GRC Password Haystack

http://www.grc.com/haystack.htm

Steve Gibson has devised a way to have a "completely secure" but memorable password. The concept is you only need enough entropy to force a brute attack to use all types of characters to search for your password, then pad the rest of the password out with a a pattern to the max length you are allowed.

In his example on the site:

I mean, from a remembering thing I can see how valuable this would be. Any password you choose, if a malicious or incompetent website stores passwords in plain text, they can get your password no matter what and then try it on other sites no matter how secure or how much entropy you use.

Here is the link to the podcast on this topic, the topic actually starts in the last 30 mins of the audio http://www.twit.tv/sn303

Any thoughts on this?

 

Writing as a home user and sole user of my computer: I've always felt that the chances of being in a scenario where a hacker brute forces an attack to get my password, were slim to none.

More problematical would be a phishing scenario, similar to the Gmail attack cited in the thread posted by Triple Helix:

regards,

-rich

 

That is very valid and can happen with any kind of password.. That is more an awareness and carefulness type of thing. What this new password system Steve made is about, is having a very long password while being able to remember it easily.

Most simply you decide on your main part of your password that contains upper case, lower case, numbers and preferably also symbols. For example F8b$o then you decide on your padding, which could be anything be it straight repeated characters or slight alternations etc. You can then end up with passwords like this:
F8b$offfffffffffff
xXxXxXxXxXxF8b$o
/\/\/F8b$o\/\/\/
F8b$ohahahahahah

what ever it is you make, the point is that you only need to remember your starting thing and then what you use to pad the rest out.

you can be simple like that, or get more fruity with it by adding more entropy based on the site name so that the password is a little different for each site.
For example F8b$QqA////////////
F8b$ being the main password part, QqA representing the first 3 letters of the domain name, the first letter of the row that each letter falls on, case alternated. Just as a very very very basic example.

 

Makes sense. Having high entropy is important from a theoretical point of view.

However if you look at from some cracking passwords, as long as you have lower and uppercase characters, numbers and symbols and don’t use dictionary words, they will be forced to brute force. At that point, entropy won’t matter as much.

I’ve changed the passwords of my frequently used sites / logins already. Makes it easier when I’m out and about and installing LastPass will be a pain.

Having a good password policy is important. Possible for crackers to get hashed (or not if you are Sony ) passwords especially if they can hit a large site with lots of users.

Phishing attacks can be mitigated by good awareness and multi-factor authentication (as long as there isn’t a man in the middle attack attached to the phishing attempt).

 

I got myself into numerous p.ss.ng matches with password geeks over the years and found my own little interesting way to come up with very secure passwords with good entropy that can even withstand dictionary attacks quite well on remote connections owing to transit time and the usual timeouts. I've found that an easy to remember and secure password is as simple as:

this site sucks

The three words and spaces have never been successfully broken by anyone who's tried.

(and no, nothing on Wilders, that was just a random choice)

 

That example is very low entropy, sure the length is decent, however a very fast cracking machine could crack it. Crackers would end up doing a multiple word attack where they try all words.. then all words then a space and words again. etc.

Padding passwords is a way to increase the security while making your password easy to remember.

One problem is ebay and paypal (maybe a few others) have password strength meters which try and prevent you padding passwords currently. We need high profile people to address this with the companies so that they can alter their strength meter to incorporate character "type" content with length, so that people can pad passwords and still have them accepted.

 

There is actually a full episode on Security Now 297 about this. Not so secure if you do it on a word by word basis.

 

Entropy doesn't really matter that much. It pretty much comes down to key space. What most crackers will do is grab the password hash and run it up against some rainbow tables. You will see tables up to 12-13 characters (typically just lower case)... Some of the ones with full upper + lower case with symbols and numbers can reach 9-10 characters (they are usually very low probability, but its enough to get a few hits from a very large database)... so you need key space more than anything.

As far as dictionary attacks go, I have never seen a dictionary based rainbow table, but I'm sure it can be made. The problem though, is that the keyspace is huge for a full dictionary. There are 170,000+ words (commonly used).

170,000 * 170,000 * 170,000 = (4,913,000,000,000,000)

Thats about the keyspace of an 8 character password consisting of random letters (up+low), numbers and symbols ( 6,095,689,385,410,820 combos). Add a fourth word, and you have the equivalent of a 10-11 character password with the same set of characters...

Again, this is using dictionary words instead of characters for key space... and we are assuming the words are all lower case - if they are not, the key space balloons even more.

Instead of padding, you would want to try a simple sentence. Something like this is ideal:

My dogs name is Mr. Snuffles.
or
Jennifer Love Hewitt is hot.

These passwords not only have a huge keyspace, but they are also immune to dictionary attacks due to punctuation and use of names that may not be in the dictionary. The raw keyspace (using characters as a basis) is MASSIVE... and it is very easy to remember as long as you use proper punctuation (otherwise you might have a hard time remembering what you capitalized, and whether you put a period or not).

 

Yep ... that's where I was going with my short example. For my own use, I use passwords that keep going until the form starts beeping.

I started encouraging this back in the 90's for my government agency's employees where we permitted 128 characters of login space on a Novell network. Allowing people to write a short tome to login sure beat all hell out of little yellow post-it notes on the underside of their keyboards and prevented those annoying calls to the help desk all morning long on Mondays for password resets.

And we did encourage the use of actual sentences with punctuation.

 

Yeah, I find that unless passwords are dead simple, people won't remember them. I always remove complexity requirements because they are really a user's worst nightmare.

Even your short example holds an impressive keyspace, and it would suffice for almost all uses. The adjustments I made just make it pretty much uncrackable... but even a simple pass phrase is much more powerful than your standard 7-8 character password

 

I listened to that episode today. It was interesting.

 

A couple of things here. First, a key space of 170,000 words is EXTREMELY generous. The 20 volume edition of the Oxford English Dictionary contains 171,476 currently in use. That's far more than people practically know. If you do a vocab test, you will find that you will probably know from 10,000 to 20,000 word families.* If we are generous and say the word space is 20,000, 3 words give you a 8 x 10 ^ 12 words. A 7 character random password (upper lower numbers symbols) gives you 7 x 10 ^ 13 which is approx. 10 times more than your 3 word pass sentence.

Second thing here is that English syntax rules significantly reduce word space because the whole pass sentences thing assumes people used generic sentences.

Padding is a moot point because you can do it both with just random letters (e.g. # between every random letter / number) or pass sentences.

Seems to me that pass sentences are good if someone is brute forcing and doesn’t know that you are using the scheme.

* Word family is defined by a word the basic word and other derivative of it. Given most people use sentences that make sense, only 1 word of the word family will be used.

 

I've seen a lot of different figures, but it depends on how you count all the different variations (type, typing, typed,types,etc). I have a feeling that the average person knows about 20,000 words WITHOUT the variation... and that could easily be 60,000+ with the different forms of the word. I happen to have a dictionary here, and I know about 80% or more of a random sample on any given page. If there are 170,000 words in my dictionary, I'd have to know only about 15% using your math. That is literally impossible. I would guess I know and can easily use more than half (but then again, I am pretty well educated.

I guess it might be a valid argument to say that you can make a small group of words that most people share, and use that in an attack... This is a valid point, and that is also why I said using names and punctuation make it harder to break.

I think this is where you are getting hung up. No one knows your scheme. Its like me saying that "padding is ineffective because if someone knows you are using repeating characters, it is much easier to brute force." You can claim sentences follow rules an patterns, but so does padding. The obvious flaw is that no one knows WHAT you are doing.

I suspect this is why I have never seen a dictionary based rainbow table. There are a ton of different ways you can write a pass phrase. It could be all caps, you could use underscores in between the words, commas and periods could appear at random places, capital letters might be used at the beginning of any word, you could use names, you could use quotes, apostrophes, dashes, etc etc. Its simply not feasible to run an attack like this.

We've also been comparing against completely random sets of 96 characters, which is unrealistic... just like it may be unrealistic to assume people will use all the words in the dictionary. The keyspace of a "normal" password is substantially smaller when you factor in that it will mostly be lower case letters. You will probably only have one or two capital letters and one or two symbols. This cuts the keyspace by several orders of magnitude.

The same thing happens with padding - instead of 96 characters you might be able to assume at least half are symbols. This drastically reduces the number of possible characters as well, and also cuts the keyspace by several orders of magnitude.

In reality though, no one really knows what type of approach you are going to take. The number of different ways you can do any of these tactics (how you pad, how you write pass phrases, etc) is almost like another keyspace in itself. Sure, someone could make a rainbow table that specifically attacks how you do write out your password, but this is arbitrarily specific. Technically, unless you have a completely random password, anyone could potentially make a rainbow table for a specific arrangement of characters that would be best suited for your password pattern...

The trade off is that patterns are easy to remember, and that is why we will never use an 8 character random password using all 96 characters.

 

Having not paid much attention to password security in several years, I find a lot of this discussion confusing. So, I'll ask some questions for clarification.

1) My method has been to use a constant prefix, followed by a variable suffix for specific sites. I can also put a space between them. For example, I might use Dgmt? as the prefix and wil for Wilders, giving

Dgmt? wil​

Various Password checker sites rate this as strong @66% (very strong being the highest); secure; 2 years to crack, etc.

Question:

--> why do different sites yield different ratings?

2) Articles emphasize the need for password security.

Question:

--> What are some scenarios where my password might be broken, and what would be the resulting compromise?

For example, wouldn't a hacker need to know the user name also?

thanks,

-rich

 

My method is a bit more complex:
1) take passwords I already use (ie. 3g%dx&s*D); I have 6 or so of these

2) combine theme (randomly picked out of the 6 or so) together

3) shuffle the order


4) add a random "salt" password to it in a random space.

5) shuffle order again

6) optionally include site name in there somewhere.

this allows me to have 8 different 64 character passwords and remember all of them because they are just slightly different. Different order and salt(s) mean even if one is compromised no one will compromise the other. All of the passwords by them selves measure to take 3.4 Bilion years to crack. together it was 6.30 billion trillion trillion trillion centuries or something close to that.

 

Problem here is that if it is a sentence that makes sense, there is some information as to whether the verb or noun form of the word is used etc.

170,000 is the number of words in the 20 volume OED, not the compact ones we have sitting on our table.

Yes but the assumption here is that you will by design include at least one of each. It can be 1 upper, 1 number, 1 symbol and 20 lower at the end.

I think everything else is pretty moot. Using sentences or padding essentially make passwords much easy to remember but longer in length. As long as you can get all 4 character types in either sentences or padding and not have the attacker know your scheme, all is good.

The most important thing is keyspace. If sites are judging that, they might have a different standard as to what is a sufficient keyspace.

Some other sites I’ve seen deduct points for arbitrary things like consecutive lower case letters etc.

Playstation network had usernames and passwords stored in the clear on the same server. There is nothing you can do about insecure server side settings.

For the best security, passwords should be salted then hashed. Hashes, salts and usernames should be stored in different servers.

Yea no kidding. I would have a listen to that podcast. Could make your life a lot easier. Also try lastpass.

 

Funny, I had the same question as the one you posed in your example. My hypothetical would be where someone is bent on misappropriating account(s) and/or information therefrom *and* just happens to know that you have an account at, say, XYZ brokerage or ABC Bank.

Regardless of this hypothetical individual's password hacking ability, if the username or ID is unknown, what is the point of figuring out (by whatever means) a password? Can that even be done? I mean, I could tell everyone in the world my real name, address - all other pertinent information - and that I have an account at XYZ brokerage. What good does that do anyone when confronted with a blank login page on the brokerage's web site when one needs to guess both a username and a password to log in? Further, even if the username were known, I have several accounts where you only get a few attempts to enter the correct password; after that, you're locked out which would necessitate a call to customer service.

I understand the scenario raised by huangker where usernames and passwords are stored in the clear but isn't that rather atypical? One would hope that financial institutions, which I'm sure concerns most of us more than the likes of gaming sites or online fora, take some precautions to protect usernames, at the very least.

 

You would hope it is atypical. But it has happened more than once where crackers have found everything owing to the company storing everything in plain text. Sony even had credit cards in plain text.

It is assumed that your username is known. Say for example you are emailing someone at Gmail and you want to crack that account. Well you know the username from the email. Some other companies may have a well established syntax for usernames using the customer name. It is also usually stored in the clear so if a database leaked, usually that is available even if the passwords are hashed.

That raises the point of the difference of an online attack and offline attack. Online attack is when you have to go through the normal interface that everyone has to go through to guess. As you have said, this is much slower and companies can artificially slow it down further or even lock you out.

An offline attack where they actually get the database and will do it on their own computers. This is much faster and cannot be artificially slowed.

 

Passwordmania - like many other "security" topics, comes and goes, like cycles. Now the security media is at a high Point: everyone rushes to cover the topic; why not?

It has all of the ingredients for sensational reporting:

• A web site is compromised and a database of names/passwords is released.
  
  
• A new gadget, GPU, can process billions of instructions/second to guess passwords.

And so, fear is generated and everyone reads about salted and padded passwords. And keyspace.

Quick: what do those terms mean? I looked them up and still don't completely understand what they mean. Does it matter? Are they pertinent to the home user and her/his password strategy?

(Answers must include verifiable and understandable footnotes. Otherwise, you get a "citation needed, a la Wikipedia)

Some of the stories do make for amusing reading, and in deference to Sony, I refer to a "compromise" rather than a "hack":

Sony: PSN Password Issue Was Exploit, Not Hack
http://techland.time.com/2011/05/19/sony-psn-password-issue-was-exploit-not-hack/

Several of us in a discussion the other day agreed that the average home user doesn't have much to worry about, needing only to protect against the possibility of someone with access to the computer, attempting to guess the password.

(Recently in our local media, estranged wife checking hubby's email. Guess what the password was?

If you guessed "spotty" (his dog's name) you win the daily prize!)

Like most other security considerations, users should make a risk assessment and establish a security strategy accordingly.

regards,

-rich

 

I urge caution to anyone considering using short, simple passwords with long repetitive padding. You need to keep in mind that a one-time attack on a single password is not the only attack scenario.

For example, a motivated attacker with sufficient resources might be able to discover several of your less-secure passwords (e.g. website passwords, passwords that are insecurely stored on your PC, etc.) and use their patterns to optimize a brute force attack against a much more sensitive password such as the password to your encrypted data. Your attacker's job could become billions or trillions of times easier if he/she discovers that you tend to create short simple passwords with repetitive padding (or any other simple assembly pattern) for most of your passwords.

The best passwords continue to be long and random. Rather than using short, easy to remember passwords with long repetitive padding I would suggest using good, strong passwords and storing them in a password safe such that all you have to remember is the master password.

 

Keyspace yes, everything else, no.

Having good password policy especially for emails (which contains a whole lot about us and gives us password reset links for other sites) and bank accounts etc very important.

Also for most of us here, it is a matter of interest as well hence we discuss it at length to a point where we are arguing on the margins.

If you are such a high value target that someone would do that to you, I agree, you have a very different password for your high value data / assets.

However the assumption is that the attacker does not your padding policy and tracing you on all your different websites.

True, the best passwords are long and random (i.e. high entropy). True the best policy is to have totally different passwords for your various sites with a password manager. Should you be an interesting person who people would spend time targeting you specifically, that is what you should do. For the rest of us, where if someone is cracking our password in an offline attack (most likely) and we are one of millions, the padding idea makes lots of sense.

 

Yes, it all must be taken into proper context. For most people, the most important thing is that they actually just remember their passwords. Trying to get an average user to remember a complex password is just not going to happen.

Security is always a balance between usability and properly securing your information. Things like pass phrases and padding are ways to enlarge the key space without making it too difficult to remember.

So, would a 16 char. length random password using a 96 symbol set be more secure? Sure. Would anyone remember it? No... but you could easily make a pass phrase that long that is very easy to remember.

 

I have no issues with this method. I also need those passwords to be long and random (encrypted drives etc.). For everthing else I use keypass which is stored on my Iron Key flash drive needs a keyfile stored on another TC encrypted drive that needs a keyfile stored on the ironkey in a TC Volume.

This is why NONE of my passwords are simple (with the sole exception of sites like this where I couldn't care less if they get hacked.) All of them are a minimum of 8 Chars. and most are 16+.

I remember 4 64 Char. Passwords that are completely random using 5 sources for created the password. The first source is GRC's password generator.

 

No offense, but this doesn't make any sense. Why would you even bother?

Sure its "technically" more secure, but the time it would take just to type that in has to be a usability nightmare in itself... and even if I were to believe you can remember 64 random characters, that sure seems like something you could forget pretty easily.

At some point though, you have to say "this is secure enough". Crackers will not be able to crack a well made pass phrase, so why bother with 64 characters of random nonsense? After a while, you reach a point where what you are doing simply adds extra work and no practical security benefit.

 

I agree with you completely however work requires it (work in the private sector). I have to comply with Government standards and as much as I wish I didn't need the 64 Char random passwords I must admit 2 things:

1) I do NOT use punctuation like ' or " (I can never remember that)

2) I store them in keypass as I said until I remember them. The 5 I remember are re-arranged versions of the same password with some parts changed.

Now that said my laptop and some personal stuff is secured with 64 char passwords but they use a similar technique mentioned in the GRC Haystack page. Easy to remember and Secure. I have tried cracking them and others (for work) and have not been successful. I have even used some VERY powerful computers to launch the attack the truth is the GRC and Steve Gibson are correct in this theory. The Haystack/padding method works great even for future proofing security. I hope these become acceptable for my work so I can use them there too.