Truly random passwords really better than long pass phrase?

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

greif

Member
Oct 30, 2020
9
5
I was listening to Leos Saturday tech guy podcast on Twit, and he was of the opinion that pass phrases were no good because they do not include numbers and have words found in the dictionary.
I think this might be wrong for the following reasons;
1) A pass phrase with no spaces (maybe even with spaces?) is still a bunch of letters. It does not seem to me that a dictionary attack would do much good. I am making a possible bad assumption that the password cracking must be an all or nothing situation (can you crack them one position at a time like in some movies?)
2) Use of numbers is a good thing? with only 10 characters isn't this lower entropy? Same for special characters.
3) NIST has issued new recommendations:

" The most notable form of these is composition rules, which require the user to choose passwords constructed using a mix of character types, such as at least one digit, uppercase letter, and symbol. However, analyses of breached password databases reveal that the benefit of such rules is not nearly as significant as initially thought [Policies], although the impact on usability and memorability is severe. "

"Password length has been found to be a primary factor in characterizing password strength [Strength] [Composition]. Passwords that are too short yield to brute force attacks as well as to dictionary attacks using words and commonly chosen passwords. "
--------------------------------------------------------------------------------
"

SP 800-63B Section 5.1.1.2 paragraph 9 recommends against the use of composition rules (e.g., requiring lower-case, upper-case, digits, and/or special characters) for memorized secrets. These rules provide less benefit than might be expected because users tend to use predictable methods for satisfying these requirements when imposed (e.g., appending a ! to a memorized secret when required to use a special character). The frustration they often face may also cause them to focus on minimally satisfying the requirements rather than devising a memorable but complex secret. Instead, a blacklist of common passwords prevents subscribers from choosing very common values that would be particularly vulnerable, especially to an online attack.

Composition rules also inadvertently encourage people to use the same password across multiple systems since they often result in passwords that are difficult for people to memorize."
--------------------------------------------------------------------------
A-B05:
SP 800-63B Section 5.1.1.2 paragraph 9 states:

“Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.”
 
I'd say passphrases have a limited use case.

The idea that length trumps complexity in a secret only holds true if everyone else has no idea that your secret is a combination of memorable words among the entire entropy spectrum of allowed characters. The strength of a passphrase relies on the fact that you don't make it public knowledge that your password is a simple combination of a few well known words.

Assuming a password accepts the following character space:
  • lower case letters = 26
  • upper case letters = 26
  • digits = 10
  • punctuations & special characters = 33
Each character in a password holds one of 95 possible values. Using a password length of 16 characters, leads to aproximately 4.4e+31 possibilities (44012666865176569775543212890625). As long as an attacker needs to guess every one of those combinations, that should be enough.

As soon as an attacker acquires knowledge that your password is a combination of four short English words adding up to 16 characters, those odds change dramatically. With the English language having just over 170 thousand words in total, there are at most 8.3521e+20 (835210000000000000000) possible combinations. That space will be even shorter when considering only words that can add up 16 characters. Even shorter, if you restrict to very common words, like, book, banana and monkey. That's especially true if you are using words from a famous quote or movie.

Safe to say, using passphrases leads to a significant decrease of entropy, and your security within a larger entropy pool relies entirely on never making it public that you are using a passphrase.
 
  • Like
Reactions: GBark and hyperbole
The reason why you could possibly remember a password of 5 words is that your brain is good at "comprehending" that kind of entropy because it separates how to spell words from remembering the words itself. A dictionary attack works in a similar way. It can quickly test passphrases made of words because it just picks the words from a dictionary and blasts them together. It can also easily slightly mutate the words (replacing a letter with a number, like leet-speak, etc.) It can also easily throw in numbers or punctuation between the individual words.

It's very counter-intuitive, and you should not rely on your intuition for this, but should stick to the math/stats. The average person has a vocabulary of a fixed size. Let's be generous and say it's 100k words (log base2 100k = 16.6). We'll be even more generous and round that up to 17 bits. Now let's say you choose 5 different "random" words to be a password. That is 5*17 = 85 bits of entropy. Now let's take a password composed of any of 64 random characters (note this is smaller than the actual alphanumeric range, which is more like 96 characters.) log base 2 64 = 6 bits per character. Now divide 85 by 6 giving 14.1. That means a password of 15 truly random characters is stronger than your password of 5 words that are in a dictionary.
 
  • Like
Reactions: GBark
I have Lastpass set to generate 32 character random passwords for all sites that will take it. If I have to, I tone down the length. BUT, if I make my master password 32 random characters, I would neither be able to remember it nor type it. Thus, in that scenario, a pass phrase with words in it is quite useful, if not essential.

Ron
 
@rfrazier You have a point, but LastPass data is technically exposed to the Internet because they store encrypted blocks for you. If someone managed to collect all your blocks (via a MiTM say) then they could attempt to crack your LastPass password offline without you knowing it. Accordingly, you want your password to be as strong as you can manage, while of course still being able to actually use LastPass. One trick is to follow @Steve's advice on https://www.grc.com/haystack.htm . Basically, make your password long and strong, but you could add a repeated character (or 10 of them) at the beginning, middle or end to make brute forcing even harder. So instead of https://xkcd.com/936/ CorrectHorseBatteryStaple You could use Correct((((((((HorseBattery))))))))Staple without too much extra difficulty to remember it and make it significantly stronger. (Now don't actually use that precise example, now that I've "published it" it's going to end up in a dictionary.)
 
If someone managed to collect all your blocks (via a MiTM say) then they could attempt to crack your LastPass password offline without you knowing it

That's true. And that's why, as Steve mentioned in his Lastpass episodes, changing the default number of PBKDF2 rounds from the default is a good idea (advanced account settings). Lastpass defaults to 100100 rounds, which is actually not bad. But, if an attacker gains access to your encrypted vault, that's the exact number of rounds his script will use to begin with. Raising that number to a another random value will make things a lot harder for them. They would spend eternity trying to hack your master password before realizing they are are not using the correct number of PBKDF2 rounds.

While quantum computing does not get off the ground, I'd say we are pretty safe with what we got now.
 
  • Like
Reactions: GBark
They would spend eternity trying to hack your master password before realizing they are are not using the correct number of PBKDF2 rounds.
Making it slower to crack, yes. But I'm not sure that the software can operate in a synced fashion without knowing this value, so it's unclear to me if it is actually hidden from any attacker than can get your "raw" data. It's possible that they use a fixed number of rounds of PBKDF2 on your password and then decrypt the config data such as the actual number of rounds... But they would need some means to verify the password was correct, before using some potentially crazy large value, so in the end, this is likely more security theatre than actual security. Still, a larger value is better, but don't rely on the actual value being secret.
 
  • Like
Reactions: JulioHM
#!#!^^^18Obfssfawoffpmmatfp95#!#!^^^

Where #!#!^^^ is standard nonsense phrase (i.e. password padding) used in all your messages to lengthen it, and the 20 characters shown (Obfssfawoffpmmatfp) are the first letters to a memorable passage from America the beautiful (Oh beautiful for spacious skies...). Absolutely not perfect entropy, but something not subject to normal cracking that you can create on the fly and remember.

I used to teach thousands of people how to create their passwords and I found that telling them to base it on the first letter from each word in their favorite song was easy for them to remember and created really tough passwords. If people could not think of a good song - I would tell them to think of the first song they danced to at their wedding (guys often could not remember the song and the girls in the class got a big laugh from that). Caps could be added at the begging of phrases, or where the song had emphasis, etc. or where ever you could remember it should go. I added the standard nonsense phrase which could be used in all your passwords when Steve brought up the idea of password padding - yeah you could find my 15 character pads in my passwords if they got loose, but you would still have to figure out my lengthy set of song letters which are unique in length and character for all my passwords, and remember songs can be in any language too.

Using this approach I was able to generate strong admin passwords that were subject to routine change (although I argued NIST had advised against the need for frequent changes, it is still warranted when there is a chance someone has been able to see and thus compromise your password). LastPass for all the other multiple mundane accounts is great and I always advised my users to use that - but some passwords need to be in your head such as your lastpass master password, or your initial login password before you have a system available to assist you.
 
  • Like
Reactions: GBark
I use LastPass with 32 completely random characters (where sites allow it) and also use a different email address per site (remembered by LastPass). Having a wildcard forwarder in one of my domains helps here - I would randomise the left side of the email address and generate from LastPass to make it truly annoying for a hacker to guess but it would also annoy me :D).

I use passphrases that are helpful for me to build out a random password. Rather than "quickfoxjumpedovertheduck", I would approach it differently. "Tell me what you want, what you really, really want" is something I might use (and now we have Spice Girl lyrics on Steve's forums :D) but I would use "tMwyW,Wyr,rW" as my password. Easy enough to remember over time and makes no sense to a shoulder surfer.

A final category of credentials are my throwaway ones where I might use the same password. It's for low-value logins that I really don't care about, differing emails mean someone getting the login cannot use it anywhere else - and I prioritise convenience over security.
 
I suppose that it's perhaps an interesting academic question. But the days when it was feasible to use any strategy having to do with memorizing passwords seems long gone. I'm sure there must be cases where something offline would prevent the use of a good password manager to replace your memory. But in that case the application is also likely not subject to the abuses that have forced the abandonment of our own memories.

My point is, for me, that ship has sailed. I've given up all control over my passwords and I use TOTP tokens generated by the wonderful “OTP Auth” app whenever they're offered and available.
 
But what about initialed passphrases? To have a longer LP master password, rather than a worded passphrase. wouldn't an initialed passphrase work? For example: Instead of "The brown fox jumped over the log while all good men come to the aid of their Country", using "TbfjotlWagmcttaotC: Maybe even sprinkle in a few leet characters? You can remember the phrase but type the characters.