Password-cracking software runs at 8 million guesses per second

“Guns don’t kill people, PHYSICS kills people!”, Third Rock from the Sun.

What about passwords like this you can generate with apps like 1Password?

629,5r16;x3&"C]g1j(aZ/?@.N072-*\5’>3848`9^s4)7#0%V

It may seem like those restrictions reduce the space, but they really do increase it.

Sure, the space of all possible passwords is, indeed, larger than the space of all possible passwords that contain least one number. But the space of all passwords that your regular users pick, without any restrictions, is weighted very, very heavily towards single-word passwords.

All these password dumps people keep releasing on the web: the top passwords are still things like “password”, “love”, “ilovejesus”, etc. On a site that adds even a trivial password restriction, we cut all these out, which represent something like 80% of all the passwords that people pick. This makes the search space many, many times larger.

Sure, knowledge of the restrictions might reduce the time taken to hack your special password, my_pa$sw0rd_is-gr34t, but it increases the time required to hack the top 80% of the passwords. All the mobsters want is those 80% low-hanging-fruit – they don’t care to hack your very special password.

Ok, so most people just end up putting a 1 after the password. A perfectly-reasonable restriction (though never, AFAIK, implemented) would be to prevent you from gaming the system that way as well. Again, this would further reduce the password-space, but it would still increase the time required to hack each one. Why? Because while 1000 users would have previously chose “password1”, now I pick “password123”, you pick “pa$$word”, etc etc, we essentially spill out of our easy choices and our new passwords start becoming more random. This is what makes the cracking more difficult.

FYI: sites that have a maximum password size need to be taken out behind the shed and shot.

2 Likes

As I mentioned in comment #2, that password is uncrackable by the techniques outlined in the article.

It’s still crackable by beating you with a rubber hose until you give up the password for 1Password (or, more simply, by installing spyware on your machine), but that’s another matter.

No, it really reduces the attack space, provided you know the restrictions. If I craft a ruleset to exclude all passwords that don’t match the rules, I no longer have to try combinations that will, provably, never be in the set of passwords. No wasting time calculating the hashes for them.

Even if many people pick passwords like password or whatever, the ones who are slightly more knowledgeable will still apply a predictable mangling rule in their head, so you still have to check password123 and pa$$w0rd. These types of mangling are very well known, and passwords such as these were very, very quickly broken during my test.

And I completely agree on the last point. Nothing like generating a random 20 character password, and then being told it’s too long. My bank has an 8 character (!) limit on passwords, and it really infuriates me.

Then you find yourself at an ssh terminal away from your home machine/phone and realize just how fucked you are. Heck, even if you have your phone on there, you have to type that awful mess correctly to log in.

Assuming common substitutions like O=0, A=4, S=5, etc. does keep it from blowing up nearly so fast, because you don’t have nearly the same number of possible combinations.

If you have a database of 1000 common phrases, each of which is an average of 25 letters long, and you know a password is one of these phrases with up to one letter replaced by a numeral:

Assume a list of common substitutions:
O can be replaced by 0
E can be replaced by 3
I or L can be replaced by 1
A can be replaced by 4
S can be replaced by 5
T can be replaced by 7
Z can be replaced by 2

Now, the relative frequencies of these letters in English are (source):
O: 7.507%
E: 12.702%
I: 6.966%
L: 4.025%
A: 8.167%
S: 6.327%
T: 9.056%
Z: 0.074%

On average, there will be 25*(relative frequency) occurrences of each of these letters in each phrase.

Average number of occurrences of each letter per phrase:
O: 250.07507 = 1.87675
E: 25
0.12702 = 3.1755
I: 250.06966 = 1.7415
L: 25
0.04025 = 1.00625
A: 250.08167 = 2.04175
S: 25
0.06327 = 1.58175
T: 250.09056 = 2.264
Z: 25
0.00074 = 0.0185

Summing these up, each phrase has on average 13.706 corresponding new possible phrases. This is where the big savings happens: each phrase becomes 13.706 new phrases, not 250.

The average number of additional passwords you need to try is then (1000*13.706) + 1000 original = 14,706 total passwords to try, rather than 250,000. Order of magnitude smaller.

If you substitute 2 letters, then if I’ve done the math right, each phrase becomes 108.6513 new phrases on average. So you’ve got 108,651 + 1000 original = 109,651 total passwords to try, on average. Which is a heck of a lot fewer than 62,500,000.

And so forth. Even expanding it to include special-character substitutions like A = @, S = $, I or L = !, and T = + still doesn’t let it blow up nearly so fast as assuming that any letter can be exchanged for any numeral.

No password is safe from new breed of cracking software

Flong gling bjong kmank dorble glarp?

This kind of cracking software is usually run on already downloaded password lists that have been encrypted.

Really, the talk of reducing the attack space is fallacious. The list of all alphanumeric passwords up to 20 characters (for example) is 1e31.[1] The list of all just-alphabetic passwords up to 20 characters is is 2e28. The first minus the second – i.e. the set of all alphanumeric passwords with at least one number is 1e31 - 2e28 = 1e31! It’s still the same order of magnitude!

In plain English: The list of all the alphanumeric passwords is three orders of magnitude larger than the list of just-alphabetical passwords. It’s so much bigger, that when you subtract out the set of just-alphabetic passwords, it’s essentially still exactly the same size. You’ve reduced the search space by less than a rounding error.

Now to why it makes better passwords: If you create a histogram of the passwords created in a “non-restricted” system, of frequency vs. difficulty of cracking, you’ll get something where the vast, vast majority are stacked on the far left: almost all passwords are trivially-crackable. When you do the same thing in a more restricted system, the histograms flattens out a little – you still have many stupid “password1” or “pa$$word”'s, but you have a lot more passwords that require an extra few million iterations to crack – maybe a just few more seconds per password, but that adds up. Suddenly where you used to be able to crack 95% in a day, now you’re down to 75%. And that’s enough difference that fewer people get their bank accounts broken into.

[1] x = 0, i = 21; while (i–) {x += Math.pow(36, i)};

you have to type that awful mess correctly to log in.

Not if you use 1Password. There’s various ways to access all your stuff even from another computer, smartphone, etc. depending on how you set things up.

Sigh. My electrical utility company’s website – used to pay the bills and turn service on and off – has a maximum password size. Of 8. And after you set it, they email it to you in clear! Morons!

OMG, how did you find out my password?!?!

Mighty scary stuff - this is like an earthquake of epic proportions in the world of digital password security.

1 Like

Brute-forcing an online system(‘online’ in the sense of up and interactive, not necessarily over the internet) is generally impractical, though locking accounts with wrong guesses is a good DoS attack… Offline hash attacks, against hashed password lists, though can be conducted at a speed limited only by your hardware and sophistication.

How is that supposed to work when you are for instance logging into your machine via ssh from a random lab thin client? Or maybe you want to jump on gmail from a friend’s laptop?

I don’t know about 1Password specifically, but when I’ve looked at these all in one password solutions in the past they never had a good solution for this. It was always something like “run this app on the machine to generate the password to copy and paste into your dialog” which is of course a nonstarter on some MIPS based terminal running some weirdass OS.

The best part is that they have probably already been hacked and they don’t even know it. Someone could turn off your power just because you disagreed with them online about something stupid.

It’s clearly still a catastrophic breach but a lot of times what people do is make the site’s database server spit out the hashed password table (which is often separate, perhaps even physically, from the rest of the system) rather than “totally compromise” anything. That way you can make do with a database exploit rather than full root access. Once you work out what passwords the hashes relate to then you can totally compromise things.

1 Like

I think you’re failing to account for me sometimes using some substitutions. You are assuming that I either always use substitutions or never do. You are also assuming I am using these common substitutions rather than just intentionally misspelling a word or deleting or adding a space.

I think the actual number of new phrases is 25^13.706 because I can substitute (or not) more than one letter.

I would agree that most people use dumb passwords and that using a common phrase as a password is probably as silly as using a common word, but you can get over this by mixing it up a little. People can guess at how you mix it, but as long as you mix it in an uncommon way you greatly decrease your vulnerability to a dictionary attack.

You can set up a straw man by saying “I know how people mix up their characters” but the point is you don’t. You can guess and you might win sometimes, but it doesn’t make dictionary-based brute force attacks any different than they ever have been. They are effective against common or weak passwords.

Dear God, THIS. Who the hell dreams shit like that up?

1 Like