[JTG]

Today's xkcd got me thinking:
[hide=commentary on passwords]
To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
[/hide]

Why do so many sites require symbols and caps and stuff still? It's not like anybody goes through guessing off the top of their head what your password is. The only person that keeps from remembering the password is the person who already knows it but may have forgotten where that hyphen was, or which of those letters was replaced with a number.

On the other hand, a bruteforce attempt by a computer wouldn't care whether that o was a 0 or whether that common word had two random symbols inserted at the end.

Does anybody here use uncommonly long passwords to increase security? Wouldn't this be a better approach?

[themuzicman]

Well, there's a couple of problems with the second entry:

First, if a password hacker knows there's only lower case letters, then the pool size they have to use goes down significantly.

Second, if a password hacker knows there's only dictionary words in the password, that reduces pool size of combinations of letters to try.

(I don't have the math here, but reducing your potential characters from over 80 to 26 is significant, as is only using real words.)

So, while this might help in a pure brute force attack, any hacker with some knowledge of how passwords are assembled will incorporate those things into his attack, making his job far easier.

However, if you make a password too long and complex, it does increase the chances that many users will write them down on a piece of paper and tape it to their monitor.

[JTG]

Hmm... crunching some numbers really quick

Six digit password with 80 possible states per character = 262,144,000,000 possible combinations. Extend to ten digits for 10,737,418,240,000,000,000

Eight digit password with 26 possible states per character = 208,827,064,576 possible combinations. Extend to thirteen digits for 2,481,152,873,203,736,576 (which isn't as close, but adding another digit blows away the alphanumeric alternative)

Assuming the user has a camelCasePassword, adding one capital to differentiate words (in the 8-digit example) increases complexity to 417,654,129,152 unique states.

Of course, potential solutions would be drastically reduced if the hacking attempt knew that actual words and all lowercase were used, but that would be a pretty big assumption unless the person had physical access to some clue, such as watching the person type in the password.

I guess a script could be written to attempt all-lowercase states first and then to expand into caps and then into symbols/numbers, but since most people have been trained to include symbols and numbers, this approach would net slower results on average than a default bruteforce.

The whole idea is moot anyway, since these days, your password is more likely to be stolen directly from the database or as a result of a keylogger or such.

Still, it's something to think about. I think i'm gonna start using regular words just to save myself the trouble of remembering where i put the symbols or which numbers i used

[TheLastDragon]

Ask Sony how well their secure keys worked out for them on the PSP and the PS3.

[Quito]

Basically everything that has been said in this thread. It just doesn't really make sense for individual users as you're probably not going to be targeted if you've nothing important.

[HackerX]

Originally Posted by JTG To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.

Why do so many sites require symbols and caps and stuff still? It's not like anybody goes through guessing off the top of their head what your password is. The only person that keeps from remembering the password is the person who already knows it but may have forgotten where that hyphen was, or which of those letters was replaced with a number. On the other hand, a bruteforce attempt by a computer wouldn't care whether that o was a 0 or whether that common word had two random symbols inserted at the end.

It's more about defeating rainbow tables, rather than pure brute force. Though, as you pointed out, increase your symbol set and you increase time

[Jalex]

It is like MS example password: Pass_word1 .... tell me that is not hard enough to guess? and easy enough to remember...

No need to go super fancy (I have a friend who generates each 70 days different 15 character passwords with a super complex algorithm)...
To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.

[Necrosis]

Originally Posted by JTG To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.

Today's xkcd got me thinking: [hide=commentary on passwords] To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts. [/hide] Why do so many sites require symbols and caps and stuff still? It's not like anybody goes through guessing off the top of their head what your password is. The only person that keeps from remembering the password is the person who already knows it but may have forgotten where that hyphen was, or which of those letters was replaced with a number. On the other hand, a bruteforce attempt by a computer wouldn't care whether that o was a 0 or whether that common word had two random symbols inserted at the end. Does anybody here use uncommonly long passwords to increase security? Wouldn't this be a better approach?

At my job on some of our machines we are required to have 15 char passwords with 3 character types where a caps or # at the beg and end don't count as a type... It also doesn't allow any dictionary words

ex: This3passwordsucks is not valid
ts3Pawrd@#!Scks is valid

Now trying remembering that password after vacation...

[themuzicman]

Originally Posted by JTG To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.

Hmm... crunching some numbers really quick Six digit password with 80 possible states per character = 262,144,000,000 possible combinations. Extend to ten digits for 10,737,418,240,000,000,000 Eight digit password with 26 possible states per character = 208,827,064,576 possible combinations. Extend to thirteen digits for 2,481,152,873,203,736,576 (which isn't as close, but adding another digit blows away the alphanumeric alternative) Assuming the user has a camelCasePassword, adding one capital to differentiate words (in the 8-digit example) increases complexity to 417,654,129,152 unique states. Of course, potential solutions would be drastically reduced if the hacking attempt knew that actual words and all lowercase were used, but that would be a pretty big assumption unless the person had physical access to some clue, such as watching the person type in the password. I guess a script could be written to attempt all-lowercase states first and then to expand into caps and then into symbols/numbers, but since most people have been trained to include symbols and numbers, this approach would net slower results on average than a default bruteforce. The whole idea is moot anyway, since these days, your password is more likely to be stolen directly from the database or as a result of a keylogger or such. Still, it's something to think about. I think i'm gonna start using regular words just to save myself the trouble of remembering where i put the symbols or which numbers i used

As a security person, you have to make the (rash) assumption that a hacker knows all your rules and methods for passwords.

[firebee]

Am I the only one who recognized the system in the second panel instantly and has known about it, although not used it much due to practical considerations and a streak of laziness, for several years?

The system is called
To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
, and was designed by a cryptographer who goes into a fair bit of discussion as to how the system works, mathematically speaking. Roughly eyeballing the entropy figure in the second panel, they are talking about the difficulty to crack the password not on the basis of its length in characters alone but actually assuming that the attacker knows the precise method used to generate the password AND has the exact dictionary used to generate it (of which a standard one is available on the web).

Which, if you haven't learned much more about passwords than the "Ten Tips for Keeping Your Data Safe" in circulation on CNN or whatever, sounds pretty much like shooting your dog and then using your former dog's name for the password -- because, omg, dictionary words are bad, and lower case letters are only 26 characters, and et cetera.

The trick is that a Diceware passphrase isn't a long password composed of a random selection among 26 characters (which would actually, for comparable length of password in characters, be more secure if you didn't go insane first), it's actually a somewhat short password (or a standard-length password in many places, if you pick five or six words instead of four) selected from an alphabet of 7776 characters, transliterated into the Roman alphabet. And, if you use casino dice to generate the index number (as is recommended), it's a completely random selection among those 7776 elements -- which is decidedly unlikely to happen in most other systems.

Math is fun.

(Amusingly, there's one of my infrequently-visited websites that I have to reset the password EVERY. TIME. I go there because they have some sort of annoyingly kinky foible in their password selection rules that throws a wrench in my usual system, meaning that I invariably beat my head against their login screen until I get quite annoyed, then reset my password, then see their whips and chains oh yes we are very secure rule and remember what my password probably was. I should probably just munge my password every time and just accept that my password is effectively "Salthawk" plus access to my email account. But they are very secure, oh yes.)

[Ricardo Diaz]

	Originally Posted by JTG To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
	On the other hand, a bruteforce attempt by a computer wouldn't care whether that o was a 0 or whether that common word had two random symbols inserted at the end.

You could use characters not found on keyboards or most character maps...

[Zionoxis]

Is it wrong that my password for my computer's encryption scheme is part of the Oscar Meyer Weiner song?

[roninpro]

	Originally Posted by themuzicman To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
	As a security person, you have to make the (rash) assumption that a hacker knows all your rules and methods for passwords.

I don't think that it is so much making a "rash assumption" as much as demanding the highest level of security.

[floramacivor]

	Originally Posted by themuzicman To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
	However, if you make a password too long and complex, it does increase the chances that many users will write them down on a piece of paper and tape it to their monitor.

So? Isn't a hacker most likely to be someone you don't know at the other end of your computer rather than someone who's physically where they can see your computer? (No, I don't keep my password taped on my monitor or anywhere else.)

[Zsych]

I have some moderately complex passwords that I find easy to remember. You can use anything that means something to you, and letter number substitutions are easy to remember when standardized. 4 for a for example.

[Americano]

Do some systems let you make passwords composed of various characters from different alphabets? For example: ñاخ本зыф ? Such a password would be considerably more difficult to crack through brute force.

[tooboku]

	Originally Posted by JTG To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
	Today's xkcd got me thinking: [hide=commentary on passwords] To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts. [/hide]

If you hover over the image on the actual page, the meta tag specifically apologizes for the invalidity of this comic.

This does not defeat a dictionary attack. You can simply modify your algorithm to start concatenating words. It will take longer but not that long. The password will still be defeated in a relatively short amount of time.

---------- Post added 08-14-2011 at 01:19 PM ----------

	Originally Posted by Zsych To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
	I have some moderately complex passwords that I find easy to remember. You can use anything that means something to you, and letter number substitutions are easy to remember when standardized. 4 for a for example.

I like to make acronyms for sentences with numbers in them.

[JTG]

	Originally Posted by tooboku To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
	the meta tag specifically apologizes for the invalidity of this comic.

	Originally Posted by alt text from that xkcd
	To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize.

I assumed this meant having an argument with somebody who claims "i have an ampersand and a capital letter in my 6 digit password, so it's more secure than your 15 digit password that doesn't have any."

[tooboku]

-_- I give up.

Password length isn't that important anymore if you want to go the route of hash collision. They do not try to guess the password. They generate a different one that has the same hash. With salted hashes this becomes more difficult to do but having dictionary words in your password will not help. It will only slow down a dictionary attack by a few minutes.

[firebee]

	Originally Posted by tooboku To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
	If you hover over the image on the actual page, the meta tag specifically apologizes for the invalidity of this comic.

Actually, no. The meta tag reads "To everyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize."

In other words, he's apologizing for the anticipated hordes of people who are going to go "but but lower case letters but dictionary words but but!!!!!" because they totally read the top ten tips for a wonderful password but don't understand the mathematics involved -- more or less, apologizing to me for this thread.

	Originally Posted by tooboku To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
	This does not defeat a dictionary attack. You can simply modify your algorithm to start concatenating words. It will take longer but not that long. The password will still be defeated in a relatively short amount of time.

Speaking of not understanding the mathematics involved.

The figure the cartoon gives for the second case at least is accurate. I explain why above and provide a link to the website of the cryptographer who designed the system and discusses its basis in more detail.

What you're overlooking is that the act of "simply" concatenating words is not as simple as you think it is -- what words, pray tell, do you concatenate? ALL OF THEM.

If you pick one word from the Diceware dictionary, then the number of passwords you have to search is 7776. This is trivial, and it is the reason why lay people are admonished not to use simple dictionary words as their password. If you choose two words from that list -- at random, remember, then presuming you omit duplicates the number of potential passwords is 7776 (the number of possibilities for the first word) times 7775 (the number of possibilities for the second word) -- 60 million or so possible passwords. If you choose three words from the list, the number of potential passwords is 7776*7775*7774 -- 470 million possible passwords. If you pick four words, as shown in the cartoon, multiply that figure again by 7773, and your program "simply" has to test.... well, a whole fucking lot of passwords.

[tooboku]

2^512 / 2 That's how many combinations you have to try to have a 99% probability of finding a hash collision. If your password does not contain dictionary words, and further more character outside of the alphabet, this is the route your adversary has to take. Do that math. It is significantly larger than 470 million.

I will stop checking this thread now because I will get upset if I don't.

My parting gift:


To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.


---------- Post added 08-14-2011 at 02:42 PM ----------

Over the past 50 years, only less than a dozen people have made any significant contribution to cryptology. Rivest, Shamir, Adleman, Diffie, Hellman, Elgamal, Bruce Schneier... No hurting to xkcd but I don't think a comic book artist has any insights they missed and they all agree with me.

[JTG]

	Originally Posted by firebee To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
	If you pick four words, as shown in the cartoon, multiply that figure again by 7773, and your program "simply" has to test.... well, a whole fucking lot of passwords.

Somewhere over 3.6 quintillion (10^15) passwords, assuming no alterations to the dictionary words (caps, symbols, non-english characters).

-----

Another question to those here who would know:

HackerX mentioned rainbow tables, and tooboku mentioned hash collision. Isn't this distinctly different from password strength, or do weaker passwords get hashed out into weaker end results?

For that matter, is there a certain point beyond which a longer password gets truncated? At some point, isn't the security of the password limited by the hash being used?

[nacht]

	Originally Posted by JTG To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
	HackerX mentioned rainbow tables, and tooboku mentioned hash collision. Isn't this distinctly different from password strength, or do weaker passwords get hashed out into weaker end results?

Not really functionally so. This is all based on the idea that the attacker has the hash file and is attempting to break passcodes in it. So if they have the plain text, you aren't going to be somehow magically "weaker" for hashing it. You can theoretically guess a collision, but if you aren't going against the actual hashcodes in the file and trying to guess via the interface you are going to encounter standard things like time to response and account lockouts. So from a functional standpoint, they need the hash file, at which point it is providing an extra level of security rather than reducing it.

A rainbow table is where you precompute results and can thus find answers (or collisions) more quickly, but this gets into extremely nontrivial storage space if you are using either random and account-specific salting techniques. Doubly so if you are using a good hash function, since that will cut down on the probability of a collision being findable.

	For that matter, is there a certain point beyond which a longer password gets truncated? At some point, isn't the security of the password limited by the hash being used?

Yes and no. If you are using a weak hash, then yes. You could theoretically use a 32-bit hash function, which would be a very bad idea on all sorts of levels. On the other hand, if you are using a good 256-bit cryptographic hash without a known way of finding collisions faster than brute force, it is probably significantly stronger (which is the goal) leading us back to the strength of your password selection.

---------- Post added 08-14-2011 at 01:27 PM ----------

	Originally Posted by tooboku To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
	2^512 / 2 That's how many combinations you have to try to have a 99% probability of finding a hash collision.

Not if they are using MD5.

	If your password does not contain dictionary words, and further more character outside of the alphabet, this is the route your adversary has to take. Do that math. It is significantly larger than 470 million.

...and if they have selected the passcode to be essentially a set of random and unmemorable characters.

	Over the past 50 years, only less than a dozen people have made any significant contribution to cryptology. Rivest, Shamir, Adleman, Diffie, Hellman, Elgamal, Bruce Schneier...

[citation needed]

---------- Post added 08-14-2011 at 02:18 PM ----------

	Originally Posted by nacht To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
	Not if they are using MD5. ...and if they have selected the passcode to be essentially a set of random and unmemorable characters. [citation needed]

tooboku replied to me via the comment feature:

The argument was against using dctionary words, not necessarily to promote funny characters. MD5 is broken I wrote a 30 page essay on MD5 tunnels a year ago. I've met most of the guys at DEFCON and regularly read their literature.

First, whatever qualifications you claim are irrelevant if you cannot back your point up. Second, while MD5 is broken (as has been known since the 90s) it is still widely employed for this sort of application, though that has been on the decline. There is nothing in saying the words "hash algorithm" or even "cryptographic hash algorithm" that automatically means "SHA512 or better" or "SHA512+HMAC or better."

The only way you get the full security--by length--out of your password is including characters your keyboard cannot print and characters you are not going to be able to memorize.

Finally, the thing with Diceware is that it is taking advantage of that passcodes are frequently not limited in length the way that they once were and that you can gain security by choosing enough common words that it overrides that you are dealing with dictionary words on an already published list. So the strength of it comes from the size of the list combined with the number of words picked.

In essence, you get 7776^n possible words or ~12.9 bits of entropy per word. So for a 7 word passcode you get ~90 bits of entropy. On a machine that does 2^56 checks a second--assuming they know the key generation scheme, of course, and that your hashing scheme makes collision finding at least as difficult as the passcode--you are still looking at 756 years before the key is broken. It is probably at least as good as many of the password generation schemes in common use, and better than many others.

That's admittedly for a 7 word key, but the mere fact of using things from a list of 7776 words is not at issue. If you change it out every few months, you can get a lot more mileage out of that list as well.

[Storm]

Most systems have something like a 16 character limit for passwords, whereas the example uses 25 letters. That's going to limit how secure you can make a password by a lot.

[nacht]

	Originally Posted by Storm To view links or images in this forum your post count must be 2 or greater. You currently have 0 posts.
	Most systems have something like a 16 character limit for passwords, whereas the example uses 25 letters. That's going to limit how secure you can make a password by a lot.

This is less and less true. It used to be (in days gone by) that there was a 14 character passcode limit on Windows (and thanks to them splitting it in two was effectively shorter), but that hasn't been true for quite some time. Facebook now allows 50 character passcodes, etc.