Bitcoin Forum
December 09, 2016, 09:47:15 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: The ABC of password security  (Read 2310 times)
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 19, 2011, 09:02:54 AM
 #1

In this thread I want to discuss some pieces of wisdom about password security. This will not be complete, just the basics that I remember at the moment.

First we have to distinguish between online and offline passwords:

Online passwords are passwords that you use to log in. This does not have to be as secure because the site sets the rules how often you can try. For example, a site could refuse your login for a while after 5 wrongly entered passwords.
This means that an attacker cannot try out as many passwords as he wishes in a time as short as he wishes.

Offline passwords are passwords that you use for example to encrypt a file. This password has to be way stronger, because an attacker with the file cannot be forced to do less than a certain number of tries per second.
For example if the attacker can take your encrypted file and put it on as many computer as he wishes to try out as many passwords per second as he wishes. The only way against that is to have a password so strong that an attacker could not get enough computing power to break it.

Note that an online password of a website can become an offline password, e.g. when the website is hacked and the password hashes that the operator stored are leaked.
We will talk about offline passwords now because that is the most important issue for bitcoin users.


Randomness of characters: Depending on which set of characters you use, your password gets more randomness. For example if you use lower latin letters only, you have 26 characters. If you chose a password of length 8, you have 26^8 different possible passwords. To represent 26^8 possible passwords by a binary code, you need log_2(26^8) =  8 * log_2(26) = 8 * 4.7 = 38 bits. That's not much at all.

Code:
character set number bits per character
[a-z] 26 4.7
[a-z0-9] 36 5.2
[a-zA-Z0-9] 62 6.0
all ascii 94 6.6

You can see that the size of the character set matters a lot. But what matters even more is the length of the password. The number of possible passwords depends exponentially on the password length. For example for a whole-ascii password each additional character multiplies the number of possibilities by 94. This results in a growth of randomness by 6.6 bits for each character added.


Independence of characters: In the discussion above I assumed all the time that every character has the same probability. That is of course not always true. Attackers know that, and use it. That's why you should not use a dictionary word - in dictionary words the different characters are not independend.
For example, in English words you know that after a "Q" almost always follows a "U". Because of this, the string "QU" has a much higher probability than the strings "QS", "QG" or "QL".


Conclusion: The way to a secure password is to choose from a large set of characters, and choose the characters randomly with the same probability of each characters. The longer the password, the better. If you use AES256 for example, up to 39 characters each additional character adds real randomness to the whole thing. After that, you don't get more for AES, but there exist other encryption algorithms with even longer key lengths (e.g. blowfish up to 448 bits = 68 chars of password).

What I did: When I started bitcoin, I choose a new 12-character whole-ascii password (79.2 bits of randomness). It was a pain to remember in the first hours, but after typing it a few times I got used to it. I use this password now for my encrypted seperate bitcoin user account (on Ubuntu) and for wallet backups.




If you considered that helpful, you might give me a tip: 1HuteXifXc3x8Nq9x8hHGUnFGDU7KFggXD

Misspelling protects against dictionary attacks NOT
1481276835
Hero Member
*
Offline Offline

Posts: 1481276835

View Profile Personal Message (Offline)

Ignore
1481276835
Reply with quote  #2

1481276835
Report to moderator
1481276835
Hero Member
*
Offline Offline

Posts: 1481276835

View Profile Personal Message (Offline)

Ignore
1481276835
Reply with quote  #2

1481276835
Report to moderator
1481276835
Hero Member
*
Offline Offline

Posts: 1481276835

View Profile Personal Message (Offline)

Ignore
1481276835
Reply with quote  #2

1481276835
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481276835
Hero Member
*
Offline Offline

Posts: 1481276835

View Profile Personal Message (Offline)

Ignore
1481276835
Reply with quote  #2

1481276835
Report to moderator
1481276835
Hero Member
*
Offline Offline

Posts: 1481276835

View Profile Personal Message (Offline)

Ignore
1481276835
Reply with quote  #2

1481276835
Report to moderator
1481276835
Hero Member
*
Offline Offline

Posts: 1481276835

View Profile Personal Message (Offline)

Ignore
1481276835
Reply with quote  #2

1481276835
Report to moderator
Brainslug
Jr. Member
*
Offline Offline

Activity: 32


View Profile
June 19, 2011, 10:07:01 AM
 #2

There are actually a few good articles on that topic at PCWorld:
http://www.pcworld.com/businesscenter/article/170662/the_art_of_creating_strong_passwords.html
http://www.pcworld.com/article/154521/why_you_need_a_password_manager.html
and many more.

I personally use KeePass with a strong but memorable password to manage most of my "online" passwords as you call them.
For "offline" passwords I use a simpler Passphrase in combination with a YubiKey (http://www.yubico.com/yubikey), e.g. to encrypt my laptop's HDD or my encrypted file-containers. The YubiKey provides (among other options) a 16-64 character static password. Of course, having to rely on a physical device like a YubiKey brings also some riscs. If you lose the key you're pretty much screwed, that's why I recommend either ordering a second YubiKey and program it with the same static password or writing the password down and storing it in a safe or a lockbox at a bank of your trust. But the most important thing is to never use the YubiKey's static password alone, you should always use it in combination with a leading passphrase so if anybody should actually steal your YubiKey they don't get access to anything you used it for.

To test the strength of your passwords you should always check them at http://www.passwordmeter.com/.

If you find anything I post useful feel free to help a poor little college student out:
15muajc5zUMbDUfeXMtxZU8LFAR2ku1qbu
I'd really appreciate it <3
Have you tried TradeHill yet? It's awesome Wink
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 19, 2011, 10:25:39 AM
 #3

This Yubico thing looks interesting, but for that price you may better get a smartcard that does public key crypto.

Misspelling protects against dictionary attacks NOT
ius
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 19, 2011, 11:30:53 AM
 #4

This Yubico thing looks interesting, but for that price you may better get a smartcard that does public key crypto.

Really? Have a link? Thought a reader + cards would be alot more expensive (I paid € 18,- for my YubiKey).

By the way, instead of programming a static key you could also use the HMAC-SHA1 feature to derive a key blob from a given challenge (afraid it does require whipping up some code). Makes it a little harder to grab the key though..

PGP: 0xCC06E446 Bitcoin: 19kdfgW1KXQgV7SCLEPAojtHxN9xotGkGH
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 19, 2011, 11:37:36 AM
 #5

This Yubico thing looks interesting, but for that price you may better get a smartcard that does public key crypto.

Really? Have a link? Thought a reader + cards would be alot more expensive (I paid € 18,- for my YubiKey).

By the way, instead of programming a static key you could also use the HMAC-SHA1 feature to derive a key blob from a given challenge (afraid it does require whipping up some code). Makes it a little harder to grab the key though..

That HMAC-SHA1 looks good. I don't want the PC to know my secret, but I want him to know that I know it. Smiley

Misspelling protects against dictionary attacks NOT
Timo Y
Legendary
*
Offline Offline

Activity: 938


bitcoin - the aerogel of money


View Profile
June 19, 2011, 12:00:23 PM
 #6

Write you own poem, and keep reciting the poem at least once a week.

Then create your own rule for converting the poem into a password. eg. take 3rd and 5th letter from each word and capitalize if word is a verb... or something more complex. Just make sure you keep the rule to yourself.

40 character password that is both secure and hard to forget. Sorted!

Needless to say, don't ever use that password online.

GPG ID: FA868D77   bitcoin-otc:forever-d
fornit
Hero Member
*****
Offline Offline

Activity: 989


View Profile
June 19, 2011, 12:01:36 PM
 #7

To test the strength of your passwords you should always check them at http://www.passwordmeter.com/.

imho, that page is a joke.

example:
qwertasdfgyxcvbn = 18%

now replace every third character with a "1":

qw1rt1sd1gy1cv1n = 92%

yeah, right...

BubbleBoy
Sr. Member
****
Offline Offline

Activity: 322



View Profile
June 19, 2011, 12:12:24 PM
 #8

A good password stretching technique can go a long way to secure a short password. Reverting a 50 bit password hashed with SHA1 is trivial. Reverting the same password encrypted with 65.000 iterations of SHA1 (PKBDF2) for a total of 66 bits is much harder, feasible with GPU crackers. Reverting a 50 bit password stretched with a memory hard algorithm such as scrypt is probably not worthwhile for most any bitcoin wallet.

This is not a directly useful to the end-users, but I would hope the authors of wallet encryption will take notice.
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 19, 2011, 12:31:28 PM
 #9

To test the strength of your passwords you should always check them at http://www.passwordmeter.com/.

imho, that page is a joke.

example:
qwertasdfgyxcvbn = 18%

now replace every third character with a "1":

qw1rt1sd1gy1cv1n = 92%

yeah, right...

That comes from the classification of characters, of course that's not exactly accurate. But there is no better way, the randomness of a string depends on the set of possible strings you assert it comes from.

If you assert that it is letters only, you have way less passwords to try, then if you assert that it is letters plus numbers.

The site seems to check only for that, which I mentioned in the OP depends on the assertion that all characters are independently chosen with equally distributed probability.

Misspelling protects against dictionary attacks NOT
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 19, 2011, 03:37:46 PM
 #10

I wrote a little program that creates totally random passwords, with same probability for every printable ASCII char: From "SPACE" to "~".

The program is kept simple, so that you don't have to trust anybody and can easily see what it's doing.

Code:
#include <stdio.h>

int main(int argc, char **argv) {
// check for parameters
int count;
if (argc > 1)
count = atoi(argv[1]);
else
count = 8;

// open random number source
// "/dev/random" is the secure random number source on Linux
// "/dev/urandom" is not secure!
FILE *source = fopen("/dev/random", "r");
if (!source)
return -1;

printf("Your password is:\n");
int i;
for (i = 0; i < count; i++)
putchar('_');
putchar('\n');

i = 0;
do {
// request 8 bits of randomness
int c = fgetc(source);
if (c == EOF)
return -2;
// delete most significant bit because of ASCII
c &= 0x7f;
// if printable: print it
if (' ' <= c && c <= '~') {
putchar(c);
fflush(stdout);
i++;
}
} while (i < count);

putchar('\n');
fclose(source);
return 0;
}

Usage:

- Put it in a file called genpasswd.c
- Execute "gcc -o genpasswd passwd.c"
- Execute "./genpasswd 12" for a 12-character password (default is Cool


Looks like this:
Code:
~$ gcc genpasswd.c -o genpasswd
~$ ./genpasswd
Your password is:
________
9k'|Kfk@

The underscore indicates how long the password is (so that you don't miss characters).

Misspelling protects against dictionary attacks NOT
bitplane
Sr. Member
****
Offline Offline

Activity: 321

Firstbits: 1gyzhw


View Profile WWW
June 19, 2011, 04:01:47 PM
 #11

You have to read a lot and have a good memory, my favourite password system is to take either the first or last letter from a memorable sentence in something you have read, will never forget and has a tedious link to the site/file you're logging into.

For example, you could associate a gambling account with a couple of lines from If by Rudyard Kipling:

If you can make one heap of all your winnings
And risk it on one turn of pitch-and-toss


Could make the password "IycmohoaywAriootopat", which you're unlikely to forget. If you read a lot you'll have an endless supply of fresh, very memorable and extremely long passwords!

Now, knowing this, can you crack an old password of mine from the book Fight Club?

Clues: It's 14 chars long, it's based on the first letter of each word in two sentences and includes punctuation.

Here's the md5 sum:

7de46151e06abe0ad53c4513d22e9a43
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 19, 2011, 04:10:38 PM
 #12

You have to read a lot and have a good memory, my favourite password system is to take either the first or last letter from a memorable sentence in something you have read, will never forget and has a tedious link to the site/file you're logging into.

For example, you could associate a gambling account with a couple of lines from If by Rudyard Kipling:

If you can make one heap of all your winnings
And risk it on one turn of pitch-and-toss


Could make the password "IycmohoaywAriootopat", which you're unlikely to forget. If you read a lot you'll have an endless supply of fresh, very memorable and extremely long passwords!

Now, knowing this, can you crack an old password of mine from the book Fight Club?

Clues: It's 14 chars long, it's based on the first letter of each word in two sentences and includes punctuation.

Here's the md5 sum:

7de46151e06abe0ad53c4513d22e9a43

I know about that trick, but I don't trust it. I use it for some passwords, but not important stuff like my wallet.

Misspelling protects against dictionary attacks NOT
foo
Sr. Member
****
Offline Offline

Activity: 409



View Profile
June 19, 2011, 04:35:29 PM
 #13

https://www.grc.com/haystack.htm

I know this because Tyler knows this.
ius
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 19, 2011, 05:42:16 PM
 #14

I wrote a little program that creates totally random passwords, with same probability for every printable ASCII char: From "SPACE" to "~".

Nice and simple, yet most distros should have a package for pwgen, which has extra options (easier to memorize, charset, etc.).

PGP: 0xCC06E446 Bitcoin: 19kdfgW1KXQgV7SCLEPAojtHxN9xotGkGH
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 19, 2011, 07:23:11 PM
 #15

I wrote a little program that creates totally random passwords, with same probability for every printable ASCII char: From "SPACE" to "~".

Nice and simple, yet most distros should have a package for pwgen, which has extra options (easier to memorize, charset, etc.).

Yes, there are lots of tools. The user account configuration in Ubuntu (or maybe it came with Gnome 3 which I installed) also makes password proposals and measures how strong your password is.

I wrote it myself because I really wanted to have a guaranteed equal probability for each character, and no character should be independent on another.

Misspelling protects against dictionary attacks NOT
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 19, 2011, 07:27:26 PM
 #16



The site says:

Quote
IMPORTANT!!!    What this calculator is NOT . . .

It is NOT a “Password Strength Meter.”

Misspelling protects against dictionary attacks NOT
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!