Password strength

[DooMAD]

So the Bitcoin website itself states:

Use a strong password

Any password that contains only letters or recognizable words can be considered very weak and easy to break. A strong password must contain letters, numbers, punctuation marks and must be at least 16 characters long. The most secure passwords are those generated by programs designed specifically for that purpose. Strong passwords are usually harder to remember, so you should take care in memorizing it.

But as explained fantastically well by XKCD, it's actually not entirely true.  Random characters only make it harder to remember, not to crack.  As pioneers of this revolutionary cryptographic technology, shouldn't we of all people have a better grasp of this concept?  The responsibility is on us to make sure new users understand it correctly, but that won't happen until we get it right ourselves.  This part of the site should ideally be edited to be more accurate. 

[NLNico]

I assume you are talking about https://bitcoin.org/en/secure-your-wallet

Bitcoin.org is not an official website. (it actually says that literally on their about page: https://bitcoin.org/en/about-us )

But since this is a website where many new members come, I can agree with you that it should be adjusted. I would suggest to come up with a better explanation and just e-mail it to them. Perhaps they will change it. Most importantly it should say to keep different passwords for all websites.

I personally advise programs like KeePass and LastPass with 30(+) characters.

[R2D221]

I personally advise programs like KeePass and LastPass with 30(+) characters.

I use KeePass with the default (20 characters). Should I increase it?

[floatertheplayer]

Just a friendly warning that comic is bullshit. You would need at least 8 random words to have about the same security as 12+ random characters. The entropy maybe higher, but every serious hacker uses rainbow tables, dictionaries or even phrases from common digitalized books...

[Timo Y]

Here is a quote from from the website of none other than TrueCrypt

It is very important that you choose a good password. You must avoid choosing one that contains only a single word that can be found in a dictionary (or a combination of such words). It must not contain any names, dates of birth, account numbers, or any other items that could be easy to guess. A good password is a random combination of upper and lower case letters, numbers, and special characters, such as @ ^ = $ * + etc. We strongly recommend choosing a password consisting of more than 20 characters (the longer, the better). Short passwords are easy to crack using brute-force techniques.

Shouldn't the TrueCrypt designers, of all people, have a better grasp of this concept?  

Actually, that XKCD comic is dangerous advice for Joe Average.  It is true only IF those words are chosen completely at random.

But that is not how Joe Average would go about choosing he words. He would go something like "Horse...uhm...Cart...uuhhhm...Galloping...Away!"

Or he would click on "random article" on Wikipedia 4 times.

None of these methods are random enough to create secure pass phrases.

Also, to resist brute force attacks by supercomputers (a realistic threat for high balance bitcoin wallets) you need something like 10-12 words and not 4.

Which is not that much easier to remember than 16 characters.

[DeathAndTaxes]

Just a friendly warning that comic is bullshit. You would need at least 8 random words to have about the same security as 12+ random characters. The entropy maybe higher

The comic didn't say 12 random characters.  Most people don't use 12 random characters for their password.  So was the problem the example in the comic or your understanding of the example in the comic?

but every serious hacker uses rainbow tables, dictionaries or even phrases from common digitalized books...

which is useful against a set of random words how?

[DeathAndTaxes]

Actually, that XKCD comic is dangerous advice for Joe Average.  It is true only IF those words are chosen completely at random.

But that is not how Joe Average would go about choosing he words. He would go something like "Horse...uhm...Cart...uuhhhm...Galloping...Away!"

Someone that foolish is also likely to use "p@sswordZ1234 as their password instead.  See the @ and the "Z" give it strength.  Even "Horse Cart Galloping Away" is stronger than most passwords (based on the results of password table breaches).

Also, to resist brute force attacks by supercomputers (a realistic threat for high balance bitcoin wallets) you need something like 10-12 words and not 4.

Which is not that much easier to remember than 16 characters.

Please show me the math where it takes 10 to 12 random words from a list of say the diceware list to equal the entropy of 16 random characters.  If you are right and have the math to show it I will give you 100 mBTC.

Don't get excited how about we estimate it like this.  There are 80? 96 characters (upper, lower, number, and symbol) on standard keyboard.

A guestimation game.  Do you think 96^16 >= 7776^10?  If not what x do you think solves this equation 7776^x >= 96^16

For those playing along at home, don't grab a calculator right away.  Just take a guess based on the base and the exponents.

[NLNico]

I personally advise programs like KeePass and LastPass with 30(+) characters.

I use KeePass with the default (20 characters). Should I increase it?

Well it doesn't hurt to have more probably in most cases 20 is enough tho. Better yet... some websites have a limit on like 24 characters

[R2D221]

I personally advise programs like KeePass and LastPass with 30(+) characters.

I use KeePass with the default (20 characters). Should I increase it?

Well it doesn't hurt to have more probably in most cases 20 is enough tho. Better yet... some websites have a limit on like 24 characters

Microsoft has 16, and it has been like that for years

[DannyHamilton]

A guestimation game.  Do you think 96^16 >= 7776^10?  If not what x do you think solves this equation 7776^x >= 96^16

For those playing along at home, don't grab a calculator right away.  Just take a guess based on the base and the exponents.

My answer hidden to avoid spoiling the fun for others.  Click "quote" on this post to see my answer.



<sub>Well,

I started by noticing that 7776 is pretty close to 96^2. That would mean that everytime x increases by 1 the exponent on the other side of the equal sign would have to increase by approximately 2.  Since the exponent is 16 on the other side of the equal sign, x must be somewhere around 8 (give or take 1).

How'd I do?</sub>

[pening]

...
But that is not how Joe Average would go about choosing he words. He would go something like "Horse...uhm...Cart...uuhhhm...Galloping...Away!"

Or he would click on "random article" on Wikipedia 4 times.

None of these methods are random enough to create secure pass phrases.

Random is overrated.  Its not pure random thats important, but that the combination is unique, and that it hasn't been used and found in an unsecured system.  What XKCD is trying to highlight is that length is better than complexity.  Given two passwords of 10 char, "(wRD9=K-]3" or "Complacent" have the same entropy for a brute force attack.  

However if there is a dictionary attack, then the latter is weak.  But if you'd used the first in a system that has poor password security, it would be just as weak as it would be included in dictionary attacks.  Thats what they are, long lists of all the compromised passwords found before.  Random just gives us a better starting point for being (far) less likely to have been used and included in a dictionary.

Assuming we don't reuse passwords and they aren't exposed through a poor site, a longer memorable password is always preferable.  Memorable passwords help avoid reuse, so help avoid that weakness.  If I use a "random", previously unused sequence of words, thats good enough for 99% of use cases.  Knowing that its unused is difficult of course (unless checking against dictionaries) so needs a bit of thought.

If you want to protect against supercomputers, you need to reduce the opportunity to access the secured system, not worry about password length.  If one can access your system for your high value wallet, you are already exposed to physical attack methods (keylogging, forensic data capture, good 'ol fashion lead pipe threat)

[cr1776]

I personally advise programs like KeePass and LastPass with 30(+) characters.

I use KeePass with the default (20 characters). Should I increase it?

Well it doesn't hurt to have more probably in most cases 20 is enough tho. Better yet... some websites have a limit on like 24 characters

Or worse, Schwab.com has a limit of 8, yes, eight, characters.

[drrussellshane]

I personally advise programs like KeePass and LastPass with 30(+) characters.

I use KeePass with the default (20 characters). Should I increase it?

Well it doesn't hurt to have more probably in most cases 20 is enough tho. Better yet... some websites have a limit on like 24 characters

Or worse, Schwab.com has a limit of 8, yes, eight, characters.

Many banks are like this as well.

[ning]

I don't understand why some websites set a limit on the length of passwords, since the passwords are supposed to be stored as salted hashes (of the same finite size).

[floatertheplayer]

I don't understand why some websites set a limit on the length of passwords, since the passwords are supposed to be stored as salted hashes (of the same finite size).

That is a good point. It must be a sign that they don't store it as salted hashes!:D On the other hand password for a web-service need not be as complex as a file encryption pass. Since they can stop brute force pretty easily.

[DooMAD]

Seems I've caused some controversy, heh.  Can we at least agree that in order from weakest to strongest password strength, it would be:

• elephant
• 3l3ph4nT
• flying elephants with bow ties
• fLy1ng-3l3ph4nT5_wiTh*b0w.t13$

But it would be almost impossible to commit the last one to memory.

[tkbx]

There are about a million words in English. Assuming my math is right, here's the number of passwords for x words:
1: 1000000 possibilities
2: 1000000000000
3: 1000000000000000000
4: 1000000000000000000000000
5: 1000000000000000000000000000000
vs a 14 character password of letters, numbers, and common symbols: 67822307284900000000000000
so as long as you've got a good list of words to randomly pick from, you need 5 words to beat the security of a typical password. With real word lists, however, I imagine it being closer to 7 or 8 words.

[flatfly]

Seems I've caused some controversy, heh.  Can we at least agree that in order from weakest to strongest password strength, it would be:

• elephant
• 3l3ph4nT
• flying elephants with bow ties
• fLy1ng-3l3ph4nT5_wiTh*b0w.t13$

But it would be almost impossible to commit the last one to memory.

None of the above are very secure against a determined and well-funded attacker - not even the last one.
7 to 8 diceware words, on the other hand, is all you need to be very safe for years.

You might be interested in my NoBrainr script, which is a simple example of diceware applied to bitcoin address generation:
 https://bitcointalk.org/index.php?topic=308972.0

[V4Vendettas]

My wallets password is : F4tF0cKM4rkT0oKMyCoIns 

Is that strong enuf to keep me safe ?

[porcupine87]

Actually, that XKCD comic is dangerous advice for Joe Average.  It is true only IF those words are chosen completely at random.

But that is not how Joe Average would go about choosing he words. He would go something like "Horse...uhm...Cart...uuhhhm...Galloping...Away!"

Or he would click on "random article" on Wikipedia 4 times.

Random words just makes it more possible to forget the password. For me it just makes a difference for what I use the password. What are the costs when an account is hacked? How high the costs to remember and type on the password? How easy is it to run a brute force attack?(it is more difficulty if you only have a few attempts)

Take an facebook account:
What are the costs when an account is hacked?
-> It would be stupid but I don't lose money.
How high the costs to remember and type on the password?
-> I use it often, so a long password is inconvenient.
How easy is it to run a brute force attack?(it is more difficulty if you only have a few attempts)
I guess Facebook has some build in mechanism to prevent thousand of attempts
What can the hacker get?
Not really much.

-> So my password is short and convenient. I have 8 letters. (but maybe I should make 12 or so)


I use a brain wallet for my cold storage.
What are the costs when an account is hacked?
-> I lose money. Depending on the amount of money.  
How high the costs to remember and type on the password?
-> I just need it to remember and don't use it a lot use it only one time. I have a paper as backup, too.  
How easy is it to run a brute force attack?(it is more difficulty if you only have a few attempts)
No limits for hackers.
What can the hacker get?
$$$$

So what password do I use?
I have 4 words separated by different symbols. I have 40 characters and I am pretty sure 3 of those 4 words are not in any of those large dictionaries (not that 7500 word list, I mean a list with 2mio. words).

What words do I use? I do not really want to say, but I take names. A city or village (small), a street name, a mountain, the bakery you use, your favorite football player and so on. It depends how popular that name is. A name like "coca cola" is not strong, so like a city called "berlin". But things chance if you take a city called "Dietmannsried" or "Bad Tölz", the city where your mother grew up.

Because this is important. An address is not linked to an person. So the attacker doesn't know about your mom.
-> just be creative!