Author

Topic: The ABC of password security (Read 2590 times)

full member
Activity: 168
Merit: 103
June 19, 2011, 02:27:26 PM
#16


The site says:

Quote
IMPORTANT!!!    What this calculator is NOT . . .

It is NOT a “Password Strength Meter.”
full member
Activity: 168
Merit: 103
June 19, 2011, 02:23:11 PM
#15
I wrote a little program that creates totally random passwords, with same probability for every printable ASCII char: From "SPACE" to "~".

Nice and simple, yet most distros should have a package for pwgen, which has extra options (easier to memorize, charset, etc.).

Yes, there are lots of tools. The user account configuration in Ubuntu (or maybe it came with Gnome 3 which I installed) also makes password proposals and measures how strong your password is.

I wrote it myself because I really wanted to have a guaranteed equal probability for each character, and no character should be independent on another.
ius
newbie
Activity: 56
Merit: 0
June 19, 2011, 12:42:16 PM
#14
I wrote a little program that creates totally random passwords, with same probability for every printable ASCII char: From "SPACE" to "~".

Nice and simple, yet most distros should have a package for pwgen, which has extra options (easier to memorize, charset, etc.).
foo
sr. member
Activity: 409
Merit: 250
full member
Activity: 168
Merit: 103
June 19, 2011, 11:10:38 AM
#12
You have to read a lot and have a good memory, my favourite password system is to take either the first or last letter from a memorable sentence in something you have read, will never forget and has a tedious link to the site/file you're logging into.

For example, you could associate a gambling account with a couple of lines from If by Rudyard Kipling:

If you can make one heap of all your winnings
And risk it on one turn of pitch-and-toss


Could make the password "IycmohoaywAriootopat", which you're unlikely to forget. If you read a lot you'll have an endless supply of fresh, very memorable and extremely long passwords!

Now, knowing this, can you crack an old password of mine from the book Fight Club?

Clues: It's 14 chars long, it's based on the first letter of each word in two sentences and includes punctuation.

Here's the md5 sum:

7de46151e06abe0ad53c4513d22e9a43

I know about that trick, but I don't trust it. I use it for some passwords, but not important stuff like my wallet.
sr. member
Activity: 321
Merit: 250
Firstbits: 1gyzhw
June 19, 2011, 11:01:47 AM
#11
You have to read a lot and have a good memory, my favourite password system is to take either the first or last letter from a memorable sentence in something you have read, will never forget and has a tedious link to the site/file you're logging into.

For example, you could associate a gambling account with a couple of lines from If by Rudyard Kipling:

If you can make one heap of all your winnings
And risk it on one turn of pitch-and-toss


Could make the password "IycmohoaywAriootopat", which you're unlikely to forget. If you read a lot you'll have an endless supply of fresh, very memorable and extremely long passwords!

Now, knowing this, can you crack an old password of mine from the book Fight Club?

Clues: It's 14 chars long, it's based on the first letter of each word in two sentences and includes punctuation.

Here's the md5 sum:

7de46151e06abe0ad53c4513d22e9a43
full member
Activity: 168
Merit: 103
June 19, 2011, 10:37:46 AM
#10
I wrote a little program that creates totally random passwords, with same probability for every printable ASCII char: From "SPACE" to "~".

The program is kept simple, so that you don't have to trust anybody and can easily see what it's doing.

Code:
#include 

int main(int argc, char **argv) {
// check for parameters
int count;
if (argc > 1)
count = atoi(argv[1]);
else
count = 8;

// open random number source
// "/dev/random" is the secure random number source on Linux
// "/dev/urandom" is not secure!
FILE *source = fopen("/dev/random", "r");
if (!source)
return -1;

printf("Your password is:\n");
int i;
for (i = 0; i < count; i++)
putchar('_');
putchar('\n');

i = 0;
do {
// request 8 bits of randomness
int c = fgetc(source);
if (c == EOF)
return -2;
// delete most significant bit because of ASCII
c &= 0x7f;
// if printable: print it
if (' ' <= c && c <= '~') {
putchar(c);
fflush(stdout);
i++;
}
} while (i < count);

putchar('\n');
fclose(source);
return 0;
}

Usage:

- Put it in a file called genpasswd.c
- Execute "gcc -o genpasswd passwd.c"
- Execute "./genpasswd 12" for a 12-character password (default is Cool


Looks like this:
Code:
~$ gcc genpasswd.c -o genpasswd
~$ ./genpasswd
Your password is:
________
9k'|Kfk@

The underscore indicates how long the password is (so that you don't miss characters).
full member
Activity: 168
Merit: 103
June 19, 2011, 07:31:28 AM
#9
To test the strength of your passwords you should always check them at http://www.passwordmeter.com/.

imho, that page is a joke.

example:
qwertasdfgyxcvbn = 18%

now replace every third character with a "1":

qw1rt1sd1gy1cv1n = 92%

yeah, right...

That comes from the classification of characters, of course that's not exactly accurate. But there is no better way, the randomness of a string depends on the set of possible strings you assert it comes from.

If you assert that it is letters only, you have way less passwords to try, then if you assert that it is letters plus numbers.

The site seems to check only for that, which I mentioned in the OP depends on the assertion that all characters are independently chosen with equally distributed probability.
sr. member
Activity: 504
Merit: 250
June 19, 2011, 07:12:24 AM
#8
A good password stretching technique can go a long way to secure a short password. Reverting a 50 bit password hashed with SHA1 is trivial. Reverting the same password encrypted with 65.000 iterations of SHA1 (PKBDF2) for a total of 66 bits is much harder, feasible with GPU crackers. Reverting a 50 bit password stretched with a memory hard algorithm such as scrypt is probably not worthwhile for most any bitcoin wallet.

This is not a directly useful to the end-users, but I would hope the authors of wallet encryption will take notice.
hero member
Activity: 991
Merit: 1011
June 19, 2011, 07:01:36 AM
#7
To test the strength of your passwords you should always check them at http://www.passwordmeter.com/.

imho, that page is a joke.

example:
qwertasdfgyxcvbn = 18%

now replace every third character with a "1":

qw1rt1sd1gy1cv1n = 92%

yeah, right...
legendary
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
June 19, 2011, 07:00:23 AM
#6
Write you own poem, and keep reciting the poem at least once a week.

Then create your own rule for converting the poem into a password. eg. take 3rd and 5th letter from each word and capitalize if word is a verb... or something more complex. Just make sure you keep the rule to yourself.

40 character password that is both secure and hard to forget. Sorted!

Needless to say, don't ever use that password online.
full member
Activity: 168
Merit: 103
June 19, 2011, 06:37:36 AM
#5
This Yubico thing looks interesting, but for that price you may better get a smartcard that does public key crypto.

Really? Have a link? Thought a reader + cards would be alot more expensive (I paid € 18,- for my YubiKey).

By the way, instead of programming a static key you could also use the HMAC-SHA1 feature to derive a key blob from a given challenge (afraid it does require whipping up some code). Makes it a little harder to grab the key though..

That HMAC-SHA1 looks good. I don't want the PC to know my secret, but I want him to know that I know it. Smiley
ius
newbie
Activity: 56
Merit: 0
June 19, 2011, 06:30:53 AM
#4
This Yubico thing looks interesting, but for that price you may better get a smartcard that does public key crypto.

Really? Have a link? Thought a reader + cards would be alot more expensive (I paid € 18,- for my YubiKey).

By the way, instead of programming a static key you could also use the HMAC-SHA1 feature to derive a key blob from a given challenge (afraid it does require whipping up some code). Makes it a little harder to grab the key though..
full member
Activity: 168
Merit: 103
June 19, 2011, 05:25:39 AM
#3
This Yubico thing looks interesting, but for that price you may better get a smartcard that does public key crypto.
newbie
Activity: 35
Merit: 0
June 19, 2011, 05:07:01 AM
#2
There are actually a few good articles on that topic at PCWorld:
http://www.pcworld.com/businesscenter/article/170662/the_art_of_creating_strong_passwords.html
http://www.pcworld.com/article/154521/why_you_need_a_password_manager.html
and many more.

I personally use KeePass with a strong but memorable password to manage most of my "online" passwords as you call them.
For "offline" passwords I use a simpler Passphrase in combination with a YubiKey (http://www.yubico.com/yubikey), e.g. to encrypt my laptop's HDD or my encrypted file-containers. The YubiKey provides (among other options) a 16-64 character static password. Of course, having to rely on a physical device like a YubiKey brings also some riscs. If you lose the key you're pretty much screwed, that's why I recommend either ordering a second YubiKey and program it with the same static password or writing the password down and storing it in a safe or a lockbox at a bank of your trust. But the most important thing is to never use the YubiKey's static password alone, you should always use it in combination with a leading passphrase so if anybody should actually steal your YubiKey they don't get access to anything you used it for.

To test the strength of your passwords you should always check them at http://www.passwordmeter.com/.
full member
Activity: 168
Merit: 103
June 19, 2011, 04:02:54 AM
#1
In this thread I want to discuss some pieces of wisdom about password security. This will not be complete, just the basics that I remember at the moment.

First we have to distinguish between online and offline passwords:

Online passwords are passwords that you use to log in. This does not have to be as secure because the site sets the rules how often you can try. For example, a site could refuse your login for a while after 5 wrongly entered passwords.
This means that an attacker cannot try out as many passwords as he wishes in a time as short as he wishes.

Offline passwords are passwords that you use for example to encrypt a file. This password has to be way stronger, because an attacker with the file cannot be forced to do less than a certain number of tries per second.
For example if the attacker can take your encrypted file and put it on as many computer as he wishes to try out as many passwords per second as he wishes. The only way against that is to have a password so strong that an attacker could not get enough computing power to break it.

Note that an online password of a website can become an offline password, e.g. when the website is hacked and the password hashes that the operator stored are leaked.
We will talk about offline passwords now because that is the most important issue for bitcoin users.


Randomness of characters: Depending on which set of characters you use, your password gets more randomness. For example if you use lower latin letters only, you have 26 characters. If you chose a password of length 8, you have 26^8 different possible passwords. To represent 26^8 possible passwords by a binary code, you need log_2(26^8) =  8 * log_2(26) = 8 * 4.7 = 38 bits. That's not much at all.

Code:
character set	number	bits per character
[a-z] 26 4.7
[a-z0-9] 36 5.2
[a-zA-Z0-9] 62 6.0
all ascii 94 6.6

You can see that the size of the character set matters a lot. But what matters even more is the length of the password. The number of possible passwords depends exponentially on the password length. For example for a whole-ascii password each additional character multiplies the number of possibilities by 94. This results in a growth of randomness by 6.6 bits for each character added.


Independence of characters: In the discussion above I assumed all the time that every character has the same probability. That is of course not always true. Attackers know that, and use it. That's why you should not use a dictionary word - in dictionary words the different characters are not independend.
For example, in English words you know that after a "Q" almost always follows a "U". Because of this, the string "QU" has a much higher probability than the strings "QS", "QG" or "QL".


Conclusion: The way to a secure password is to choose from a large set of characters, and choose the characters randomly with the same probability of each characters. The longer the password, the better. If you use AES256 for example, up to 39 characters each additional character adds real randomness to the whole thing. After that, you don't get more for AES, but there exist other encryption algorithms with even longer key lengths (e.g. blowfish up to 448 bits = 68 chars of password).

What I did: When I started bitcoin, I choose a new 12-character whole-ascii password (79.2 bits of randomness). It was a pain to remember in the first hours, but after typing it a few times I got used to it. I use this password now for my encrypted seperate bitcoin user account (on Ubuntu) and for wallet backups.




If you considered that helpful, you might give me a tip: 1HuteXifXc3x8Nq9x8hHGUnFGDU7KFggXD
Jump to: