44). (No offense taken, though.)

Meh. Need coffee.

I used 2000 words because of what you started with. If we're going to start in Decimal, we may as well stay in Decimal for the calculation and stay away from converting to different bases. KISS.

--
BMO

Stronger but for minor gain

[Sits]

The big gain in entropy when using multiple words is from password length. Having symbols, case changes and unusual characters all increase entropy but over a certain length there are just to many combinations of lower case letters for brute force to be effective. Why complicate it further and risk slower typing speed/mistyping?

Re:Why this tool may lull you into false security.

[bmo]

To follow up on my message,

I think that 2000 common words is unrealistically too small a vocabulary for everyday use.

It's probably on the order of 10,000 in daily use by joe schmoe.

The Second Edition of the 20-volume Oxford English Dictionary contains full entries for 171,476 words in current use, and 47,156 obsolete words. To this may be added around 9,500 derivative words included as subentries. Over half of these words are nouns, about a quarter adjectives, and about a seventh verbs; the rest is made up of exclamations, conjunctions, prepositions, suffixes, etc. And these figures don't take account of entries with senses for different word classes (such as noun and adjective).

This suggests that there are, at the very least, a quarter of a million distinct English words, excluding inflections, and words from technical and regional vocabulary not covered by the OED, or words not yet added to the published dictionary, of which perhaps 20 per cent are no longer in current use. If distinct senses were counted, the total would probably approach three quarters of a million.

- http://oxforddictionaries.com/words/how-many-words-are-there-in-the-english-language

and....

In December 2010 a joint Harvard/Google study found the language to contain 1,022,000 words and to expand at the rate of 8,500 words per year.[84] The findings came from a computer analysis of 5,195,769 digitised books. Others have estimated a rate of growth of 25,000 words each year.[85]

- wikipedia.

What does this mean?

IMO, predicting what people are going to use for their correcthorsebatterystapler passwords is nigh impossible and to crack the password of someone who is evenly slightly motivated to have a non-weak one will probably require heat-death of the universe time to crack with a distributed crack. There will always those who use "it's just the letter A" but there is no cure for stupidity.

"It's just the letter A" http://www.youtube.com/watch?feature=player_detailpage&v=uRGljemfwUE#t=399s

YMMV of course.

--
BMO

Re:obligatory xkcd....

[smellsofbikes]

Your source was probably listing the average working vocabulary of people: 10,000-20,000 words is a fairly typical working vocabulary. People who worry about such things usually claim that English has significantly more words in it than any other language, estimates ranging up to a million words, while many other languages have estimates closer to 100,000 words. (If the people talking about it can stop arguing about what counts as a word for long enough to agree on something: German mashes together nouns into single words; Mohican can jam the subject, the object, the verb, the tense, and a declination all into a single word.) Within the context of this discussion, people are only going to use words from their working vocabularies or maybe a little bit more -- it's likely most people recognize the word susurration and might use it as an obscure password, but would never use it in speech or writing otherwise -- but someone trying to brute-force a password would have a lousy return on investment in trying to decide what a core 15,000 word vocabularly would be, to only use those words in the brute-force attempt.

Step Right UP!!!

[iiii]

and Behold the Mystical Power of EXPONENTS!! Prepare to be amazed!! We will magically create numbers so big they are Unimaginable!!

However, if you disable the account...

[Maxo-Texas]

If you disable an account after failed attempts, you get three tries.

If you disable an account for an hour after failed attempts- and alert the owner, you may get 9 tries.

Re:obligatory xkcd....

[__aaltlg1547]

That would be how many words you know. I think the more relevant number is the number of words that people use in speech. Almost all the words that would be used in plain text (xkcd-style) passwords would be drawn from the much smaller set that most people use every day. "head" is more likely to be used than any of its synonyms

Re: XKCD. Tested; proven!

[Fjandr]

And, a significant number of websites have maximum length limits too.

Sites and services that artificially limit the character set and length of passwords annoy the hell out of me.

So how does the math work...

[Tastecicles]

on a passphrase of 63 characters, through a triple cascade encryption?

Obviously, this is an offline setup.

Re:Eh?

[zill]

The first digit identified the type of industry as is shown if you go here ->>>> http://en.wikipedia.org/wiki/Bank_card_number

If you could just read your own damn link:

MasterCard 51-55
Visa 4

It's right there in the table.

Yes, I know about the industry types. The vast majority of commonly used credit cards are issued by the banking industry, with the first digit being either 4 or 5, so I didn't bother mentioning the other less common starting digits. More specifically, the vast majority of commonly used credit cards are either Visa (starting with a 4) or MasterCard (starting with a 5).

11.44 thousand centuries?

[issicus]

or six minutes... wow that was helpful.

The closest many slashdotters will get to sex!

[Dabido]

10 characters with a symbol: Possible combinations: 171.3 sextillion (171,269,557,687,901,638,419; 1.71 x 1020)

Computing power

[jriskin]

Shouldn't any reasonable calculation that attempts to illustrate password strength beyond a year take in to account the increasing compute power of the past 30 years or so?

Re:obligatory xkcd....

[petermgreen]

This tool calculates the brute-force time on a character basis. It says that dictionary attacks still work and should be mitigated by policy and practice.

What it doesn't emphasise is that there is a world between the "dumb dictionary attack" (try all words in a dictionary) and the "dumb brute force attack" (try all combinations of characters in an alphabet). That world is what a smart attacker will inhabit.

Something like "Mother!fucker" would't be cracked by either the "dumb dictionary attack" and the "dumb brute force attack" but that does not mean it is a strong password.