>Better advice: Use a long password rather than a random password.
facepalm. You can't use both? I do. This is horrible advice if taken on face value. To be fair, the author mentions things like KeePass. Use that. Make very long, random passwords.
>See, when it comes to a brute force attack, entropy makes no difference at all, because a brute force attack is a sequential attempt at every possible password, starting with the shortest first.
I think this is the biggest misconception regarding passwords. If we're using the phrase "brute force" literally, then yes. But if I were to write a cracker, I wouldn't be limited to that. The first thing it would do is grab the low hanging fruit. Examples:
1. Regarding the post, check all variations of a single digit repeating (say up to 100 times) in 1000 attempts. That's faster than I could check all variations of 2 character alphabetic passwords.
2. Check the same thing, but with all common keys on a keyboard layout (e.g. $$$$$$): < 10,000 attempts
3. Check common words in english dictionary: ~100,000 attempts
4. Check 10,000 most commonly used passwords: 10,000 attempts
Let me stop here and say that I can check ALL of the above in less time than it would take to check all variations of 3 characters using alpha, numeric, and common special characters. To put it another way, I could grab all that low hanging fruit in a billionth the time it would take to grab all the passwords in the "weak" format (8 random characters) given by the author.
What I have come up with above is my armchair ramblings. For some people, it is THEIR JOB to break your password. Please don't think you're going to create a good password by being clever. And please stop dismissing the issue by repeating the words "brute force"
The way I see it, the author oversimplified the password examples to make a point. When it comes to the password length he first made the assumption that your password wasn't in the dictionary. Then he gives us two password examples, the first one is predictable but long, the other one is unpredictable but short, and then he goes on to tell us that the first one is safer which, assuming you are up against a brute force attack, is true.
But the examples are oversimplified and might lead to worse password if a certain group of people come across the post.
P.S. My favourite tip for passwords is not to only have a password that is as random as you can memorize and never, ever, no matter what happens, write it down anywhere.
Yes,thank you. Exactly what I was thinking. Anything you can think of as an algorithm, someone else can think of too, and then they can test that instead of going through billions of combinations.
There's only two good pieces of password advice:
Use long, randomly generated passwords (16+ characters).
Don't use the same password on more than one site.
This can be accomplished with KeePass, LastPass, and there such utilities.
My LastPass master password is a randomly generated long password containing upper and lowercase letters, symbols and numbers. Yes it was difficult to memorize, but its the only password I need to remember. Everything else uses a random unique password that I don't have to remember.
> facepalm. You can't use both? I do. This is horrible advice if taken on face value.
Of course you can!
I think you are taking many of my statements much too literally and misinterpreting the perspective of this article. Of course a long, completely random password made up of multiple character sets will always be the strongest password, but that really isn't the point of this article and it really isn't the most practical advice for most users.
There is a big difference between addressing where we need to be and moving away from where we actually are. Short passwords are not strong enough no matter how random they are. Therefore, I personally would rather see users out there focus on making longer passwords rather than focusing on random passwords. The typical user is much more likely to memorize a less random but longer password than trying to memorize an 8-character random password. I didn't mean to imply that randomness is bad, and I thought that most people got that from my article.
> Let me stop here and say that I can check ALL of the above in less time than it would take to check all variations of 3 characters using alpha, numeric, and common special characters.
These are all valid points and I could have gone into great detail on all the different ways our passwords could be cracked, but that just isn't the point of the article. I also didn't cover other things such as avoiding password reuse, regularly changing passwords, etc., but that doesn't make them any less valid and I cover them regularly through my other blog posts.
> And please stop dismissing the issue by repeating the words "brute force"
Not really sure what you mean by this or what issue you think I have dismissed by mentioning brute force. Brute force attacks are by n o means dismissing anything as they have become increasingly effective with ever-increasing computing power. Nevertheless, if an attacker has to assume that you will be using all character sets, the effort to crack your password grows exponentially with the length of your password.
I guess I don't really disagree with you on that, especially if you're specifically targeting nontechnical users. However, the thought of someone reading this and choosing something like an all numeric password does freak me out because....
>Not really sure what you mean by this or what issue you think I have dismissed by mentioning brute force.
Let me explain through analogy. I've often heard the story that a company will request a penetration tests and then restrict what can be done: "you can attack using method X, but not Y. A hacker wouldn't use Y."
That's a silly perspective, right? A black hat hacker is going to use any means available. When you say brute force, you seem to be specifying the method by which attackers will come at your password (and it's certainly not just you, many other people are repeating the meme). I think that's the wrong way to look at it.
Perhaps the confusion arises because you're making the assumption that someone will use some off the shelf, automated cracking software. That's reasonable. But automated != brute force. Again, if I were to write a cracker, it would first grab low hanging fruit. I've already given examples. Having a long password doesn't save you in that situation. That's why we think in terms of entropy.
>Nevertheless, if an attacker has to assume that you will be using all character sets, the effort to crack your password grows exponentially with the length of your password.
Agreed, but my point is they don't have to make that assumption. We don't get to decide what assumptions they start with.
Not so sure about #3 (random password generator).
This might be true in the case of a true brute force where each attempt is almost free, such as somebody getting your password from a database secured by a single round of md5.
In reality, most brute force attacks are attempted remotely where there is a bottleneck in terms of bandwidth and many services are rate limited.
In such a case it would always make sense to try the most common passwords first.
The problem with letting people choose their own passwords is that most people just aren't that good at it and will choose stuff like p4ssw0rd1982, because people's minds are somewhat similar they will tend to converge on similar "good" passwords.
I ran an IMAP service for a time. We would constantly get bots attempting to brute force email accounts, we had fail2ban set to ban them after 5 attempts but they could get more guesses simply by having a lot of IP addresses.
When I looked at the sort of passwords they would try they didn't start with aaaa and move on from there, they would start with stuff that looked like it had been pulled from a common password list.
About once every 3 months we got a call from somebody who's email had been hacked. They all insisted that they were using strong passwords that nobody could have possibly guessed, however when I enforced a strong password policy on the server and offered a random password generator these problems went away.
I guess I just see a dictionary attack as a subset of brute force in that it's still a pretty naive attack, but it's not raw brute force.
OTOH I don't see why anyone would bother using a raw brute force attack against a password rather than just grabbing a dictionary of the most common passwords and exhausting those first.
In reality you are likely to run out of guesses before you hit the end of a common password list anyway.
A good system should take a significant but not intolerable amount of time to reject a bad password. Just a few seconds will impose a huge burden on a remote dictionary attack, while not diminishing the experience for a user who legitimately fat-fingers a password.
Also use fail2ban to impose a lockout after a certain number of failures. The lockout does not have to be permanent, it just has to make a remote dictionary attack so time-consuming as to be infeasible (of course this does open up a DOS vector, depending on how you implement the lockout).
When I looked at the sort of passwords they would try they didn't start with aaaa and move on from there, they would start with stuff that looked like it had been pulled from a common password list.
That's because they were. I'm sure that in the "underground" community of crackers there circulate lists of passwords that have been successfully cracked, because a) people tend to use the same passwords for everything, so if it worked for one account it will probably work for others, and b) the point you mande in your third paragraph.
These lists are continually updated and used as input to the "brute force" cracking tools.
There is certainly some truth to this post, especially right at this moment in time. But it's the most exuberant example I've yet seen in a new category of bad password advice, to ignore everything but length.
A truly random eight character password containing upper and lowercase letters and digits is a keyspace of size 2x10^14. A four word passphrase containing random words selected from a 5000 word dictionary is a keyspace of size 6x10^14. They are comparable.
Right now, since almost everyone uses short passwords, length gives you amazing protection, because attacks are geared to find the common short password. But to the extent that the tech elite convinces the world to move to longer passphrases, that will quickly stop being true. It's no harder to program a brute force attack to try phrases of very common words, or very long, very low entropy phrases of other sorts (to be or not to be), than it is to try variations of dictionary words.
To the extent that we are giving people advice on security, it should be advice that is robust against the possibility of its own success.
While this list is not unhelpful, the most likely risk is that your password will be captured when a single site that you've signed up to is compromised.
This means that the most important password choice you can make is to have a completely different password on every site.
That requires that you do something stupid to get a key logger installed on your machine. And yes, in that case you're screwed. However, you're far less likely to have that happen than some random site you're on getting hacked. You are one target, the site is thousands or millions.
Would be interesting to know if there's any research on the number of site compromises vs desktop compromises.
There are still plenty of computers out there that are probably running vulnerable versions of Flash/Java etc. I imagine one of the biggest incentives to hack some random blog is to infest it with drive -by malware and compromise a bunch of machines if it has high traffic.
Also if you have a keylogger on a machine you can look for things that might be site admin passwords. So it wouldn't surprise me if there was a relatively symbiotic relationship.
Out of curiosity, would a key logger be able to capture of the contents of a cut and paste? I currently use 13 character randomly generated passwords and, usually, I don't type them in manually.
I disagree with his "First Letters from a Phrase" point. I find mnemonic passwords very useful and keeps me from having to open up KeePass every time I want to log in to a system because I can't remember the random password.
I agree that longer passwords are better, which is why I use very long phrases to generate my mnemonic passwords (typically 20-26 characters in length).
I find "first letters from a phrase" harder to type than the phrase itself, because it doesn't behave like the rest of the typing I do. Given that it also has less entropy (necessarily, because of collisions), why not just type the whole phrase?
I've used the same 6/8 char passwords (no symbols or caps) where possible for the past 20 years or so with no discernible problems. I'm not sure what to make of this post beyond relief that I don't make myself miserable trying follow such guidance.
And sure, let's say in 90% of cases using the same 6 char password for everything is okay. But let's take a not unlikely scenario - one website that you frequent is compromised and an attacker gets an unsalted hash of your password. Because your password is so commonplace, they can easily get it as well as a lot of other users' passwords.
Now for every password and email combo they have, they try to log onto a google account or bank account with the same information. Since you use the same password everywhere, they succeed. You're essentially now screwed and the attackers could do all kinds of devastating things.
Perhaps you say the scenario is unlikely - I'd say it happens more often then you would think. And this is the case where you're not even being individually targeted.
Overall - a little preventative action is hardly a burden and goes a long way to securing yourself online.
That's another common misconception as that advice is only true for brute force attacks, which are usually only the last resort for password crackers. Dictionary attacks are pretty sophisticated these days so I really wouldn't gamble on a short list of common words being secure these days.
You misunderstood the algorithm. Any single word is subject to a dictionary attack. But given a list of 4096 words (12 bits), choosing 4 of those randomly gives you a 48 bit password. There are no feasible dictionary attacks against a 48 bit space.
Or think of it this way, this algorithm can create a secure password from just 48 words chosen from a dictionary with just two entries! (let's call them "1" and "0" just to be contrary).
Using your example, it's equally secure to an 8 character password using base64 characters. Recently a pen tester published[1] that he can crack a 9 char pass (w/o punctuation, so 62^9) password in 90 seconds by parallel processing across several top end graphics cards. So I really wouldn't argue that a 48bit password is secure any longer.
Right, the necessary strength of passwords increases. Thankfully, the comic gave us a good method of generating passwords to an arbitrary strength, by increasing either the size of our alphabet (dictionary from which words are drawn) or length of our string (number of words), and shows how to calculate the resulting entropy. As I've pointed out elsewhere, 5 words drawn from alphabetic entries in /usr/share/dict/words (over 62 thousand) is very nearly 80 bits strong, or stronger than a 13 character completely random base64 string (which is going to be quite substantially harder to remember). If 62^9 (54 bits) takes 90 seconds, 80 bits takes nearly two centuries, and computing the hashes for phrases is actually going to take longer for each try to boot.
You keep thinking of dictionary attacks as being based on a verbatim English dictionary and I keep telling you that they're not. It's a refined dictionary with common terms used in real life passwords. However I do completely agree with your point about adding a number of more words. Passphrases are definitely another option, proving the service in question doesn't impose a restrictive maximum character limit (it's idiotic practice, but some do)
> You keep thinking of dictionary attacks as being based on a verbatim English dictionary and I keep telling you that they're not.
That has never, ever been my assertion. I keep saying a dictionary attack is a variation of a brute force attack (in that you're not looking at the hash itself), but adjusting the order in which you try words based on a priori guesses about what passwords are likely to be more common. My point has been that Randall's approach ASSUMES THIS KIND OF ATTACK. It, in fact, assumes a much more targeted one, where the dictionary the attacker has is completely accurate. IN THE FACE OF THAT, these passwords have the computed amounts of entropy.
(There is a separate discussion to be had of just how much entropy is necessary, but that's obviously going to increase as time goes by.)
I couldn't agree more that a maximum character limit (that's anywhere in the range anyone might conceivably type) is idiotic.
So basically the first part of that argument is tryingto rebuttal an argument I never made (I had already said that passphrases -so long as they are that and not just 2 concatenated words) are secure). And you're last part of that is also agreeing with me.
Internet arguments are fucking dumb. Half the time it's just miscommunication lol
FSCKING HELL. Okay, at this point I'm inclined to think you're just trolling, but one last swing...
Yes, the last bit was agreeing with you; the lead-in with "I couldn't agree more that..." was something of a clue.
Regarding the earlier pieces, you said in your original comment:
"That's another common misconception as that advice is only true for brute force attacks, which are usually only the last resort for password crackers. Dictionary attacks are pretty sophisticated these days so I really wouldn't gamble on a short list of common words being secure these days."
That is what I have been rebutting (in various forms, in various sub-threads), and it is incorrect. THE ENTROPY ESTIMATES IN THE COMIC ASSUME A MAXIMALLY 'SOPHISTICATED' DICTIONARY ATTACK, so "dictionary attacks are pretty sophisticated these days" is inane and misleading AT BEST. If you want to avoid miscommunication, communicate clearly, and either own what you say or say you were mistaken.
I WAS HUNGOVER AND TYPING ON A TOUCH SCREEN PHONE WHILE TRYING NOT TO THROW UP ON A MOVING BUS. Of course I was going to explain myself badly, I did after all appolagise for the confusion and tried to explain myself better but you've been too fucking stubborn to even care about what my point actually was.
I really don't know who many fucking times I need to say this before the penny finally drops for you. Or maybe you just prefer acting like a dick online? Perhaps you're the troll?
I did state so. You're still thinking in terms of brute force attacks but actually dictionary attacks are more common as they rattle off the 'low hanging fruit' much quicker. The danger of using common words like Randall did is that they might be in the dictionary so get cracked even before the attacker attempts to brute force the remainder of the passwords from a stolen database. In fact around half of the passwords people pick are vulnerable to such attacks (i'm on my phone though so can't easily cite a reference (I'm out of town this weekend) but it averages at either 40% or 60% of passwords use "guessable" / common terms)
If Randall has thrown in some punctuation and numbers then he's reducing the odds of that password being cracked. But as the example stood, it's advertising complacency against the most common method of modern password cracking.
> "The danger ... is that they might be in the dictionary"
Randal's entropy calculation clearly assumes a dictionary of about 2048 words, where the attacker has perfect knowledge of the dictionary at her disposal.
Randal's entropy calculation is correct, and the point of the cartoon is that 44 bits of entropy is much stronger than the passwords most people create using common password advice.
Personally, I think 44 bits is way too little entropy for a password, but I would be happy if my grandmother started using 44-bit passwords.
I got the point of the cartoon and I never argued that Randalls figures were wrong. I just think it's bad advice to give none technical people to say common words are secure because there's a risk that they won't use a sufficiently long (read: number of words) password.
At the end of the day, the whole password model is broken, and Randall summed that part up succinctly.
It is absolutely the case that dictionary attacks are better than per-character brute force against the passwords Randal suggests, but he's not calculating entropy based on per-character brute force. He's calculating entropy based on per word brute force, and if the words are in fact chosen randomly that's the best you can do. Any dictionary attack against XKCD-style passwords are a brute-force attack in word-space.
"Throw[ing] in some punctuation" does comparatively little.
I never said Randall calculated the entropy per character (please don't create arguments I didn't raise) and the reason I said adding punctuation might help is because it reduces the odds of the word being in the dictionary (if you're using terms not in a dictionary, then that dictionary attack will fail. Period). However even with adding punctuation theres still a chance the term is common enough to be included in a dictionary, so completely random passwords, while harder to remember, will be more secure.
I cited a link in another fork of this comment where a pen tester comments about the words included in modern dictionary attacks.
> I never said Randall calculated the entropy per character[.]
You said:
> You're still thinking in terms of brute force attacks but actually dictionary attacks are more common as they rattle off the 'low hanging fruit' much quicker.
But the entropy calculations assume the attacker has the word-list. There is no low-hanging fruit, here. Strings generated by the algorithm are lowest-hanging, but they're all at the same height, and that's the number of bits calculated. The only attack is a brute force attack against word sequences.
It is obviously true that anything that's not going to be checked is going to be stronger than anything that is, but the correct assumption is that your key generation algorithm is public, and building something to attack Randall's algorithm plus punctuation is not significantly harder than building something to attack Randall's algorithm as specified (a few extra bits, to be sure, but adding another word or increasing the list you're drawing from will be more effective).
Incidentally, producing a literal dictionary is likely to be way slower than drawing words from the dictionary directly, since 1000 words will fit in memory and maybe even cache, while a trillion phrases is going to barely fit on disk.
> [C]ompletely random passwords, while harder to remember, will be more secure.
This is certainly the case, for a given password length. But the important point the comic is making is that we shouldn't be worried about conserving password length but about conserving memorability (and perhaps ease of typing), and for a given memorability the phrase is likely to be more secure.
You're really not getting my point. You don't store a trillion phrases nor a literal dictionary. You store a table of commonly used words and build phrases from that. And it does pick off low hanging fruit. Often as many as 60% of passwords from an average dataset in fact. I suggest you have a read of http://arstechnica.com/security/2012/08/passwords-under-assa... as it puts its better than I every will when on a phone and nursing a hangover. :-)
You're REALLY not getting my point. THE COMIC ASSUMES THE ATTACKER IS BUILDING ATTEMPTS FROM THE SOURCE DICTIONARY. Using a dictionary (which is any list, however generated/stored) computed in any other way will perform (on average) SUBSTANTIALLY WORSE than using the dictionary THAT THE COMIC ASSUMES IN ITS CALCULATIONS.
The fact that passwords chosen in other ways are typically horribly vulnerable is MORE REASON TO USE THIS METHOD, not less!
1. Dictionary attacks are generally used before brute force attacks
2. Random passwords can't be cracked via dictionary attacks
This is why I will always prefer random passwords. However I was never disputing that passphrases aren't secure either (in fact I actually said they are), just that I've seen people misinterprete that comic to mean that grouping a couple of obvious words together is more secure than random chars. My point was to illustrate how much more complicated password security is. And this argument where you've gone round in circles trying to argue your silly points actually emphasises that. (And I say 'silly' because half the time you're kicking off over comments that you've misunderstood / misinterpreted).
Yes, dictionary attacks are more common. A dictionary attack is what converts this type of password from lg(27 ^ number of chars) bits, down to lg(wordlist size ^ number of words) bits. There's no way dictionary attacks can be used more effectively than that. Which is to say, the comic itself takes dictionary attacks into account and this kind of password (uniform distribution over words) cannot be cracked by a dictionary attack any easier than a "random" password (uniform distribution over strings) with the same amount of entropy, while being far, far more memorable.
We're going round in circles here because you keep pushing the same argument that was never even disputed and not listening to anything I've had to say on the matter. So I think it's you who deserve the facepalm.
All the words he is using are in your dictionary but you don't have all the combinations of all the words in your dictionary. If you have "Apple", "Baker", and "Charlie" in your dictionary, it doesn't help with "Apple Baker" or "Apple Charlie".
This misses the point. The comic assumes a dictionary attack - that is to say, not brute-forcing character-by-character but rather word-by-word, whether this is constructed in advance in a static dictionary (possible, for 4 words from 1000; less possible for larger) or generated in a stream (likely more efficient regardless). Cryptographically, it's a dictionary attack - you're confining your search space based on guesses (in this case, we're assuming entirely accurate guesses) about the shape of the password. The point is that in the face of this, it's still more secure than the "variations on a single word" type of password, and can be easily made sufficiently secure for high security tasks (8 words => ~80 bits, and longer lists make it easier still) while remaining comparably memorable.
A dictionary attack uses a pre-built dictionary of (words OR phrases).
A brute force attack takes an input of (characters OR words) and creates a (word OR passphrase) to test.
It doesn't help that you've made this mistake several times in this thread.
Imagine a 4 word diceware phrase.
One attacker has the diceware list of words. The attacker knows we have a 4 word phrase, and so starts kludging different 4 word combinations of the diceware phrase.
This is a bruteforce attack. It is not a dictionary attack.
No, it is most emphatically not a brute force attack in character space. A brute force attack (as I am sure you know) is exhaustively checking every combination; running through all combinations of characters is a way, way, way bigger search space. Restraining ourselves to looking at word combinations makes the search much more practical (just how practical depends on how much entropy is left).
Anyway, wikipedia says:
"In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying likely possibilities, such as words in a dictionary."
What matters is not how the possibilities are stored/generated, but that you have a pool of possibilities that are substantially more likely, that you can guess first. But if you want to argue some technicality, fine. I don't care so much about the particular labels - what is clear is that, if someone generates their password correctly following the directions in the comic, updated appropriately, a dictionary attack of any form is not effective in reducing the search space below ((word list size)^(words in phrase)), which can be fairly secure.
You don't need the word combinations. Dictionary attackswwill do that part for you (a bit like a brute force, but by cycling words instead of characters)
I agree, if you only pick words from the top 1000 most common english words it only takes 1000^4 = 1 trillion tries to crack a four words sentence. This is still quite a lot but much more reasonable than cracking a 8 chars random password with brute force.
He didn't compare to an 8 char random password. However, an 8 char random password is much harder to remember, and itself only contains (assuming 100 possible characters) only 10 quadrillion (or 53 bits) which is still somewhat weak.
Including less common words, and using 5 of them, makes things significantly better.
> grep '^[a-z]\+$' /usr/share/dict/words | wc -l
gives 62887 on my system, which is almost 16 bits per word, so 4 puts us at over 63 bits and 5 at over 79 bits, or roughly 15 quintillion and 1 septillion respectively. Assuming brute force over sequences of words from the same dictionary and of the correct length, at a billion tries each second, it'll take over 200 years to crack the former and over 31 million years to crack the latter.
Yes, it's pretty secure against brute force. However if everyone start doing this, I suspect that we're going to have a lot of passwords like "I am hungry today" or even "car house hello red" which are both rather weak against an attack that would combine the most frequent words. You can't really prevent people from using common words and common patterns to build their password and hackers are going to use this fact.
So my problem is that it gives the impression to be very secure whereas it's only secure under some conditions. (You have to pick words uniformly among the list of words.) Just like old password...
You have to pick the words uniformly, yes. Thankfully, that's easy to do (rl -c 4 wordfile), and can be made easier. The point isn't "make up passwords that look like this" - it's "using this algorithm you get passwords that look like this that have this level of security[1]," and it's way easier than generating a secure and memorable password by other means.
[1] As I've said in a few places, the actual dictionary size and number of words should be tweaked to make the security level appropriate for your needs, which will vary by application and grow over time.
Modern dictionary attacks use common terms that have been generated from analyzing the passwords that have been stolen from past attacks. So the dictionary isn't just a list of English words but in fact a catalog of terms that people do use for passwords in real life. This makes them much more effective than dictionary attacks off old.
Analyzing passwords that have been stolen helps you build a better dictionary. The math in the comic assumes an optimum dictionary has been constructed to attack this kind of password by inspecting the algorithm; no dictionary attack is going to do better than that without doing something like attacking the RNG used to generate the passwords (and if that's feasible you're just as vulnerable regardless of what approach you use).
While that is true, pen testers are still rattling off ~60% of passwords from dictionary attacks in just 3 weeks.
This is why I would rather see emphasis placed on password length and irregularity than simply saying "memorable words can be secure", which is what most people will take away from that comic.
So I was never arguing against passphrases per se. Though I appreciate I want very clear on that. (Like I said before, hangover + phone surfing != best platform for a complex discussion. :-)
Yes. Pen testers are rattling off the ~60% of passwords that were chosen poorly, all of which were chosen by methods other than the one detailed in the comic.
Just placing an emphasis on password length and irregularity leaves people still with the question of how they generate that long, irregular password. Asking them to do it in their head in any way is going to lead to much success by way of dictionary attacks.
I'm coming to the realization (giving you some credit) that your objection may be to a specific piece of the comic's particular presentation: "random" is often used to mean "arbitrary" and people might think they can do it in their head? Of course I agree that anything people do with their heads is almost certainly insecure - brains are piss-poor sources of entropy. Would your objection be fixed entirely if it called out explicitly that the words need to be picked mechanically (computer, dice, something) with a uniform distribution?
Anyway, the thing that I like about the comic is that it presents a specific means of choosing a password that is simultaneously secure and memorable, and the only misconception involved would be from misinterpretation of the comic (which, as noted above, does seem possible). Anything else someone comes up with on their own is likely to be less secure, less memorable, or both, so referring to the comic as promulgating a misconception bugs me.
Regarding the last, I don't think we were ever arguing about passphrases in general, but about a particular way of generating them... passphrase really just means "long password", more or less, and that doesn't provide a lot of guidance as to how to come up with one, and leaving people to their own devices is how we wind up with ~60% of passwords being horribly crackable.
> Yes. Pen testers are rattling off the ~60% of passwords that were chosen poorly, all of which were chosen by methods other than the one detailed in the comic.
But the crux of my point is that the comic doesn't necessarily teach good password habits. I do happen to work in infosec† and I've lost count of the number of pseudo-techies that rattle off that comic as evidence that obvious passwords can be secure without taking into account that they need to do more than just concatenating two words together.
You keep taking about ideal world scenarios (people picking passphrases and sites having sufficient max char limit on password fields to fit any conceivable passphrase), but people are idiots. So I'd sooner see idiots type a 10 char password from a pool of ~70 characters than two guessable words concatenated.
So my point was born out of frustration of having to advise and apply security policies for clients.
† I'm not just saying that to sound like an authority on the subject by the way. I know how some people "name drop" / lie about such things to prove a point :)
> I'm coming to the realization (giving you some credit) that your objection may be to a specific piece of the comic's particular presentation: "random" is often used to mean "arbitrary" and people might think they can do it in their head?
YES!!!!
You and I might understand the maths behind the comic, but many readers just see "words can be secure" and then just pick their dogs name and their favorite footballer. Randal's message gets lost because (and as with all of his comic) he assumes a certain level of intelligence to begin with.
> Regarding the last, I don't think we were ever arguing about passphrases in general, but about a particular way of generating them... passphrase really just means "long password", more or less, and that doesn't provide a lot of guidance as to how to come up with one, and leaving people to their own devices is how we wind up with ~60% of passwords being horribly crackable.
I think that's fair to say. Plus as I said before, I'm all in favor of passphrases. I just don't like regular words used as passwords. I know passphrases and passwords generally refer to the same thing, but I make the distinction because the former (passphrase) suggests multiple words, which agrees with your sentiments about how longer groups of common words can be secure and why I keep saying I'm fulling in favor of passphrases. Where as the latter (passwords) suggests something a little more basic (eg the dogfootball facepalm I described above). At least that's how I make the distinction between a password following Randal's advice that's secure, and one that's insecure.
> But the crux of my point is that the comic doesn't necessarily teach good password habits. I do happen to work in infosec† and I've lost count of the number of pseudo-techies that rattle off that comic as evidence that obvious passwords can be secure without taking into account that they need to do more than just concatenating two words together.
No one ever suggests two-word pass-phrases are secure, and if they do you're right to cal those people idiots and make the stop doing it.
You keep mentioning xkcd; but that comic was not (even if other people are using it as an example) suggesting that people use just two words strung together. It specifically uses 4 words, and specifically gives the number in the list of words to chose from. It gives both of those numbers so the strength and weakness can be shown.
Actually you're thinking of the other guy. I deliberately tried to distance myself from that comic after it became clear that me initial point was completely misunderstood as an attack against Randal / that comic specifically. My point was about how people misinterpret that comic, and ironically everyone (including yourself) misinterpreted my post about that comic.
Quite frankly, I wish I never bothered to begin with.
> but that comic was not (even if other people are using it as an example) suggesting that people use just two words strung together. It specifically uses 4 words, and specifically gives the number in the list of words to chose from. It gives both of those numbers so the strength and weakness can be shown.
I'm a human: I'm too dumb to rememer more than some passwords (even worst if they must be 16 letters long). And I'm too lazy to use a software to manage my passwords. And worst of all, now, I've my bad habits with passwords.
It's a subjective impression, but it seems that most password compromise comes from phishing not brute force cracking. Maybe those are just the ones that make it into the media.
Not if anyone knows that's what you're doing (or can guess because others are doing similar). It would be slightly better than the bare string in terms of crackability, because running the hash would take some time if they're doing it live, but only slightly.
The worst password tip is using a password-protected system in the first place.
Passwords are neither theoretically or practically reliable.
They off-load security to the user, who is the weakest part of all the scheme obviously. Who is obviously uncapable of remembering by heart dozens of long passwords of random gibberish.
Something based on public key cryptography.
Private keys contained in some kind of protected device where they can't be easily stolen from. Or, even better, distributed.
facepalm. You can't use both? I do. This is horrible advice if taken on face value. To be fair, the author mentions things like KeePass. Use that. Make very long, random passwords.
>See, when it comes to a brute force attack, entropy makes no difference at all, because a brute force attack is a sequential attempt at every possible password, starting with the shortest first.
I think this is the biggest misconception regarding passwords. If we're using the phrase "brute force" literally, then yes. But if I were to write a cracker, I wouldn't be limited to that. The first thing it would do is grab the low hanging fruit. Examples:
1. Regarding the post, check all variations of a single digit repeating (say up to 100 times) in 1000 attempts. That's faster than I could check all variations of 2 character alphabetic passwords.
2. Check the same thing, but with all common keys on a keyboard layout (e.g. $$$$$$): < 10,000 attempts
3. Check common words in english dictionary: ~100,000 attempts
4. Check 10,000 most commonly used passwords: 10,000 attempts
Let me stop here and say that I can check ALL of the above in less time than it would take to check all variations of 3 characters using alpha, numeric, and common special characters. To put it another way, I could grab all that low hanging fruit in a billionth the time it would take to grab all the passwords in the "weak" format (8 random characters) given by the author.
What I have come up with above is my armchair ramblings. For some people, it is THEIR JOB to break your password. Please don't think you're going to create a good password by being clever. And please stop dismissing the issue by repeating the words "brute force"