I'm curious: how does MtGox know if a user's password was strong enough?
so MtGox employees have access to our passwords??
Some employees will definitely have the capability to access to the encrypted hash. So if you downloaded the password file (like I did) which was circulating around the net. You would see things like
<some username> <some email address> <hashed password>
Something like this:
mobydib
mobydib@whale.com $1$0uu.XEh9$MT8XIHVdVGjlXyP/ezHhx1
The last part is the hash entry. It's made of three parts: The hash type, the salt and the hashed password itself. These parts are all separated by the $ sign.
With this information, a nefarious person could attempt a brute force attack on your password to determine what it is. In other words they can compute the hash for each password. When they find one that produces a hash that matches the hash in the password file. Then they know your password**
Ok, so when you talk about password 'strength'. We are talking about the probability that the password can be discovered***. This could include things as simple as someone guessing your password or using your GPU to compute password hashes. So what's the best way to avoid someone guessing your password? Well, to frame the question a little better it's worth noting that if you give a smart person a large enough amount of time they will guess your password regardless****. So what you really want is the way to give them the
worst chance of guessing your password. In other words you want a password where the guesser has no better than average probability of guessing it. In other words you want a random password. On top of that we want to make sure that we don't give our guesser any "shortcuts". For example by making our password short they don't have to guess long passwords. By making the password only contain letters the attacker doesn't have to guess numbers. The more permutations we force our attacker to try the more 'uncertainty' is in our random password. In information theory we call this "entropy".
When Mt. Gox or any site asks you to enter a password and gives you some kind of feedback on it's 'strength'. They are usually applying one of a few different entropy models which take into account things like: length, does it contain letters, numbers and punctuation. They can even be comparing the relative frequency that various letters occur in other peoples passwords (i.e. more 'e's and less 'z's). They may also be checking if it contains dictionary words which is a good sign it isn't random. It also can make hashes vulnerable to a 'rainbow table' attack where an attacker pre-computes all possible hashes (for some subset of passwords - like those that contain dictionary words. In this particular case that kind of attack doesn't work as the 'salt' part of the password file is a randomly generated string which is added to the password before it is hashed. So even if every person used the same password the hash would be different.
To give you an idea as to how password strength is derived check out:
http://www.passwordmeter.com/**Technically this isn't 100% true as a hashing algorithm can (and will) create the same hash for different inputs *BUT* a well constructed hashing algorithm shouldn't do this for anything sufficiently shorter than the hash itself. Like a password. In any case if two passwords did create the same hash (we call this a "collision") then either password would work. So it doesn't matter which one they find.
***Generally speaking we mean "discovered by a stranger"
****Assuming it's not sufficiently long that they wouldn't die before guessing. ;-)
