0936: "Password Strength"

This forum is for the individual discussion thread that goes with each new comic.

Moderators: Moderators General, Prelates, Magistrates

peregrine_crow
Posts: 179
Joined: Mon Apr 07, 2014 7:20 am UTC

Re: 0936: "Password Strength"

Postby peregrine_crow » Wed Jul 09, 2014 1:40 pm UTC

Eebster the Great wrote:For many people, step 14 is "change password to 'password1!' so I won't forget it again.

Site administrators don't understand human behavior, it seems.


Hell, for unimportant accounts, my step 3 is "change password to 'password1!' so I won't forget it". For important accounts, step 3 involves a lot of curse words and step 4 is "give up and use keepass".
Ignorance killed the cat, curiosity was framed.

User avatar
ucim
Posts: 5568
Joined: Fri Sep 28, 2012 3:23 pm UTC
Location: The One True Thread

Re: 0936: "Password Strength"

Postby ucim » Tue Oct 28, 2014 9:10 pm UTC

It does seem to me that the password recovery system is the weakest part of the sign-on process. Unless the secret questions and answers are also hashed (in which case they are passwords in themselves), the way to break in is to mitm the email account of your target and ask for a password reset on the targeted account. Without using two-factor, how would you implement a secure password recovery scheme?

Jose
Order of the Sillies, Honoris Causam - bestowed by charlie_grumbles on NP 859 * OTTscar winner: Wordsmith - bestowed by yappobiscuts and the OTT on NP 1832 * Ecclesiastical Calendar of the Order of the Holy Contradiction * Please help addams if you can. She needs all of us.

User avatar
Neil_Boekend
Posts: 3215
Joined: Fri Mar 01, 2013 6:35 am UTC
Location: Yes.

Re: 0936: "Password Strength"

Postby Neil_Boekend » Wed Oct 29, 2014 7:10 am UTC

Well, yeah, if someone managed to access my primary emailaccount they could access most of my medium important stuff. Not the low importance because that is on a throwaway address that I give to just about anyone and not my bank data because that is a far more advanced access procedure than a password.
Mikeski wrote:A "What If" update is never late. Nor is it early. It is posted precisely when it should be.

patzer's signature wrote:
flicky1991 wrote:I'm being quoted too much!

he/him/his

User avatar
HES
Posts: 4780
Joined: Fri May 10, 2013 7:13 pm UTC
Location: England

Re: 0936: "Password Strength"

Postby HES » Wed Oct 29, 2014 1:21 pm UTC

ucim wrote:Without using two-factor...

Which is why two-factor is becoming increasingly common.
He/Him/His Image

CharonPDX
Posts: 53
Joined: Wed Apr 27, 2011 4:55 am UTC

Re: 0936: "Password Strength"

Postby CharonPDX » Fri Nov 21, 2014 9:44 pm UTC

Neil_Boekend wrote:Well, yeah, if someone managed to access my primary emailaccount they could access most of my medium important stuff. Not the low importance because that is on a throwaway address that I give to just about anyone and not my bank data because that is a far more advanced access procedure than a password.


Which is why a few years ago I started using user names that are not the same as the recovery email address the account is linked to. (So, no, the recovery email address for my account here is *NOT* "charonpdx@gmail.com" or "charonpdx@yahoo.com", etc. - neither of which I actually own, by the way.) That cuts down on the simple guesses. I always full delete password recovery emails immediately after using them. (So if I did have to reset my password here, I would have the email sent, click the link, then immediately delete the email and empty the deleted messages folder.) That keeps proof of an email account being linked to a certain account from sticking around. (So even if my xkcd-recovery-not-charonpdx@hotmail.com account got hacked, there would be no evidence in their that I have an xkcd account.)

Lastly, I use 'fake but related' answers to the recovery questions. So instead of my mother's maiden name, I use (not really, but similar) my FATHER'S mother's maiden name. For "color of first car", instead of (not real) "green", I use (also not real) "pea soup". For first concert attended, I use "Woodstock" (again, not real - but the point is I use a concert that occurred before I was born.)

User avatar
orthogon
Posts: 2695
Joined: Thu May 17, 2012 7:52 am UTC
Location: The Airy 1830 ellipsoid

Re: 0936: "Password Strength"

Postby orthogon » Sun Nov 23, 2014 4:57 pm UTC

These posters have started appearing in London:
Image
Seems somebody has been paying attention...
xtifr wrote:... and orthogon merely sounds undecided.

User avatar
.DL
Posts: 6
Joined: Tue Dec 02, 2014 7:27 pm UTC

Re: 0936: "Password Strength"

Postby .DL » Tue Dec 02, 2014 7:47 pm UTC

Alex-J wrote:I really don’t think it matters how secure your password is (except for more important things like online banking and PayPal). Honestly, how many people want to mess-up your xkcd forum account? The password is only there so someone can’t, on a complete whim, decide to be you.

This is something I've never seen formally addressed! The security necessity of a password really can coincide with how important the password actually is! A password for a flash game with mice and cheese won't need to be so complex, and if its not an important game you probably won't even remember it!

This is why I've never gotten the idea of never writing down passwords!!! I mean, keep them in a secure spot of course, but the only people who are getting into accounts through physical means are already in your house! And in American, we should have secure areas for this sort of thing anyways considering social security is given to us on a card!

User avatar
Archgeek
Posts: 128
Joined: Wed May 02, 2007 6:00 am UTC
Location: Central US
Contact:

Re: 0936: "Password Strength"

Postby Archgeek » Wed Dec 03, 2014 6:42 am UTC

.DL wrote:A password for a flash game with mice and cheese won't need to be so complex, and if its not an important game you probably won't even remember it!


Transformice, eh? Gotta love those lousy french physics.
"That big tube down the side was officially called a "systems tunnel", which is aerospace contractor speak for "big tube down the side."

thiago
Posts: 1
Joined: Wed Mar 30, 2016 3:16 am UTC

Re: 0936: "Password Strength"

Postby thiago » Wed Mar 30, 2016 5:42 am UTC

Shameless self promotion here! I released a free iOS app that generates passwords following this comics' suggestion. It picks 4 words at random from a set of 10,000 common English words. It's available on the App Store and its name is Catchy Password. I hope this is helpful.

scalziand
Posts: 61
Joined: Wed Oct 17, 2007 3:02 pm UTC

Re: 0936: "Password Strength"

Postby scalziand » Tue Aug 08, 2017 1:39 pm UTC

The morning news just ran a story on passwords, and what sample password did they use?

CORRECTHORSEBATTERYSTAPLE

User avatar
Clix
Posts: 58
Joined: Fri Mar 29, 2013 8:42 pm UTC
Location: 717841.03 834745.456

Re: 0936: "Password Strength"

Postby Clix » Wed Aug 09, 2017 4:02 am UTC

Sorry about all that, nevermind, carry on.


The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time

We’ve all been forced to do it: create a password with at least so many characters, so many numbers, so many special characters, and maybe an uppercase letter. Guess what? The guy who invented these standards nearly 15 years ago now admits that they’re basically useless. He is also very sorry.


Above link links to the Source story from WSJ, but it is behind a paywall: https://www.wsj.com/articles/the-man-wh ... 1502124118
People need panic...panic in regular draghts. I read about the governments of the world, and I panic daily. It's a heart pumping workout that keeps my cheeks rosy and my vision crystal clear.
Thorax:Pigborn (Brooke McEldowney)

User avatar
New User
Posts: 580
Joined: Wed Apr 14, 2010 4:40 am UTC
Location: USA

Re: 0936: "Password Strength"

Postby New User » Mon Aug 14, 2017 11:03 pm UTC


rmsgrey
Posts: 3080
Joined: Wed Nov 16, 2011 6:35 pm UTC

Re: 0936: "Password Strength"

Postby rmsgrey » Tue Aug 15, 2017 8:36 pm UTC


Only about 6 years late...

User avatar
Weeks
Hey Baby, wanna make a fortnight?
Posts: 1859
Joined: Sat Aug 23, 2008 12:41 am UTC
Location: Panama

Re: 0936: "Password Strength"

Postby Weeks » Tue Aug 15, 2017 10:13 pm UTC

Holy shit nooooo. Imagine if every site didn't have these requirements. Then maybe I could actually change my password to something safer.
Am I gregnant
suffer-cait wrote:One day I'm gun a go visit weeks and discover they're just a computer in a trashcan at an ice cream shop.
Quercus wrote:Agreed, but "constitutional fetishism" doesn't have that lovely alliteration between fetishism, first and fucking
rath358 wrote:I have been replaced D:

User avatar
ucim
Posts: 5568
Joined: Fri Sep 28, 2012 3:23 pm UTC
Location: The One True Thread

Re: 0936: "Password Strength"

Postby ucim » Wed Aug 16, 2017 1:02 am UTC

"...since there is only one password that satisfies all of the password requirements, it has been automatically set up for each of the account holders. It is being distributed by email; please use this password for all your accounts."

Jose
Order of the Sillies, Honoris Causam - bestowed by charlie_grumbles on NP 859 * OTTscar winner: Wordsmith - bestowed by yappobiscuts and the OTT on NP 1832 * Ecclesiastical Calendar of the Order of the Holy Contradiction * Please help addams if you can. She needs all of us.

rmsgrey
Posts: 3080
Joined: Wed Nov 16, 2011 6:35 pm UTC

Re: 0936: "Password Strength"

Postby rmsgrey » Wed Aug 16, 2017 7:35 pm UTC

ucim wrote:"...since there is only one password that satisfies all of the password requirements, it has been automatically set up for each of the account holders. It is being distributed by email; please use this password for all your accounts."

Jose


Don't be silly - rather than distribute it, merely require all users to enter a password that meets the site's requirements. Eventually, someone will manage to enter a the valid password

SuicideJunkie
Posts: 153
Joined: Sun Feb 22, 2015 2:40 pm UTC

Re: 0936: "Password Strength"

Postby SuicideJunkie » Thu Aug 17, 2017 7:42 pm UTC

That site would be far more secure if they tightened the password requirements just a little more.
- may include any ascii characters
- may not repeat any character
- must be at least 300 characters long

User avatar
New User
Posts: 580
Joined: Wed Apr 14, 2010 4:40 am UTC
Location: USA

Re: 0936: "Password Strength"

Postby New User » Mon Aug 21, 2017 7:10 pm UTC

I'm a cryptography noob, but wouldn't it be less secure if the password may not repeat any character?

User avatar
Soupspoon
You have done something you shouldn't. Or are about to.
Posts: 2484
Joined: Thu Jan 28, 2016 7:00 pm UTC
Location: 53-1

Re: 0936: "Password Strength"

Postby Soupspoon » Mon Aug 21, 2017 7:32 pm UTC

You'd be guaranteed that you could never randomly generate a valid password, however. So it's completely proof against Brute Force!

User avatar
Eebster the Great
Posts: 2750
Joined: Mon Nov 10, 2008 12:58 am UTC

Re: 0936: "Password Strength"

Postby Eebster the Great » Tue Aug 22, 2017 10:24 am UTC

Soupspoon wrote:You'd be guaranteed that you could never randomly generate a valid password, however. So it's completely proof against Brute Force!

If you want to get technical about it, the brute force algorithm has already terminated successfully and found every password.

morriswalters
Posts: 6904
Joined: Thu Jun 03, 2010 12:21 am UTC

Re: 0936: "Password Strength"

Postby morriswalters » Tue Aug 22, 2017 2:13 pm UTC

I love/hate Bertrand Russell. Turing rocks.

That password can be attacked on its parity. Randall may have already calculated this in. Double letters and word breaks. If I know it's four words, in his pass phrase there are 5 points of parity, 2 double letters and 3 word breaks. All I have to do is find the sets containing those parities, in the order they occur. That's a big set. Make it bigger.

Destroy the parity with a rule, no double letters, anywhere. Pad the words so each word meets that rule. They will be six characters long with no parity. The hacker can't find word edges. Am I missing anything critical?

edit
This actually serves me a purpose. If it's true, I can make this work with current password rules, by appending this set to a password with six words of any other set.

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 25789
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 0936: "Password Strength"

Postby gmalivuk » Tue Aug 22, 2017 4:32 pm UTC

morriswalters wrote:That password can be attacked on its parity. Randall may have already calculated this in.
Yes, he did.

Double letters don't affect any of the math in the comic. Allowing or disallowing them would change the entropy of a random string, but the random sequence of four words from a list of 2^11 is guaranteed to be at least as hard to crack by brute force as any other password with 44 bits of entropy.

That's the strength of this password technique even if the attacker knows the entirety of your word list and the fact that you've randomly chosen four of those words.
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

morriswalters
Posts: 6904
Joined: Thu Jun 03, 2010 12:21 am UTC

Re: 0936: "Password Strength"

Postby morriswalters » Tue Aug 22, 2017 9:34 pm UTC

I'm not saying this is right, I'm telling you how I have it conceptualized.

You're saying this is true
7/26+5/26+7/26+6/26 > 24/26
7+5+7+6>24
25>24
Ok, I'm almost there.
Here's what I think I see. I say he actually has this.
6+5+6+6=23<24=6+6+6+6
23<24

2 letters are used twice, and are not distinct.
My set contains 24!+23!+........+1!=? combinations. RNG knows what that number is. It's big. His is smaller. But not by much. I will use this. It can be used like a code. Know which member of this set you are using and you could preselect your passwords number and refer to them by that number. So


n>1.4.7........2.5.8.............3.6.9
...c.o.r.ectrhor.s.e.baterytstap.l.e

n starts the password. Increasing by 3 each time. Those are the starting letters first 9 passwords.
Having said that, I'll use different 4 letter words for each pass phrase. One for each n. :D Serendipity. :)

My argument is that every set in Randall's is not unique since some have two equal values. That tells you something. My set tells you nothing. I've told you this before. What makes the set, as I defined it, unique, is that there is only one rule for movement through that set. If I order my set in this fashion by always following that rule, I can have as many of those sets as I need by moving in that fashion, all different but having the same members arranged differently. It's random within.

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 25789
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 0936: "Password Strength"

Postby gmalivuk » Wed Aug 23, 2017 12:39 pm UTC

And my argument is that you're completely missing the point of the method.

You've come up with something that converts a password into another number, and then place some significance on the fact that different passwords can result in the same number. But so what? That doesn't make the password weaker, it just means you didn't come up with a very good encoding of it.

Passwords of Randall's type come from a set of 16,000,000,000,000. They're not nearly as strong as passwords of the same length can be, but they are far easier to remember than other passwords of the same strength.

(I don't really know what your numbers are supposed to mean, but the gist seems to be that you're still treating it as a string of letters, when really it's a string of words. A random string of letters could beat Randall's password strength with just 10 letters, but the point is that that's not easy to remember.)
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

morriswalters
Posts: 6904
Joined: Thu Jun 03, 2010 12:21 am UTC

Re: 0936: "Password Strength"

Postby morriswalters » Wed Aug 23, 2017 4:38 pm UTC

gmalivuk wrote:You've come up with something that converts a password into another number, and then place some significance on the fact that different passwords can result in the same number. But so what? That doesn't make the password weaker, it just means you didn't come up with a very good encoding of it.
gmalivuk wrote:A random string of letters could beat Randall's password strength with just 10 letters, but the point is that that's not easy to remember.)
This points to our misunderstanding. I didn't do anything, or convert anything. I took Randall's idea and made it better.

You could use the same 4 words to make some number of passwords, that are just different points on that string. All of them as hard to crack as the first. You can do that because you got rid of parity. Words have parity in two parts. Intervals and edges. If you remove the edges you remove the parity. When you steal the edges you leave nothing to identify words. You've made the string random. I'll give you an example.
hot toddy
That has two edges and one interval. That is a finite set. Doubles can be in two places, and either one tells you something.

I concatenated the string, first letter to the last. It makes a hard thing harder. All I have to do is point to the starting spot to read whatever key you need. Print the phrase on tape and wrap it around the cylinder so the head meets the tail. n tells you where in the phrase to start for a particular password. My idea is Randall's idea. With double letter sequences removed.

User avatar
Eebster the Great
Posts: 2750
Joined: Mon Nov 10, 2008 12:58 am UTC

Re: 0936: "Password Strength"

Postby Eebster the Great » Wed Aug 23, 2017 7:13 pm UTC

The idea is to generate a password using a method that guarantees that even if the attacker knows the exact method you used, it is still infeasible to check all possible passwords that could be generated by that method. Moving things around in a predetermined way does not change the entropy, because we must also assume that the attacker knows exactly how you have done that.

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 25789
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 0936: "Password Strength"

Postby gmalivuk » Wed Aug 23, 2017 7:25 pm UTC

Making the password a loop and starting at a random point adds a factor of 25 to the number of possibilities. Adding one random letter to the end multiplies it by 26 and is probably easier to remember.

Adding one more random word from the list multiplies it by 2,000.

There are lots of ways to make a better password than Randall's, but all of them improve on it in fundamentally the same way: by increasing the number of possibilities the method can generate. The comic never claimed this was the most secure possible way to make a password, it just suggests how to make a good enough password that is also memorable. If your change hurts memorability more than it helps security, then it's not really an improvement in a practical sense.

(The most secure possible password is of maximal length with every character chosen randomly from the set of all allowable characters. No other method will ever match or beat that one for pure unbreakability. Many other methods are practically superior, though, for people who actually enjoy being able to remember any of their passwords.)
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

KnightExemplar
Posts: 5489
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: 0936: "Password Strength"

Postby KnightExemplar » Wed Aug 23, 2017 8:01 pm UTC

morriswalters wrote:Destroy the parity with a rule, no double letters, anywhere. Pad the words so each word meets that rule. They will be six characters long with no parity. The hacker can't find word edges. Am I missing anything critical?


Lets look at NIST's most recent draft standard for digital authentication:

https://doi.org/10.6028/NIST.SP.800-63b

Section 5.1.1.2 Memorized Secret Verifiers:

Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.


You should not force arbitrary rules upon your audience. Blacklist-style checking is a good idea according to 800-63b, but its a terrible idea to force users to compose their passwords in a particular way.

-----------------

Generally speaking, the human-mind is trained from a very young age to perfectly memorize very long strings of letters and words. This is called "language fluency". Since our brains have gone through 12-years of memorizing words in particular orders, improving our password requirements in a human-influenced way means "making a longer sentence" is a way better methodology.

Lets say you have the sentence "My password is stupid simple like correct horse battery staple! Keep it simple stupid.". There is virtually no brute-force machine in the world that would come up with that password.

Why spend so much effort increasing entropy by 20x or 30x by shifting letters around... when you can easily increase entropy on the order of 1-million times by adding two or three words to the whole password? Full sentences are the easiest way to make an uncrackable password, because of how the human mind is trained by society.
First Strike +1/+1 and Indestructible.

rmsgrey
Posts: 3080
Joined: Wed Nov 16, 2011 6:35 pm UTC

Re: 0936: "Password Strength"

Postby rmsgrey » Wed Aug 23, 2017 9:52 pm UTC

Meanwhile, my job requires me to log in to 13 accounts with 10 different logins every day, with different password lifespans, different lengths of password history, different timeout periods (one in particular, I end up logging into up to a dozen times a day because of the timeout) and subtly different composition rules.

So far, I've only had to request one password reset - and that's because that particular system was down one day and every login attempt counted as a failed login...

Sooner or later, though, I'm going to run out of memorable gibberish and either start getting locked out of accounts frequently, or resort to using even less secure passwords (to be fair, if anyone knew precisely how I generate my passwords for work, they should be able to get them down to less than 3 bits of entropy, which is how I've managed to stay just barely on top of things so far - so I guess my new password should be "Correcthorsebatterystaple1!")

morriswalters
Posts: 6904
Joined: Thu Jun 03, 2010 12:21 am UTC

Re: 0936: "Password Strength"

Postby morriswalters » Wed Aug 23, 2017 10:16 pm UTC

rmsgrey wrote:Sooner or later, though, I'm going to run out of memorable gibberish and either start getting locked out of accounts frequently, or resort to using even less secure passwords (to be fair, if anyone knew precisely how I generate my passwords for work, they should be able to get them down to less than 3 bits of entropy, which is how I've managed to stay just barely on top of things so far - so I guess my new password should be "Correcthorsebatterystaple1!")
If you take advice from strangers you get what you pay for. Having said that select 24, 4, word phrases. Make one string of all 96 words. Index it however it suits you. Take any sized subset you like and write down its index. Rinse and repeat. Forever. Or, once every so many ticks of the clock, construct a new phrase. In the meantime your password is tied to an index only you have. And you can read it off the phrase directly and don't have to memorize anything, because given the index, you know the phrase. When the index gets stale create a new phrase. You get a new password every time you create a new index.
KnightExemplar wrote:You should not force arbitrary rules upon your audience.
I'm not forcing anything on any audience. That advice isn't directed at me. I don't require anyone to select passwords.
KnightExemplar wrote:when you can easily increase entropy on the order of 1-million times by adding two or three words to the whole password?
Well, yeah. And I can take that phrase and make it harder to crack..

Ok, I found his method for calculating entropy. I suggest what I'm saying falls in that envelope.

gmalivuk wrote:The comic never claimed this was the most secure possible way to make a password, it just suggests how to make a good enough password that is also memorable. If your change hurts memorability more than it helps security, then it's not really an improvement in a practical sense.
Okay. So? I'm not arguing that what he did is insecure, I like it so much I intend to use it. What I said was that if it had parity it could be attacked in the fashion I suggested. And I showed you how. It has zero cost. All I added was a rule. This is Randall's phrase with two letters moved.
Eebster the Great wrote:The idea is to generate a password using a method that guarantees that even if the attacker knows the exact method you used, it is still infeasible to check all possible passwords that could be generated by that method. Moving things around in a predetermined way does not change the entropy, because we must also assume that the attacker knows exactly how you have done that.
Yes. I don't care if he knows. To defeat a password with Randall's phrase written this way requires someone to decipher a 24 character word. Because four common words written this way are the same as one 24 letter word. If you look at the possible combinations, like I did, you see this. The numbers 6,6,6,6 are the permutations of Randall's set, with the redundancies removed. His set was actually 6,5,6,6.

What Randall said was his password was easier to remember and more secure. I agree. What I said was that you could make one change without either altering the ease of his idea, which made his idea a little better. As far as I know nobody wants to attack me, they will attack the institutions I use. If that assumption is valid I get the same bang for my buck, 24 times. Any hacker that attacks that phrase has to get it all at once. The rule is simple. It works exactly the same way every time, and all it says that if you use double letters move them around. If there are no double letters, this is the same as Randall's technique.

I don't know how to say it any simpler.

This, correcthorsebatterystaple is like this, corectrhorsebaterytstaple. I can read either of these.

KnightExemplar
Posts: 5489
Joined: Sun Dec 26, 2010 1:58 pm UTC

Re: 0936: "Password Strength"

Postby KnightExemplar » Wed Aug 23, 2017 10:36 pm UTC

morriswalters wrote:If that assumption is valid I get the same bang for my buck, 24 times.


And the point is that 24x is actually rather small in the scheme of cryptographic entropy.

"Correct Horse Battery Staple 24" adds far more entropy (a 2-digit number, which is 100x more entropy), and seems way easier to remember than your rule.

Randall's method of improving entropy is simply "add one more word, because adding words is the easiest way to greatly improve entropy and still be memorable".
First Strike +1/+1 and Indestructible.

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 25789
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 0936: "Password Strength"

Postby gmalivuk » Wed Aug 23, 2017 11:40 pm UTC

morriswalters wrote:which made his idea a little better
No, it didn't.

All you did was slightly alter his list of words so now the ones with double letters are spelled wrong.

The security comes from randomly choosing words from the list, not from how those words are spelled. The point is that it remains as secure as the comic calculates even if the attacker knows your word list. Whether there are words with double letters in the list makes zero difference whatsoever. The list could just be 2000 different and creative ways to misspell "battery" and the security would be the same (though the resulting passphrases would be much harder to remember).
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

morriswalters
Posts: 6904
Joined: Thu Jun 03, 2010 12:21 am UTC

Re: 0936: "Password Strength"

Postby morriswalters » Thu Aug 24, 2017 12:26 am UTC

Then you have a pretty poor memory. :D
KnightExemplar wrote:
morriswalters wrote:If that assumption is valid I get the same bang for my buck, 24 times.


And the point is that 24x is actually rather small in the scheme of cryptographic entropy.

"Correct Horse Battery Staple 24" adds far more entropy (a 2-digit number, which is 100x more entropy), and seems way easier to remember than your rule.
Yes. Maybe. Ok. You want alphabets and integers. That's 36 things taken 24 at a time. Use my rule. And add one more. Use the first rule use on words and numbers and use the second on only numbers. Here's the rule. Never use the numbers 0,1,2. We've reduced the set by 3. So 33 things taken 24 at a time. Four words and any or none of 7 digits.

rmoris34hates56spiders7------------------- 24 characters
I can remember that.
Or
eresecant76543countshit-------------------24 characters
I had trouble with fractions until algebra
or
georgewrapsdeadsaturdays-----------------24 characters

Here's my assumption. The cracker is attacking the hash, not me. Here is what you are saying. The password is safe enough. I agree, I simply say that mine is yours, with additional obscurification.

User avatar
Eebster the Great
Posts: 2750
Joined: Mon Nov 10, 2008 12:58 am UTC

Re: 0936: "Password Strength"

Postby Eebster the Great » Thu Aug 24, 2017 12:34 am UTC

"Obscurification" (or obfuscation) is completely irrelevant. You cannot obfuscate something in a deterministic way and increase entropy. For instance, if my method were "choose four words from the 2,048 word list at random, then add the string '12345' at the end," my password is no more or less secure than the same password without that string at the end. Again, we assume the attacker knows the method, so whenever the attacker tries the password, he will simply append 12345 before trying it.

This is true for all deterministic methods. For instance, if my method were "delete the first and last letters, switch the second and third letters, and then put it through ROT13," again, because the method is the same every time, the attacker could simply apply that same method to every guess and would lose nothing. It's pointless.

The only way to increase entropy is to increase the space of random choices that you have made. So if I decided to flip a coin, then add a 0 to the end if tails and a 1 to the end if heads, that would increase entropy by one bit, because for every input, the attacker would have to try both the version with a 0 at the end and the version with the 1 at the end, doubling the number of inputs needed to be tested.

I still don't understand what you are saying about parity at all. Again, since the attacker knows the list of words available for use in the password (maybe they are a subset of diceware or something else well-known), it doesn't matter how those words are actually spelled. As a simple comparison, imagine my method for making a password was to choose either "aaa," "bbb," or "ccc." Clearly the attacker only needs to check three passwords before he is guaranteed to crack it, and only two before he has probably cracked it. This does not change if instead my method were to choose either "abc," "bcd," or "cde," even though now I have "removed parity." The attacker still needs to check only three possibilities to cover the whole space.

morriswalters
Posts: 6904
Joined: Thu Jun 03, 2010 12:21 am UTC

Re: 0936: "Password Strength"

Postby morriswalters » Thu Aug 24, 2017 1:41 am UTC

Ok, you've attacked my choice of words, now attack my idea. Does it have greater entropy than his? You can say no and I'll take my toys and skulk away. It's that simple.

Numbers don't really do anything for me in passwords. Pick your poison. I'm looking at what it is that I want to do. If he gets in my house he'll find mine written down. What I want is ease of implementation and secure storage with two keys. I want to hide them in plain sight. If he attacks the hash I want him to look at all the possible combinations for each character. Since my set is Randall's set do my changes increase or decrease the entropy? Am I making it harder or easier.

I have a secondary goal which fits me. I want to have my passwords available in meat space and on my network. I can hide them on my computer, I want to hide them on my desk. I keep a book on my desk. I create and index of phrases, from that book, as passwords. I design my index so that it picks the phrase in a quasi random way. Given that index and a mask to isolate the phrase I can read the password with the mask. Since it's a book, I could also hide it on my Kindle. I can do this with Randall's scheme.

User avatar
gmalivuk
GNU Terry Pratchett
Posts: 25789
Joined: Wed Feb 28, 2007 6:02 pm UTC
Location: Here and There
Contact:

Re: 0936: "Password Strength"

Postby gmalivuk » Thu Aug 24, 2017 3:05 am UTC

morriswalters wrote:
Ok, you've attacked my choice of words, now attack my idea. Does it have greater entropy than his? You can say no and I'll take my toys and skulk away. It's that simple.
It seems you've described a few different things, which might be why you've gotten different answers about how much entropy your method has.

If you just remove double letters (or move them in a deterministic way, like sticking them on the end of that same word), then no, yours doesn't have more entropy than his, you just have a different list of words than he does. Which is exactly what I said in this post.

If you tape the string "correcthorsebatterystaple" to itself as a loop and start somewhere else than at the first 'c', so for example might use "rsebatterystaplecorrectho" then you've added a factor of 25. Which is exactly what I said in this post. As I then said, and as others have now said since then, this is indeed more entropy (4.64 whole bits of it), but is more convoluted and weird than simply adding a single random letter to the end of "correcthorsebatterystaple", such as ""correcthorsebatterystapleq" or "correcthorsebatterystaplej", which adds a slightly higher factor of 26 (4.70 bits of entropy).

Numbers don't really do anything for me in passwords. Pick your poison. I'm looking at what it is that I want to do. If he gets in my house he'll find mine written down. What I want is ease of implementation and secure storage with two keys. I want to hide them in plain sight. If he attacks the hash I want him to look at all the possible combinations for each character. Since my set is Randall's set do my changes increase or decrease the entropy? Am I making it harder or easier.

I have a secondary goal which fits me. I want to have my passwords available in meat space and on my network. I can hide them on my computer, I want to hide them on my desk. I keep a book on my desk. I create and index of phrases, from that book, as passwords. I design my index so that it picks the phrase in a quasi random way. Given that index and a mask to isolate the phrase I can read the password with the mask. Since it's a book, I could also hide it on my Kindle. I can do this with Randall's scheme.
The problem with increasingly convoluted methods is that they become increasingly difficult to evaluate. (And impossible when you describe it as vaguely as the above.) Better to have a simple method with a guaranteed minimum level of security than an obfuscated method that might turn out to be incredibly insecure.

If "all the possible combinations for each character" means you put the repeated letters at random places in the string, then there are 24 places to put the first one and 25 to put the second one, so you increase it by a factor of 24*25=600. But if the attacker also has the base "corecthorsebaterystaple", then they only need to check those 600 combinations of where you put the 'r' and the 't', which is literally billions of times easier to do than guessing "correcthorsebatterystaple" from the original list of 2000 words.

If you add this to your looping technique, then you get another factor of 23 (where you start the loop is a factor of 25, but connecting the beginning to the end reduces the previous numbers to 23 and 24 instead of 24 and 25, because now putting a letter at the beginning is the same as putting it at the end, once you tape the loop together). So now it's 23*24*25 times more difficult. That's a reasonable amount of additional entropy, but is tempered by two things:
1) Again, if the original string is lying around in plain sight somewhere, then the attacker only needs to check those 23*24*25 combinations, which is still about a billion times easier than guessing the original string.
2) This multiplies the possible set of passwords by 13,800. One more word from your list followed by a single digit 0-9 multiplies it by 20,000 and, again, is probably far easier to remember.

I don't know what's practically best for you if you need to have a lot of information about your password physically around you in order to remember the whole thing, because I don't know how your memory works. The comic's method isn't for people who need to write down most of their password, it's for people who have trouble memorizing random strings but can easily remember short lists of words. (I've never known how "trebuchet" is mangled unless I check the comic, but I've never had any difficulty remembering that its example of a good password is "correct horse battery staple".)

Edit: I guess it was "troubador" and not "trebuchet", but in confusing those I further prove the point of the comic.
Unless stated otherwise, I do not care whether a statement, by itself, constitutes a persuasive political argument. I care whether it's true.
---
If this post has math that doesn't work for you, use TeX the World for Firefox or Chrome

(he/him/his)

User avatar
Eebster the Great
Posts: 2750
Joined: Mon Nov 10, 2008 12:58 am UTC

Re: 0936: "Password Strength"

Postby Eebster the Great » Thu Aug 24, 2017 5:35 am UTC

In case you are unfamiliar with it, a system that is designed to avoid cracking by using a mysterious method to choose the password is sometimes called "security through obscurity." The idea of such a method is that the attacker is unlikely to pick your obscure method, so the method doesn't have to have a very large space. Historically, this has been extremely popular, but time and again hackers in the modern era have shown how effort, ingenuity, and computation can crack these as quickly as the kind of thing an idiot would have on his luggage.

Modern security is built around the idea that a proper system can guarantee that a password is secure no matter what assumptions you make of your attacker. Your attacker could be a superintelligent android that has studied you its whole life, confiscated everything you ever owned, and whose only goal is to crack your password. But if your password scheme is designed correctly, the android is still doomed to fail. That is the kind of strength you need, and it is also a strength that is easily obtainable in the real world.

The best possible password-checking scheme an attacker has is if it knows exactly how you chose your password. So we just assume your attacker knows this in advance and then design a scheme that even that attacker could not beat. This is where measurements of entropy come from: the entropy of a password is just the logarithm of the number of passwords you could have chosen using your method (assuming all are equally probable). This is why any one-to-one hash of a password conserves entropy, and why a many-to-one hash actually decreases entropy. It may make the password appear more obscure, but to a knowledgeable attacker, it makes it no harder to guess.

morriswalters
Posts: 6904
Joined: Thu Jun 03, 2010 12:21 am UTC

Re: 0936: "Password Strength"

Postby morriswalters » Thu Aug 24, 2017 9:11 am UTC

OK. That hit the nail on the head. And I stand corrected. I get no net gain from removing double letters.

Memory is suspect, it lets me down. I have on the order of 100 passwords. I don't like his technique because it is memorable, I like his technique because it will be easy to generate good passwords, and I wouldn't need a password manager, or be at the mercy of a third party. Now if sites would allow this.

User avatar
New User
Posts: 580
Joined: Wed Apr 14, 2010 4:40 am UTC
Location: USA

Re: 0936: "Password Strength"

Postby New User » Thu Aug 24, 2017 3:02 pm UTC

Soupspoon wrote:You'd be guaranteed that you could never randomly generate a valid password, however. So it's completely proof against Brute Force!

I'm late responding to this one, but thanks for explaining the joke!

User avatar
orthogon
Posts: 2695
Joined: Thu May 17, 2012 7:52 am UTC
Location: The Airy 1830 ellipsoid

Re: 0936: "Password Strength"

Postby orthogon » Thu Aug 24, 2017 5:16 pm UTC

Eebster the Great wrote:... a many-to-one hash actually decreases entropy.

... and moving doubled letters to the end is, at least in principle, a many-to-one process. I was trying to think of some examples where it produces a collision, but in the end I had to revert to regular expressions.

Spoiler:

Code: Select all

me@mymachine:~$ sed -e 's/\(.*\)\(.\)\2\(.*\)/\1\2\3\2/g' /usr/share/dict/british-english |sort | uniq -d
basis
casinos
crepe
deserts
discrete
else
mete
mono
Moro
mouses
musings
Pele
polo
poses
Sara
sere
tense
these
verse
were

Some of the results are a bit dodgy, but some clearly cromulent word-pairs that collide are:
crepe<->creep
deserts<->dessert
discrete<->discreet
else<->eels
mete<->meet
mono<->moon
polo<->pool
poses<->posse
verse<->veers

My regex can only move one doubled letter to the end. I tried to make it do it repeatedly, but it gets stuck in an infinite loop once there's a tripled letter at the end. I tried to get around that using negative lookahead, but gnu sed doesn't seem to support that.
xtifr wrote:... and orthogon merely sounds undecided.


Return to “Individual XKCD Comic Threads”

Who is online

Users browsing this forum: No registered users and 28 guests