Password strength

[porcupine87]

Seems I've caused some controversy, heh.  Can we at least agree that in order from weakest to strongest password strength, it would be:

• elephant
• 3l3ph4nT
• flying elephants with bow ties
• fLy1ng-3l3ph4nT5_wiTh*b0w.t13$

But it would be almost impossible to commit the last one to memory.

None of the above are very secure against a determined and well-funded attacker - not even the last one.
7 to 8 diceware words, on the other hand, is all you need to be very safe for years.

You might be interested in my NoBrainr script, which is a simple example of diceware applied to bitcoin address generation:
 https://bitcointalk.org/index.php?topic=308972.0

ah c'mon. The last one is nearly like 80^31 (80 = number of characters). This is 10^59. But ok, it's not completly random. So let's make 10^40.
If you take your 8 dice words out of a 10 000 dictionary, what do you get? 10^32

[1715264719]

1715264719

[runam0k]

You can derive a strong password from a phrase or sentence that you're unlikely to forget.

Take, say, "Dead or alive, you're coming with me." Yes, from Robocop.

This becomes "Doa,ycwm."

Throw in a number and a cap and you get "D0a,Ycwm.", which is easily remembered and pretty strong for an 9 char password.  Modify it for each website you use e.g. by adding "@alk" (for bitcointalk) or "@gle" (for Google).

Ideally the phrase or sentence should be something unique to you and something you can recall instantly.

[HorseCoin]

why would a horse need a battery staple?  what is this the matrix where people are run on batteries?? 

[cointech]

I always thought password complexity went up with character count more than anything. Throwing in some special characters might have helped 10 years ago but people cracking passwords are clued up to that and will include those in their brute forcing techniques. So ultimately if we are dealing with brute forcing the best defense is long passwords.

So can someone tell me why this password wouldn't be secure?

"OnMondayMorningsILikeToWakeUpWithANiceGlassOfOrangeJuiceBeforeEatingMyTooast"

[porcupine87]

I always thought password complexity went up with character count more than anything. Throwing in some special characters might have helped 10 years ago but people cracking passwords are clued up to that and will include those in their brute forcing techniques. So ultimately if we are dealing with brute forcing the best defense is long passwords.

So can someone tell me why this password wouldn't be secure?

"OnMondayMorningsILikeToWakeUpWithANiceGlassOfOrangeJuiceBeforeEatingMyTooast"

This is secure. You are correct. You have 76 characters. It's not completly random, but you have 76 characters or 19 words.

[spooderman]

Yes, isn't the password aaaaaaaaaaaaaaaa
just as strong as          arjb%@&5859snJk

?

[spazzdla]

Can I use æ commands in my bitcoin password?

[gmaxwell]

But as explained fantastically well by XKCD, it's actually not entirely true.  Random characters only make it harder to remember, not to crack.

Sadly, XKCD's explanation is simple to the point of being deceptive— it's caused a lot of terrible misunderstanding.

True randomness is absolutely essential to password security. If there is enough, your key is secure— if there isn't it may not be.  It doesn't matter from a security perspective if that randomness is used to pick letters or whole words, so long as enough goes into it. If you'd find words easier to deal with— then great do that.

But there must be enough and, sadly, the example that XKCD gives is targeted around things like website passwords where very high speed attacks are infeasible, and where a multi-target speedup (e.g. from an unsalted password) is unavailable.  For an offline attack scenario where an attacker can have an effective attack speed of a billion attempts per second— or more— the strength discussed on XKCD would fail in a day or two.

A lot of people read the comic and completely miss the point of randomness being essential and just the form of its expression being irrelevant, and so they think any random human generated string is acceptable "'duck spatula stapler outlet', that's totally random!" when in fact it is in grave danger of being compromised by attackers with powerful statistical models for human generated passwords.

[DeathAndTaxes]

So can someone tell me why this password wouldn't be secure?

"OnMondayMorningsILikeToWakeUpWithANiceGlassOfOrangeJuiceBeforeEatingMyTooast"

The only issue would be if this phrase is from a book or movie (potentially even one you are unaware of).  That is why systems like diceware exist to create a truly random sequence of words.

Although brute force capabilities have come a long way, passwords consisting of 10 digits (all keyboard symbols) are beyond the brute force (see below before you complain) capabilities of most entities and 12 digits would be beyond the capabilities of nation states in most situations (i.e. no nation is going to expend a year of super computing time at a cost of $500B in order to break your facebook password ).   If your a significant threat to a nation state and they would be willing to expend billions of dollars to attack you well you should probably push that out to 15 digits.  For those who prefer dicewords that would be 5, 6, and 8 dicewords respectively.

However that assumes the attacker is just doing a pure brute force attack of all possible passwords.  The reality is that beyond 9 digits it starts taking an increasingly incredible amount of time for each additional digits.  So password crackers are going to try a variety of methods which are often much faster (even on much longer passwords).

1) Check the hash against databases of known compromised passwords (you can find on various sites lists of 15M+ previously leaked and broken passwords).  If your passphrase is on that list your toast.  Even some hobbyist with a single CPU can break it in a matter of minutes.

2) Check the hash against phrases from movies, books, memes, pop culture (no doubt Satoshi's genesis block quote is insecure).

3) Check the hash against a dictionary (possibly foreign languages as well).

4) A modified version of #3 is to take the same dictionary and perform derivations (which is why Troub@dor1 is a lot weaker than it may initially seem).

So having a long passphrase is good but it isn't a guarantee that the password is strong (unless it is random).  To ensure it is strong it needs to not be breakable by the four methods above as well.  I noticed in your example you wrote "Tooast" not "Toast".  If that was intentionally then congratulations it ensured it probably isn't going to match any phrase search.

[cointech]

Thanks for the excellent explanation, it's appreciated.

Tooast was indeed intentional. I base all my passwords on long phrases where possible and I always repeat a specific vowel just to mess up the dictionary attacks and I always use slang.... Benefits of growing up in East London is that I have quite a large vocabulary of it.

I just wish more websites would stop limiting password length. Seriously 8 chars?

[bountygiver]

from what I read from someone's advice, one of the greatest way is to remember your password first then SHA256 it.
You may use any sort of encryption depends on your preference, as long as the encryption method is easy to acquire.
And use the encrypted hotword as raw password.

[R2D221]

You can derive a strong password from a phrase or sentence that you're unlikely to forget.

Take, say, "Dead or alive, you're coming with me." Yes, from Robocop.

This becomes "Doa,ycwm."

Throw in a number and a cap and you get "D0a,Ycwm.", which is easily remembered and pretty strong for an 9 char password.  Modify it for each website you use e.g. by adding "@alk" (for bitcointalk) or "@gle" (for Google).

Ideally the phrase or sentence should be something unique to you and something you can recall instantly.

I'm sorry, but I would find it very hard to remember it using this method. (which is the letter that will be a number now?)

[porcupine87]

You can derive a strong password from a phrase or sentence that you're unlikely to forget.

Take, say, "Dead or alive, you're coming with me." Yes, from Robocop.

This becomes "Doa,ycwm."

Throw in a number and a cap and you get "D0a,Ycwm.", which is easily remembered and pretty strong for an 9 char password.  Modify it for each website you use e.g. by adding "@alk" (for bitcointalk) or "@gle" (for Google).

Ideally the phrase or sentence should be something unique to you and something you can recall instantly.

I'm sorry, but I would find it very hard to remember it using this method. (which is the letter that will be a number now?)

I use a similar approach. I write words intentionally wrong. A long time I used passwords like "ausdralia" or "intonesia". One different character should be enough. Just something like "d-t" or "b-p" or "g-k". And a two numbers which are conveniant to type.
-> short and no chance for a dictionary attack.

But way to short for a brain wallet. There you have to use more words. Take the places of your first trip in Thailand + your first car + one word written wrong-> done.

[OROBTC]

...

Here is a technique that will work for some who are not tekkies.

1)  Take an obscure word or more from a foreign language (preferably one you speak and/or is obscure)

2)  Misspell the word a little

3)  Add a prefix and/or a suffix like some numbers and/obscure abbreviations from something you know about

Example:

You have a Polish grandma, and you are a long distance runner who likes astronomy:

21milespolsckujestnajlepszaproxbantauri

Crack that!  No caps, no symbols, but if you choose well, I doubt your password would get cracked for quite a while...

[BADecker]

Here is a practical idea that would work for some people. It involves using a large random character list. Use your imagination to make it stronger than it is explained in the link: https://bitcointalk.org/index.php?topic=435050.msg4779209#msg4779209.

[Newar]

I personally advise programs like KeePass and LastPass with 30(+) characters.

I use KeePass with the default (20 characters). Should I increase it?

If you're using Keepass might a well make it longer. Mine is 100+ (generated within Keepass, with all the random options turned on)

Of course there's the additional discussion about Keepass only being as safe as your master password + (hopefully) key file. Also, using Keepass the question you have to ask yourself is how do you handle your master password and key file?

[phillipsjk]

The only thing that matters is how predictable each character is.

Truly random ASCII printable characters have about 6 bits of entropy each. You probably want between 64 and 128 bits of entropy (11-22 characters). That implies 100 character passwords are excessive.

I sometimes hash a file that changes over time, and use the resulting 32 hex digits (4 bits each) as a high-security password.

My favourite Online Password Generator

[odolvlobo]

Simple entropy is not necessarily a good indicator of password strength. For example, "1q2w3e4r5t" looks relatively strong because it has about 42 bits of entropy, but it is a terrible password because it is one of the 10,000 most common passwords and it is in every cracker's dictionary.


Read this about judging a password by it's entropy: https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

[DeathAndTaxes]

Simple entropy is not necessarily a good indicator of password strength. For example, "1q2w3e4r5t" looks relatively strong because it has about 42 bits of entropy, but it is a terrible password because it is one of the 10,000 most common passwords and it is in every cracker's dictionary.


Read this about judging a password by it's entropy: https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/

Well 42 bits of entropy is also awful.  Even if it wasn't on a password list, it could be brute forced by just about anyone and then once it is, it will be on a password list.  Really one should be look at a minimum of 80 bits of entropy and for high security applications more is better (128 bits would be optimal).

Still I do like the fact that the linked password meter checks against known weak/broken passwords.