Generate Memorizable Passphrases That Even the NSA Can't Guess 267
HughPickens.com writes Micah Lee writes at The Intercept that coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you'll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion. But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You'll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You'll need a total of five dice rolls to come up with each word in your passphrase. Using Diceware, you end up with passphrases that look like "cap liz donna demon self", "bang vivo thread duct knob train", and "brig alert rope welsh foss rang orb". If you want a stronger passphrase you can use more words; if a weaker passphrase is ok for your purpose you can use less words. If you choose two words for your passphrase, there are 60,466,176 different potential passphrases. A five-word passphrase would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second.
After you've generated your passphrase, the next step is to commit it to memory.You should write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn't take more than two or three days before you no longer need the paper, at which point you should destroy it. "Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It's a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training."
After you've generated your passphrase, the next step is to commit it to memory.You should write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn't take more than two or three days before you no longer need the paper, at which point you should destroy it. "Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It's a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training."
Memorizing site-unique passwords isn't possible (Score:5, Insightful)
Yeah, you could make an algorithm to modify your password across sites so that you can memorize it yet it'll be different, but as "bad guys" combine information from multiple leaks, any algorithm you come up with will be vulnerable to reverse engineering. Especially if your online identity is valuable. The real solution is to use password management software like KeePass, LastPass, or 1Password. Lock your password program with your good password from Diceware, and use unique, truly random passwords for all the websites you've registered on.
Re:Memorizing site-unique passwords isn't possible (Score:5, Informative)
I prefer 2FA when possible. Even a very tough password means nothing if by some means, it gets sniffed by some keylogger, or the password database on a cloud provider gets brute-forced.
For storage where one is using a passphrase for encryption, as opposed to authentication, I like using cryptographic tokens. TrueCrypt used to work with a PKCS#11 library so I could store a keyfile on a set of Aladdin/SafeNet eTokens. This not just made the key immune to brute force guessing... someone who physically possesses the token has three guesses of my unlocking passphrase before the token locks itself forever and zeroes out the stored keyfile. This also works with Symantec's PGP version, except that generates a public/private keypair, the private keypair always remaining on the token, while the public part is used for the file/drive encryption.
If 2FA isn't possible, then as above, some mechanism to help with password reuse is very wise. This is useful just in case some website decides to store passwords in plain text, so a person's secure "correct horse battery staple" is now compromised and added to every blackhat's brute forcing library.
Re:Memorizing site-unique passwords isn't possible (Score:5, Funny)
That's amazing! I've got the same combination on my luggage!
Re:Memorizing site-unique passwords isn't possible (Score:4, Funny)
"luggage"
Wow! That's the combination to the staple holding the energy source to my battery-powered equine robot -- the right one, not the wrong one.
Prepare to restore from backup often (Score:5, Insightful)
someone who physically possesses the token has three guesses of my unlocking passphrase before the token locks itself forever and zeroes out the stored keyfile
If fat-fingering your passphrase thrice will make your data permanently inaccessible, then you better have damn good backups and a damn good data plan with which to restore them when and where you need your data.
Re:Prepare to restore from backup often (Score:4, Interesting)
I have a third option: An admin passphrase that is a lot longer than my user passphrase, but had more retry attempts. That way, if the short passphrase gets typoed, I can still unlock the device with the admin one.
You are right about backups... that is why I have three of the USB tokens, just in case.
Re: (Score:3)
I have a even simpler option. Use a pass phrase that you can easily remember. Now before you use that pass phrase, pass it through an encryption program that will encrypt it in the same manner every time. Then use that encrypted content as the actual password. Now that encryption is done locally on the fly and it never passes across the internet nor is it stored any where, except locally. By the addition of one step it becomes very complex whilst still in reality being easy to remember. When you want to acc
Re:Prepare to restore from backup often (Score:4, Insightful)
I'm sorry, but even if the hash seems hard to any human being, the way it was generated doesn't use enough entropy. Using the website fqdn or whatever combination reduces significantly the entropy, coupled with your master password in a predictable way and then generating the hash isn't sufficient at my humble opinion to say this is a secure way to generate a password. In particular, if someone has access to the resulting hash for many different sites. The result must be predictable, hence, the combination of the orignal factors cannot change.
This isn't better than a long passphrase.
Re:Prepare to restore from backup often (Score:4, Insightful)
Re:Memorizing site-unique passwords isn't possible (Score:4, Interesting)
This is pretty much what I do. I personally don't like all the generic words, and instead use variations of a similar pattern. I have several main patterns that I can determine which one to use based on a rule I know that takes the site's name into account. This is my base password.
Then I take the site's name and apply another rule to it. This becomes my salt.
Together they become a very complex password that is unique for each site and yet very easy for me to remember. An example (of course not close to what I use, but you get the idea) for Slashdot would be:
Slashdot.org - TLD is org so we use Gro.dotSlash as the hash + 19 (slashdot begins w/S, the 19th letter) + someone I love's DOB 9-18-80, so the full password is Gro.dotSlash1991880?
Re: (Score:2)
Re: (Score:2)
Re:Memorizing site-unique passwords isn't possible (Score:4, Informative)
I'm sure that most of us would be upset if our accounts on various forums or bulletin board systems were compromised, but it wouldn't be life-altering for the vast majority of us. Social Media that's designed to avoid anonymity like Facebook would be worse but still ultimately doesn't affect one's bottom-line, but things like banks and e-mail services where everyon's stuff ultimately consoldiates are much more important.
I wish that we could trust central ID systems, where we could create an account on a forum site with a unique user ID and then link that user ID to a central authentication database so that our central credentials give us acces via that unique user ID, but I just don't trust the authentication databases. I'm already leery enough of Active Directory that I don't use work passwords anywhere else to begin with, but companies providing such a service don't necessarily know what they're doing, and they're probably too willin to hand over information for what sites people would need authentication to as well.
Re: (Score:3)
I wish that we could trust central ID systems, where we could create an account on a forum site with a unique user ID and then link that user ID to a central authentication database so that our central credentials give us acces via that unique user ID, but I just don't trust the authentication databases. I'm already leery enough of Active Directory that I don't use work passwords anywhere else to begin with, but companies providing such a service don't necessarily know what they're doing, and they're probably too willin to hand over information for what sites people would need authentication to as well.
You mean OAuth?
Re: (Score:3)
People were being paid to disrupt Groklaw and even stalk and shame the founder. It's not paranoia when serious cash is being splashed to deface your website and a fucking insane horror writer (who pretends murdering ghosts are real) is parked across from your house watching your front door.
It's a special case.
Re:Memorizing site-unique passwords isn't possible (Score:5, Insightful)
... password reuse is a larger danger to users than is having a weak password.
The best of both worlds: use a six-to-eight word diceware password for your password manager, and generate a long, random password for everything else.
Re:Memorizing site-unique passwords isn't possible (Score:4, Insightful)
... password reuse is a larger danger to users than is having a weak password.
The best of both worlds: use a six-to-eight word diceware password for your password manager, and generate a long, random password for everything else.
This. I also use a separate diceware password for my primary email. That way if someone does manage to break/steal my password manager database, I still have secure and sole access to my email, which many sites will require for you to re-gain control of your account.
Re: (Score:3, Interesting)
Your personal email is the most important account you have for the reason you set forth: you can use it to reset passwords to all of your other accounts! That's why I use Google Mail along with the FIDO U2F dongle. This makes my email really secure.
Re: (Score:3)
The U2F project is one of the really good things google did. I hope it becomes successful. I hate mobile phone "2 factor" authentification because you give them basically your identity, its hard to work with (entering weird numbers?!), and relies on 3rd parties (telcos, security of the mobile network).
Re: (Score:2)
reminds me of a guy who posted to the bitcoin section of reddit, he stumbled on some 67 bitcoins because he'd miss-typed in one one of those long passphrases with supposedly random words.
Re: (Score:2)
Risk (Score:2)
Re: (Score:3)
The real solution is to use password management software like KeePass, LastPass, or 1Password. Lock your password program with your good password from Diceware, and use unique, truly random passwords for all the websites you've registered on.
At the cost of travelling around with the keys to the kingdom. Imagine you're on vacation and you want to pop into an internet cafe and log into /. because abstinence. Except it has a keylogger/trojan that'll steal your key file and your master password. Now you've compromised your email, online bank, ebay, paypal, steam and all the other passwords that might really matter. Personally I tend to keep three:
1) My mail, because it gets all the password resets.
2) My bank, but it's using two-factor anyway.
3) My
Re: (Score:3, Funny)
Re: (Score:2)
Or better yet, dont use an internet cafe or other public computer to do anything sensitive and just read websites on your phone if you really have to.
How about... (Score:2)
A site dependent key to your phrase?
Base: correcthorsebatterystaple
Site specific(first thrid and fifth chars of the domain (sah for slashdot.org)): sahcorrecthorsebatterystaple
Seems pretty ironclad even if the password gets exposed. I guess someone who really wanted *your* particular password could figure out the method but all of those things coming into alignment seems like the edge of edgiest cases.
The biggest problem I see is that a lot of the sites that really should have the most secure passwords (
Re:How about... (Score:4, Insightful)
1. Take every username (or email) and password combination
2. Through automated means, check if they are valid on other websites
3. Record the ones that worked and abuse/sell those as well.
Re: (Score:2)
Re: (Score:2)
Good points, a single point of access to all of my passwords and the sites they go to makes me uneasy though.
I guess it's kind of moot anyway because people who actually think about password security in the slightest are very unlikely to have problems unless they are high profile and people are actively seeking for ways into their specific accounts.
It would seem like there would be a standard that all websites could adhere to instead of whatever the whim of the security guy is.
Re: (Score:2, Funny)
Now I know where Pink Floyd got early song titles from.
There is a huge flaw to this.... (Score:2)
Example, pretend that you had to pick a password for a new website that only allows all uppercase English characters, with no numbers or symbols allowed (just to keep the math simple). A normal ten character password gives an attacker 26^10 possibilities
Re: (Score:2)
Math issue: 6 words from a list of 1000 is 1000^6 possibilities, not 1000^4, so you're looking at a million seconds rather than 1, or 11 and a half days. Not a whole lot better, but one more word makes it a billion seconds, or 31+ years. (I think you got the 4 from the number of letters per word, which as you point out is not really a relevant factor.)
Re: (Score:3)
Re: (Score:3)
Yeah, the suggested method for generating passwords generates needlessly long passwords. The total entropy is good, but the entropy per character is pretty poor. You get much better entropy per character with abbreviation passwords, where you have a sentence or group of random words and you use the first letter from each, or second, or last, or alternating, or whatever suits you. It's still not as much entropy per character as a random pattern, but it's much better than writing out full words - and pops int
Re:Memorizing site-unique passwords isn't possible (Score:4, Interesting)
Use a password manager and you:
- Cannot access your accounts without the password manager. Like when you've had everything stolen at an airport and need to transfer some money.
- Lose access to all your passwords in one fell swoop when you lose your password manager, or move to a system where that (by then) old piece of software won't run.
- Lose all your passwords in one fell swoop to any blackhat who manages to brute force or key log your password manager.
Password managers defeat much of the security of having passwords.
Yes, but.... (Score:5, Insightful)
Re: (Score:2)
...or even worse, sites that require you to use a specific combination of alphanumeric, numbers, special characters, the blood of a newborn kitten, etc.
Re: (Score:2)
Obviously the lovely scheme that is suggested here isn't going to work with that. On the other hand, when you are using an iPad, a 30 character all lowercase password is quicker and easier to type and more likely to get right than 8 uppercase/lowercase/digits/special characters. Now imagine if they allow space characters in the password and turn the spelling checker on as well.
Re: (Score:2)
Or the other sites that simply truncate your input without telling you, so when you put in 40 characters it only takes 16?
8 character limits were common up until a few years ago. Today I still see 16 (and 15 because of broken front ends) effective limits. 32 seems to be the most common.
Re: (Score:2)
8 character limits were common up until a few years ago. Today I still see 16 (and 15 because of broken front ends) effective limits. 32 seems to be the most common.
I still see them far too often. My normal password patterns are different than the ones presented but still several words long. Many places requiring accounts still greet me with "Password must be between 6-8 characters, and must contain at least one uppercase letter, lowercase letter, number, and symbol."
I also too-frequently get "Passwords must not contain a space". It prevents me from entering my password of "correct horse battery staple", which is really annoying.
Re:Yes, but.... (Score:4, Interesting)
Let's be a bit more specific about that.
If they're restricting the length to something like 8 or 12 or 16 instead of 128 or 256 then they are PROBABLY not hashing the passwords.
Which means that your password is PROBABLY being stored in plain text (or possibly encrypted). NEITHER of which are acceptable methods today.
Re: (Score:2)
What about the sites that restrict the length of the password? The only thing I have to say to them is, "You're doing it wrong".
There is something deeper behind this. There is no technical reason why password length should be restricted as the resulting hashes are the same length effectively. Every time I see a max password length I can't help but wonder if the reason is limited space in a database column and that some braindead idiot is storing the passwords in plaintext.
Every time I come up with a password that has a maximum entry I ensure I use a strictly unique password.
Character limit because time limit (Score:2)
There is no technical reason why password length should be restricted
Other than that a user has to finish accurately typing the passphrase on a mobile device's on-screen keyboard before the CSRF key for the login form times out.
Still not allowed by many places. (Score:5, Informative)
Many websites, especially those designed to be more secure (banking, education, employment) still require passwords in a certain form (usually requiring some combination of caps, numbers, and special characters) and don't allow passwords like these.
Re: (Score:2)
I wonder if the ideal password manager would be one that would use a typed in password as a seed/IV (hash a seed and the sitename), with exceptions stored for sites which don't allow passwords generated with that tool to work. Some sites require a number, a capital letter, lower case letter, a symbol (well, not all symbols work), or some other random, annoying combination of the above.
Of course, the ideal password manager would store the password database with a master volume key, then each device accessin
Re: (Score:3)
First you claim that they use malware to send my plaintext passwords to themselves. Then you claim they have been caught red-handed doing the first claim...by compromising networking equipment which never sees my plaintext passwords.
I understand your point, but your claims are rather incongruous.
Wait a sec (Score:2)
Re: (Score:3, Informative)
Re:Wait a sec (Score:5, Funny)
ROT13 is pretty safe, especially if it's used twice.
Re: (Score:2)
Re: (Score:2)
Re: Wait a sec (Score:2)
Re: (Score:2)
Probably. The concept of a useful one-way function is absurd on the face of it.
Sure, f(x) = 0x is one-way - given 0 as an output you'll never guess the input. But it's not useful because all we need to do is guess any input that leads to the desired output.
Re: (Score:2)
yep. Which is why hashes are long and getting longer - more inputs to try in order to find the output needed.
Advice for Dice (Score:2)
Hey Dice, go teach your grandmother to suck eggs.
xkcd... (Score:2, Insightful)
How's that any different from http://xkcd.com/936/?
Re: (Score:3)
Well, the obvious difference is you can't use "correct horse battery staple", because the NSA knows about that one. Their CIA colleagues probably managed to extract it using the $5 wrench decryption algorithm. [xkcd.com]
Re: (Score:2)
How's that any different from http://xkcd.com/936/ [xkcd.com]?
And if you want to make it exceptionally strong, you combine those techniques. "correct horse battery staple" is strong, "correcT horXe batt6ery st&ple" is heat death of universe-strong and actually not much harder to learn.
Re: (Score:3)
It's difficult to quantify "hard to remember-ness" but I strongly suspect that if you could normalize for difficulty remembering a password, adding more words is more efficient that mutating existing ones for a looooong time.
It's not that hard to memorize Shakespeare's "To be or not to be" soliloquy character-for-character even though it uses terms and turns of phrase that are no longer current or even grammatical. I had to do that in grade 11, I thought it was dumb, but I remember it to this day, complete
Re:xkcd... (Score:4, Interesting)
Wait? (Score:3)
CorrectHorseBatteryStaple
Re: (Score:2)
Great! Now I have to change the password on my luggage!
Re: (Score:3)
I thought we were just supposed to use
CorrectHorseBatteryStaple
Nah, hunter 2 [bash.org] works much better.
only a requirement to have a password (Score:2)
6 sided dice? (Score:5, Informative)
change your username (Score:5, Interesting)
I forget where I first read it, but this sounds like a good workaround. Pick a nice secure-as-you-want password. But each website gets a different username. It sounds like most attacks are of the kind "joe_bob uses P4$$word on amazon, let's see if joe_bob uses P4$$word on this banking site too." They don't seem to be looking to see if joe_bob_amazon is the same account as joe_bob_wellsfargo. Or you could be joe_a_bob and joe_wf_bob.
Even better is if you have some control over your email accounts. They are probably smart enough to see joe.bob@gmail is j.o.e.bob@gmail(although that does let you filter incoming mail a little easier). But if you have control over the domain you have a catch all address and be me_amazon@myplace.com and me_wellsfargo@myplace.com.
Re: (Score:2)
Seconded on the different email addresses. And you don't have to own your own domain for that. Just make some random'ish gmail account and use that ONCE for more secure requirements (like your bank).
The trick is to prepare them in advance. And write them down in a PHYSICALLY secure location.
If you're using the same email account for your bank as you use on Facebook then your security could be improved.
or watch out for snakes... (Score:2)
well.. there's also watchout4snakes [watchout4snakes.com]. I think it succeeds at being memorable more often with some tuning choosing the parts of speech and the commonness of each
D6? (Score:2)
Sorry, I'll only use my lucky D20.
Re: (Score:2)
With D20s you'd only need three rolls per word (20^3 = 8000).
Ultimate Security Risk: Carry PW in your pocket! (Score:2)
"You should write your new passphrase down on a piece of paper and carry it with you "
Boy, that is NOT a security risk, is it? Of course, you always hide your hands under a towel when you enter the PW, right?
That keeps your screen's 'selfie' camera from allowing reading the key clicks off of the reflection on your cornea. Good, right?
Pick the start of the sentence or book title you have on your shelf all the time to serve as a reminder and PW source or a short sentence on a card in your wallet.
Will stick with my PassPhrase Generator (Score:2)
cap liz donna demon self ---> ÍÅÏÜvÉ?#{c?>î/Û'7£Ûó¾n>Vî
Of course, here on slashdot that string will get reamed (6 characters removed), as not only does slashdot not do Unicode or UTF-8, it can't even handle upper-ansi characters properly either.
"7,776 English words" (Score:2)
Yeah, lots of English there.
Epic Failure (Score:2)
You should write your new passphrase down on a piece of paper and carry it with you for as long as you need.
Whole point of this news article = pointless.
Assuming fair dice (Score:4, Funny)
This procedure assumes fair, unbiased dice. For years, the NSA has required precise machining of dice to generate predictable rolls. Once someone cracks the code, Casinos will lose billions.
What, other than precision machining, would explain why plastic dice with a materials cost of pennies cost over $2/each [amazon.com]?
mnemonics (Score:2)
All you have to do is remember a SYSTEM. One system for turning some known information into a password.
Lets say you want a password of Slashdot and you username is someuselessshithead15 .
A simple password could sD!sUSH15
The system I just made up is the first letter of word in the name of the site. Nouns are all capitalized. An exclamation point to seperate the name of the site from the screen name. And the screen name is written the same way as the name of the site with only the first letter of every word i
Roll 1 2 3 4 5 (Score:2)
Word was 'apathy"
An odd, antiquated approach (Score:2)
As someone who dabbles in genealogy, one approach I've used for creating hard-to-crack yet easy-to-remember passphrases is to base them on one or more of my ancestors who have unusual, antiquated names. (Any genealogist will memorize those without even trying.) Of course, to make these passphrases harder to crack, you can throw in numbers such as their birth year, capitalize certain letters from a small memorized list, add your favorite symbol, etc.
I don't have any way to prove that this really works, but
Obligatory XKCD (Score:3)
https://xkcd.com/538/ [xkcd.com]
If they can't afford enough computer to crack your passphrase, they can still afford a $5 wrench
Re: (Score:2)
https://xkcd.com/538/ [xkcd.com]
If they can't afford enough computer to crack your passphrase, they can still afford a $5 wrench
If they can't afford someone to reply to the correct article [slashdot.org], they can still afford a $5 wench.
Single password with variations (Score:2)
Rather than that one, long, randomly generated password that then gets used on every site (or few passwords over many sites), I use a standard password, and modify it for each site. For instance, my slashdot pass might be horsebattery!SLASHDOT!staple, while my bank might be horsebattery!CHASE!staple. Easy to remember, and stealing the password from one site won't help on another.
(Yes, a person looking at the data might be able to figure it out, but I figure that unless I'm personally being targeted that w
GREAT IDEA! (Score:2)
Thanks for compiling a character sequence list and explaining the algorithm...
What the NSA can't guess... (Score:2)
One thing I don't get (Score:2)
Ok, if I'm writing a webapp that accepts a password, presumeably if I wanted to increase security somewhat I would put in a guessing rate limiter.
5 strikes and you're out (for a while).
So assuming (a reasonable assumption still in most cases, I hope) that the adversary does not have the file of password hashes, how exactly do they try the trillion guesses per second?
Explain please. I'm sure I'm missing something obvious.
Re: (Score:2)
Lacking access to the password data base AND assuming a rate-limiter, the attacker can't realistically try a brute-force.
However, most of the time the password list is exposed in some way and attacked offline to get the original passwords.
Re: (Score:2)
Fucking Useless (Score:2)
"7,776 English words"
So, less than 1/40th of the English Language.
What a short surface for a dictionary attack.
Slashdot needs to get some real people with REAL technical capability on-board. Timothy obviously can't figure out that HughPickens.com is a complete fucking idiot that can't determine whether or not the stories are worth a fuck for reporting (plus, the fag is shilling in his username alone.)
Re: (Score:2)
7776^7 possibilities (in a seven word phrase) is a "small surface"? That's 15 million years to brute force, on average; what duration are you looking for?
Back To The Drug Store For More Post-It Notes (Score:2)
Using Diceware, you end up with passphrases that look like "cap liz donna demon self", "bang vivo thread duct knob train", and "brig alert rope welsh foss rang orb".
This is easy to remember?
Oh, and by the way, did anyone try this out using the touch keyboard of a smartphone or tablet?
Nobody got time for that (Score:2)
You are not going to type a sentence every time your screen locks after 10 minutes of inactivity. The solution is really 2 factor authentication with a decent conventional 8 character password. Maybe even 3 factor - something you are (fingerprint), something you have (bluetooth-enabled phone in the pocket) and something you know (simple pin).
Huh... (Score:2)
35356
43231
12551
65212
46355
Now I gotta look up the words, right?
Wrong mode of security, useless idea (Score:2)
The whole point in using passwords and passphrases is that the point of entry (the screen or page where you enter it) can't be reproduced millions of times per second. If a human can only press "enter" once per second, it will take a long time for a hacker (NSA or otherwise) to brute force through. If the attacker can get his hands on the password stored in the system (encrypted or not) the game is already lost.
Besides: anyone can think up a poem or a mnemonic for a password using random letters and/or numb
Re: (Score:2)
Re: (Score:2)
Yes, use 100% dictionary words. That's a great idea. The idea of a passphrase is to make it so many letters, brute forcing won't work. But dictionary attacks don't have to be individual words. They can easily be combinations of all known dictionary words without having a ridiculous result set to try compared to random letters. So what you need to do is come up with multiple words that you can remember then put a number or two between them. DO NOT replace e with 3 or a with @ or S with $, as those are known and common attack possibilities too. So if you choose "chickenisdelicious7nomnomnom" nobody will ever, ever, ever figure that out. If you choose "chickensandwichwaffles" it could get reverse via dictionary phrase attack in under a second.
It's only stupidly weak if you don't follow the stupidly simple instructions involving using a die roll to choose random words. Using the 7700 word dictionary they recommend and 5 words gives 64 bits of password entropy. Granted, that's much less than the 144 bits of entropy you provided in your 28 character alphanumeric password, but still no one is going to brute force 2^63 bits in a few seconds.
Re: (Score:3)
Your first word is 7 digits your second is 3, so clearly one is stronger than the other. "nom" is not in the diceware set, which helps a little, but it isn't so uncommon to be in a search dictionary. The numbers are in the diceware set.
You're comparing 7700^3 against 7700^7. Your more secure password isn't any better than chickensandwichwafflesworkcraigcrossafrica, probably a lot less good because chicken, delicious and nom clearly correlate heavily and nomnomnom is almost one word really. 7700^7 is 1604852
Re: (Score:2)
1 letter vs 1 word is not practically the same thing. There are 26 letters 10000 words in the average dictionary for this purpose.
a 6 word passphrase chosen randomly from a 10k word dictionary; is essentially choosing 6 letters at random from a 10,000 letter alphabet.
6 random dictionary words, spelled correctly, single space between them, is as secure as selecting 16 letters randomly. (10^24 possibilities) about 80 bits that's pretty reasonable.
And much easier to remember.
And its actually several orders of
Re: (Score:3)
No.
There are 10 digits, there are (in this list) 7.7k dictionary words.
If you tell a hacker "my password is 5 digits" - they have 10^5 keys to test, or 100000.
If you tell them "my password is 5 words" they have 7700^5 keys to test, or 2.7 * 10^19 - which is more than twice as hard to crack as an 19-digit password, which again is 10 trillion times as hard as your 5 digit password.
It's just math, people. You don't have to rely on hand-rules like "dictionary words are bad."
Re: (Score:2)
No, a single character (on a primarily Latin-based writing system, anyway) can represent between 2^6 and 2^7 possibilities, which is not coincidentally the size of the ASCII set.
The 7776 words in this dictionary comes to not quite 2^13.
So a random dictionary word should be treated as about 2 *random* characters. Of course memorable passwords are not typically composed of random characters, so it's better than 2 actual characters.
"1 2 3 4 5" is itself a likely example of a dictionary phrase, so you defeated
Re: (Score:2)
only 3 incorrect attempts locks the account and requires a call to the outsourced IT in India
I think we can safely say that such a system will completely eliminate brute force password-guessing attacks. What's Hindi for "social engineering"?
Meanwhile, any suggestions for what to say to an IT department who, every time a phishing message comes round saying:
"Your account may have been compromised, please go to <a href="http://blackhats.phish.ru">www.youremployer.com</a> to confirm your security details."
...respond by sending round a message saying
"if you think you may be affected, plea
Re: (Score:2)
Go for it. that's 1.7 * 10^27 possibilities for the 7 word set. At 1 trillion (aka 10^12) tries per second it'll only take a quadrillion seconds, or 30 million years.