Pass-phrase strength

Discussion in 'privacy technology' started by amarildojr, Aug 8, 2013.

  1. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    Hi there.

    I was wondering if Dictionary Pass-Phrases are somewhat good so that the time required to break them is long enough.

    So, I usually use passwords like: "_xJ3Bo9<A1.lcv7>0pPHy5Va,jbC2Z(iOp+4MXK" with 64 characters, but these are hard to remember.
    Then, I came with a website that tests how long it would take for a brute-force-attack to break your passwords and somehow "correcthorsebatterystaple" is more difficult to break than a short random-character password.

    The question is: Would a pass-phrase with, say 8 words (all random and picked from the Dictionary), be strong enough so that it is impossible to break it in say 10 years? Or should I stick with my random ones?

    I say this because I use TrueCrypt on Linux, and my security scheme is:

    * A 50MB partition (with Serpent-Whirlpool) that holds the Key-Files for the next partition. This partition is encrypted with random words and it's pass-phrase is 64 characters long.

    * After De-Crypting the 1st partition, I must use the KeyFiles stored in it in order to De-Crypt this 2nd 50MB partition (with Serpent-Whirlpool), which is also encrypted with random words and it's pass-phrase is 64 characters long.

    * After De-Crypting the 2st partition, I must use the KeyFiles stored in it in order to De-Crypt this 3rd partition (Data partition, with Serpent+AES-Whirlpool), which is Encrypted with a 64 character random-manually-generated-password with no Key repetitions.
     
  2. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Use AES-160. Passwords Upper/Lower/Numbers/Symbols. Keys over 20 digits long won't be broken as long as they are random and unknown to an attacker. Your method is complicated, takes too much time and is overkill. Using real words with no numbers/symbols or randomness are easy to crack even when long.
     
  3. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    I don't consider it overkill. Of course, it all depends on the quality of the information stored on the disk, if it were just some photos I wanted to hide then yes, it would be an overkill :)
     
  4. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Dictionary pass phrases are the usual "first to fail" in any well considered brute-force attack.

    I would stay if you can construct an easy to remember pass-phrase that does not use common dictionary terms and that also happens to be very hard to crack due to its randomness + length, then you probably have a winner! Taliscicero's advice is good.

    -- Tom
     
  5. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,976
    Location:
    U.S.A.
  6. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
  7. wearetheborg

    wearetheborg Registered Member

    Joined:
    Nov 14, 2009
    Posts:
    667
    Yes.

    As a rough estimate, look at the search space.
    Lets take there to be 100k words in the dictionary (there are more).
    Lets say you string together 7 of them (I say 7 because the words can be longer than 8 chars). Effectively, you can have (100000)^7 possible combos = 10^35

    Now lets take a random character password and see how many charatcrers you would need to be just as secure.
    52 letters (small+caps) 10 digits and lets say 18 symbols = 80 different characters.

    You want to find x such that 80^x = 10^35
    equivalently, x= 35/(Log(80))

    The math works out to the 7 word password being equal to at least 18 random character long password.

    If you want something a bit more secure, have a hybrid of the two schemes, words + random characters, eg 6 words and a random 8 character password mixed in.
    Six words = 30/(Log(80)) = 15 random character strength. + 8 random characters = 23 random character equivalent.

    That should be unbreakable in the next 30 years.


    PS: How the heck do you remember a 64 random character password?
     
    Last edited: Aug 9, 2013
  8. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Of course except in the case of where a quantum computer is available in which case it would be breakable in a very short time.

    -- Tom
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    aNot really, no. 64 character password will resist a quantum computer just fine for symmetric encryption, which is what is being used here. It's only with asymmetric encryption where issues arise and they're not really related.

    Even if a quantum CPU improved performance a trillion trillion trillion trillion times over it wouldn't be enough. And I don't think it would improve that much.

    I'm pretty sure that a typical brute force of a 64 character password is literally impossible with a full character set and no information on the password. Just based on things like heat/ quantum barrier, some things are computationally impossible given the restraints of our universe.
     
    Last edited: Aug 10, 2013
  11. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    Type it a few hundred times and you're ready to throw the note (in which the password was written) in the incinerator :D
     
  12. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    I've read a lot about these, but never seen any practical result, just theoretical ;)
     
  13. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    As Taliscicero, your system is definitely overkill. It doesn't matter how sensitive your data is, you're essentially not making it any more secure by doing all that.

    Sure, in a technical sense, you've got a bunch of different layers of security. But in the practical sense, if someone is going to break your system, they're going to do it from a side channel by which it doesn't matter how many volumes and keys you force yourself to jump through.

    In the real world, your setup is not much more secure than a single volume with the same key/passphrase. No one is going to attack the encryption straight on anyway.

    As to your passphrase strength question, no, a phrase made up of dictionary words is not going to be stronger than random characters of the same length. I have a hard time believing you "remember" truly random sets of 64 character strings (from a 95 character space, no less), but yes those are stronger.

    However, virtually anything with 64 characters is going to be complex enough to stand up to brute force. Especially if you increase the character set size by using capital letters.

    For a good exposition on passphrase strength, see these links:

    A Really Good Article on How Easy it Is to Crack Passwords

    How much entropy in that password?

    zxcvbn: realistic password strength estimation


    *facepalm*

    How long before people quite pulling this nonsense? Once again: a quantum computer will simply reduce the complexity of an attack by a factor of a square root. So effectively it's only going to cut the keyspace in half. That's it. Please don't talk about something if you don't know anything about it.
     
    Last edited: Aug 11, 2013
  14. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    He'sssss backkkkkk! And, JG, you're just as condescending as you were two months ago.

    When you burst on the scene here and pretend you know everything, that you are always right, it's just bizarre, and that *facepalm* business is an added cockiness that isn't appreciated by anyone. And linking to yourself? You linked to a comment you made basically saying the same thing you said in this post. You've done that numerous times in the past. What's up with that? Why not link to something credible, outside of the site and not your own posts and words, that would help others understand your position? You know, it's not so much I disagree with you on much at all, it's just the way you talk to people here.

    `
     
  15. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
  16. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    I don't pretend anything. I just do my best to practice the very piece of advice I was giving in that post...I don't talk on things I know nothing about.


    Here again, I don't "pretend" anything. It's virtually impossible to "always" be right...but on that note, have I ever been wrong here? Again, you can do a pretty good job of not being wrong by refraining from talking on things you don't know about.

    Stick to what you know, and don't make false statements, and you're well on your way to being "always right."


    Just an illustration of the frustration that comes with seeing the same nonsense for the thousandth time. Maybe you just don't have as much exposure to cryptography discussions, but just pretend that almost every day you heard someone say something along the lines of "don't forget your coat, you'll catch a cold."

    ..to show how this is not the first time someone has made this same mistake. I'm sure one could find 50 more in this very forum, if one were so inclined. I just knew of that one off hand because I recall responding to it.

    Linking to a previous post I made? Because the content of the post/thread is relevant, and linking is cleaner than reposting the same text.


    In case you hadn't noticed, the majority of my posts contain numerous links to outside sources. There were 3 great ones in the very post you're quoting me from. I'm actually not quite sure what you're talking about.


    There's a reason for that. (See the first two paragraphs)
     
  17. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I'll say this: If you can remember whatever scheme you use, and you don't mind using it, it isn't overkill, IMO. Only if it *reduced* security, would it be a problem. JMO.

    PD
     
  18. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    hardly so if i can remember 5 sets of those seemingly truly random sets of 64 bit passphrases , surely i must be god then , lmfao , no more like the more you use them the less you need the notes and as amarildojr said once completely

    memorized in a way that would make it very difficult to retrieve from you even per good ol rubber hose and some injections , you should be good to go, and can then pulverize those notes, memorizing time does differ

    from indiviual to indiviual thou not to mention complexity used to memorize them , beats any 2 factor by lightyears thou imo , with 2 - 4 or whatever amounts of factor authentication , you always have the risk of the other part/s being found and half of the encryption broken, the passphrase is the only method that has been the 100% safest way to date ,anyhow dont ask me how long it took for me to get all 5 cramped into this tiny brain of mine xD, just saying , it is some excellent brain jogging thou , not like i ever was a big fan of anything to do with jogging , lols ;)
     
    Last edited: Aug 11, 2013
  19. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    It's pretty secure at my POV :D And also an extreme overkill.

    First, I need to decrypt the 1st 50MB partition, which holds the keys for the 2dn 50MB partition. Then I need to decrypt the 2dn partition using a totally different password than the 1st partition, and use it's keys. Then, I need to decrypt the 3rd partition (which data is stored in), which has a 64-character PW.

    It's pretty secure from a bruteforce attack. I know that a single 64-character PW will render the bruteforce infeasible for the next billion years, but I'm way to paranoid when security is in game.
     
  20. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Yes, I have to agree it seems like overkill. However, security is heading in a dangerous direction in the name of "simplicity." For example...

    I know that password managers are all the rage, but I have given this a lot of thought of late and have pretty much come to the conclusion we'll look back on this era with regret. Without going into great detail in this post - just give it some thought yourself, especially the online varieties. Once we get to where it's common practice to use these password managers, where will attackers aim their focus?

    Four words that are mentioned in any kind of Security 101: Single. Point. Of. Failure.

    The attackers get one password - they get them all. One password gets them access to dozens, maybe many more. A classic case of violating a cardinal rule in basic security of ferreting out any single point of failure.

    I agree with JackmanG that a program like Bruce Schneier's Password Manager, residing solely on your own computer, is far more secure; and it has nothing to do with encryption, it's all about implementation. The online password managers are far more complex which, theoretically, offer more opportunities for attack.

    More later on this, but the more I have thought about the above, and the direction we're headed, the less secure I feel.

    `
     
  21. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    I get where you're coming from, but I'm not sure the concern is completely warranted, or at least pointed in the right direction. Ultimately it does just depend on the competency of the user...so you may be correct in your concern with the average person using a password manager...as you said, all the passwords are right there, and your average joe may not be as security conscious as he should be (e.g. making his master password easy to crack, or taping it to his monitor.)

    But there's a couple angles to this to consider...

    1) What's the alternative? Obviously the number of accounts the average person needs is not going to go down, so it's basically a given that people are going to need to manage more accounts than they could possibly remember the login credentials for (of course we're assuming the passphrases are of the strong sort, resistant to brute force...as, we all know one common "solution" to the problem is simply having weak passphrases that are easier to remember, and even worse, simply reusing the same credentials among all accounts.)

    So you're looking at either having a hard (i.e. "outside of your head") database of some kind, or simply having weak credentials.

    Schneier has recommended for years the "piece of paper in your wallet" method. I tend to agree that low-tech method might actually be the best balance for most non-techie people. (Everyone seen the infomercial for Password Minder?)

    But that's basically it...you're either looking at relatively easily cracked passwords, or some form of database...unless...

    2) My guess would be that by the time "everyone" starts getting around to "password management", biometrics will be so common that many won't even be using passwords any more.

    In fact, that's actually where my concern lies. Biometrics just opens up a whole other can of worms...particularly with regard to privacy. No more would you be truly anonymous: a fingerprint opens the physical lock on your computer, an iris scan logs you in and constantly monitors making sure it isn't someone else on your computer...voice ID logs you into your Google account...hell, a saliva scanner on your laptop or mobile device confirms your DNA to give access to your medical records. The possibilities are endless.

    No more would the "you can't prove it was me using the computer" defense be viable...against all the various forms of attack (e.g. the copyright mafiaa, etc.)

    I actually think this sort of "more secure" form of authentication posses much more security risk than anything having to do with passwords, whether password managers gain widespread usage or not.

    It is my prediction that the main pushback from such technologies is going to come from the security/privacy conscious among us...those who are truly attune and adamant about their security, and who understand enough about technology to recognize the risks that come from such things.

    Bottom line:
    I don't think password managers are ever going to be a problem. I don't really see a likely scenario in which they could possibly create a less secure tech space than what we see currently. And by the time the majority of the population would have come around to adopting usage of password management software/systems, biometrics will already be catching on, and the general public will be migrating to that...which in my opinion may ironically end up being actually out of the proverbial frying pan and into the fire. I can imagine a lot more issues arising from common usage of those "more secure" technologies than any form of password manager...from simple user incompetence leading to account compromising...all the way to high-end monitoring and privacy (and ultimately security & freedom) eradication stemming from a much more "integrated-with-the-user" setup. (See Schneier)
     
  22. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    im all for offline password managers like keepass , its excellent , and secure as long as you make sure to use a nice long passphrase as master pass there shouldnt be any security implications there , as already mentioned theres no way in hell we could memorize all those brute force secure passphrases and logins to all those hundreds and hundreds of sites we daily register too, and yes biometrics is just a gimmick even with dna , people only need to take a "sample" of your DNA and its cracked even with temperature sensors and all that useless crap , as already said only 100% secure way is to use a secure passphrase thats it
     
  23. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I only know, and use, two PWM's: KeePass for everything non-web, and LastPass for websites.

    LastPass is local enough for me. Yeah, there is an online component, but it's an encrypted "blob" in GRC parlance. Nothing plain text ever happens over the wire. I don't even know the Master Password, and it's over 256bits of entropy, according to KeePass :D There is also two-factor available using YubiKey or Google Authenticator.

    I don't even know all of my KeePass Master either, but my YubiKey knows half of it :D I do know where the keyfile is though.

    I think both are safe enough, and can be made *really* secure with different techniques.

    What's the option? Yeah, a text file in a TC container, but then the container becomes the SPF, right?

    I guess I can see how strong arming LastPass to change the code surreptitiously might be a possibility...especially these days. So you're on to something there possibly.

    PD
     
    Last edited: Aug 12, 2013
  24. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    you do know theres an firefox addon for keepass that will allow the use just like lastpass , but without any security implications or possible backdoors , right?
     
  25. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    It's easy to remember long passwords when forced to type them a lot of times.

    I don't bother using very strong passwords to log-in into websites since the vulnerabilities that attackers we'll have to look for are not related to it.

    Example, my e-Mail password has around 36 characters, all random with upper/lower case, numbers and symbols.

    Then, on other websites I use a variation of this password where the first 16 characters are the same, and the 20 following are different, all following the same randomness rule.

    Now, I don't always use the same password criteria on all websites, only at those who I consider important. On askfm my password (10 characters, just numbers and lowercase letters) should be hard enough for an online brute-force to crack it on 1.2 Thousand Centuries.
    If, say I chose the same password for disk encryption, it would take roughly 30 seconds to crack it.