LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

XKCD

XKCD

Posted Oct 14, 2011 23:28 UTC (Fri) by rgmoore (✭ supporter ✭, #75)
Parent article: Enforcing password strength

I think the XKCD reference is a great one. The truth is that most passwords or passphrases are very weak at using all the available entropy for a string their length. Requiring passwords to have at least one capital and one number will usually result in passwords that use a dictionary word starting with a capital and have 1 tacked onto the end- and that's predictable enough to incorporate into a cracking algorithm. Unless you use a completely random, very difficult to memorize password, the (available characters)**length approach will grossly overestimate password strength.

(Log in to post comments)

XKCD

Posted Oct 15, 2011 12:19 UTC (Sat) by nlucas (subscriber, #33793) [Link]

There is also this method about "password padding" [1], where you basically pad an easy to remember word. As long as the length is big enough, and the padding method is secret, it forces a full brute force attack, where the length of the key is the only factor.

Another interesting bit on that site is a method to encrypt/decrypt sites domain names into strong passwords using only a sheet of paper. [2]

[1] https://www.grc.com/haystack.htm
[2] https://www.grc.com/offthegrid.htm

XKCD

Posted Oct 18, 2011 0:02 UTC (Tue) by rgmoore (✭ supporter ✭, #75) [Link]

I'm a bit skeptical about the password padding idea. Adding one extra random character may increase the search space by a factor of 85, but adding between 1 and 10 characters of padding with a single character only increases it by 850 fold. That's still a substantial increase in strength, but it's not even close to the 85**10 fold increase they seem to imply.

That gets back to the XKCD cartoon's idea about estimating password entropy by looking at how the password is constructed. Estimates based on (character choices)**(password length) will grossly overestimate password strength because they assume you're using a truly random password. In practice, most people use things like dictionary words with predictable permutations, numbers appended, etc. which result in passwords that can be cracked much faster than predicted using dictionary or modified dictionary attacks. To get the full strength of your password length, you need to use truly random and hence very hard to memorize passwords. If people could actually memorize 10 random characters easily, we wouldn't have all these discussions about how to make stronger passwords in the first place.

XKCD

Posted Oct 18, 2011 0:25 UTC (Tue) by dlang (✭ supporter ✭, #313) [Link]

remember that predictable to the attacker is not the same as predictable to the user. something may be very predictable to one particular user, but attackers can't assume that users will do that.

that being said, I see a common mistake in a lot of people making passwords where they are attempting to make good passwords.

if you _always_ replace a with @, o with 0, l with 1, t with 7, etc you aren't really much better off than using the plain text. enough people make these substatutions, and make them _every_ time the potential comes up, that doing so doesn't significantly increase the problem space.

XKCD

Posted Oct 18, 2011 1:42 UTC (Tue) by nlucas (subscriber, #33793) [Link]

Right, but the article doesn't say the padding must be simple things like "......" or "+++++".

You can decide to pad "dog" with "qw34rty", like "dogqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rty", and even if they are repetitions I doubt this will be on any rainbow table.

The magic is just to decide on a padding that in effect is random to the attacker, like "9fe8jn" repeated 20 times, added to simple dictionary words.

The point of the article is that, as long as one doesn't copy padding techniques from a friend, they are more secure passwords than a simple 10 characters random one.

The major problem with this is stupid sites that restrict password length, which by itself shows that the site security is not trustworthy, whatever secure password you choose.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds