Is she from Omicron Persei 8?
3 Likes
My preferred method is to use the Passwordcard as pioneered by http://www.passwordcard.org/ to generate a list of possible passwords, which is kept in my wallet, and the key to which password is used where is kept in my Moleskine. I also make sure never to recycle a password, and have a second Passwordcard for throwaway registrations.
3 Likes
The Ars Technica article Mr. Schneier mentioned suggests the XKCD-approach and it boils down to length=security.
After reading the AT article I started using a password manager (Lastpass, because it has plugins for every known Browser on Linux, OSX and Windows) with a 25 characters master-password build with the XKCD approach and using a non-englisch language.
1 Like
I like to do the first 10 letters of sha1(websitename + personalpassphrase) + arbritaryextracharacters, so for example my paypal password could be
sha1(âpaypalâ + âmypasswordâ) + âABCDâ = c101af950aABCD
Easy to remember, different for every site (very important!) and difficult to brute force.
2 Likes
Just because a strategy is commonly used doesnât make it bad.
The biggest weakness of the passphrase scheme is when people make syntactically-correct passphrases, so crackers can make things a little easier by guessing â[subject][verb][predicate]â or whatever.
If those words are completely syntactically incorrect, or, easier still, just a string of nouns, then the entropy is preserved.
2 Likes
What happened to using password cards?
You generate an array of random strings and then use a system to pull a password out of it making the password easy to reference, and hard to figure out by thieves using computer systems or someone that just stole your shit.
Iâve started using a password manager not too long ago. Itâs a little annoying to have to be at my computer to log into a site instead of using a common password like I used to, but, well, itâs way more safe (duh).
Anyway, the websites that annoy me the most are the ones that donât tell you the limits of what they accept. Like, they donât take special characters, but donât tell you. Or they have a length limit, but donât announce it. I especially hate the ones that only give you a lower limit: âPassword must be at least 6 characters longâ, generate a random 24 character password, fails, try 20, fails, try 16, fails, try 12, there you go!
2 Likes
Agreed. The Xkcd approach assumes that you are able to randomly choose four words out of a dictionary of 2048 words. Humans are probably horrible at doing this, but thereâs no reason you couldnât write a password generator that would give you four random dictionary words. And even though theyâre dictionary words, you still get Xkcdâs cited 44 bits of entropy.
Just donât use âcorrect horse battery stapleâ
1 Like
Iâm so disappointed that even Schneier referred to the Ars Technica stunt where they cracked a bunch of passwords. They were using MD5 hashes with no salt: a storage form that is incredibly weak and super easy to crack. Who would recommend using that on a significant system?
More recently, the Adobe breaches and others also exposed a lot of passwords. But at the end of the day, the systems for storing passwords were the weakest link, not just the passwords that were selected.
To be clear: The reason something like âqeadzcwrsfxv1331â was cracked in the Ars stunt was because it was stored and disclosed in a decades-old, known-broken formatânot because that is a crackable password when used with a proper cryptosystem. And â123456â is always a weak password, regardless of storage system. Thereâs nothing Adobe could do about the 1M users who used it as a password.
To discuss crackability independent of the storage system/format is simply wrong. It omits the responsibility that software authors have for passwords stored in trivially crackable formats. If an ISP were found storing passwords encoded by Base64, would we blame the user who chose Jennifer4April1992 as his password? I hope not.
1 Like
Passwords? I like to use hashes of large sequences of transcendental numbers or hashes of jpg pictures (kids / grandkids). Iâm pretty sure, theyâre unbreakable (2 ^ 128) and as theyâre pasted from memory, even key-loggers are ineffective.
1 Like
iâm shocked, SHOCKED i tell you, that schneier - who created and still uses a password manager that generates passwords - would be advocating methods of choosing passwords.
randomly generated passwords are clearly superior to chosen ones. computers can create and remember passwords much more easily than we can, and it scales better too.
also, whatâs this about not reusing passwords for accounts you care about? most people arenât aware of how their various accounts can be misused so itâs best to simply not reuse any passwords at all.
This is why the oft-cited XKCD scheme for generating passwords â string together individual words like âcorrecthorsebatterystapleâ â is no longer good advice. The password crackers are on to this trick.
The attacker will feed any personal information he has access to about the password creator into the password crackersâŚ
This is a plausible argument if you are indeed trying to think up ârandomâ words â which arenât random at all, as Bruce Schneier points out. The solution is to pick the words randomly. BTW, beware of computer-generated ârandomâ numbers. Google it. Use dice and a dictionary (see diceware).
Even worse are the ones that appear to accept say a 16-character password but truncate it to 8 without telling you. And even that would work if they also truncated it in the same way when you try to log in later. But they donât.
I ran into that recently, too. When I did the âI forgot my passwordâ thing, they emailed me my password in plain text (!) in the untruncated form. Somehow, the site kept the original password as a check, but truncated whatever I input into the password field when I tried to log in. I donât even know.
I make it a point not to store my credit card info thereâŚ
1 Like
Like I said above - if (a) the dictionary from which the words are picked is 10,000 words long, and (b) the words are picked at random, then there are 10,000^4 = 10^16 possible passphrases. The passphrase is just a way of representing a random number between 1 and 10,000,000,000,000,000 as something a human mignt remember.
And brute forcing a random number from 1 to 10^16 just isnât feasible. It doesnât matter if the attacker knows the method youâve chosen to uniquely encode it in a human-memorable form - there are just too many possibilities to try them all.
But - picking the numbers truly at random is very important. Get a dictionary and devise a way to pick a properly random page and entry on the page. If youâre using a Windows computer, you can fire up a command window and use a command like âset /a page=%RANDOM% % 1-200â and then âecho %page%â to get a random page number from 1 to 200, that isnât weighted toward any particular sections of the dictionary. You could look up methods based on dice, or picking cards from a well-shuffled deck.
I was musing about the idea of taking a number string - a phone number I remembered - not my own - perhaps. And then interspersing that number with a word/string combo. For example:
910 - 555 - 1682
and
Quinine*
forms the password:
Q9u1i0n5i5n5e1*682
While you are pointing out how the system can be strong, I was picking at the weaker links in the chain.
See, if you can figure out and maintain such a complicated method of choosing a password, then you can probably choose any other method and make it safe as well.
But you forget that the strong point of the XKCD system is that its easy to remember a tough password, but when your random dictionary words are defenestrate erinaceous pauciloquent and floccinaucinihilipilification the system becomes self defeating doesnât it? You might as well memorize â759$0%343,9!@6067!3#%â.
Edit:
Oh and you forget, just because a password is impossible to crack, doesnât mean someone wonât try.
10,000 words is a common estimate of the vocabulary size of an average anglophone - so the dictionary could consist of all words youâd know. Of course youâd have to find a suitable word list - the scrabble dictionary would be a poor choiceâŚ
You could use something like http://world.std.com/~reinhold/beale.wordlist.asc - which has not only the advantage of being all commonly understood words, but theyâre also conveniently arranged next to numbers easily gotten by rolling a six-sided die.
So, one word picked from that list represents the random result of 5 rolls of a d6 (6^5 = 7,7776 equally likely possibilities). Four words represent the result of 20 rolls (6^20 = 91,613,283,200,000 equally likely possibilities - a bit shy of 10^14, or a bit better than 2^46).
Iâm not sure what to make of your last point âOh and you forget, just because a password is impossible to crack, doesnât mean someone wonât try.â Iâm not forgetting anything - the assumption someone is going to try is exactly why you make your password effectively impossible to crack. If you assumed no one would try, âswordfishâ would be fine.
Edit: if you trust no attacker is eavesdropping on your web traffic at the time you pick the password, you could use the ârandom wordâ link at http://www.vocabulary.com/dictionary/
