Passphrases That You Can Memorize — But That Even the NSA Can’t Guess

Discussion in 'privacy general' started by lotuseclat79, Mar 27, 2015.

  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Passphrases That You Can Memorize — But That Even the NSA Can’t Guess.

    -- Tom
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It's a nice system. But I don't trust my memory enough for that, especially once I have more than one of those “brig alert rope welsh foss rang orb” strings. I still prefer to use the first letter of each word from various favorite quotes. That way, if I forget, I can always reconstruct. I also combine multiple strings, from unrelated sources. So then, instead of “brig alert rope", I have "string1 string2 string3", each of which is maybe 20-50 characters long. That's a lot to type, but the only thing to remember is which three quotes, in which order.
     
  3. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,126
  4. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    I love Diceware, and this is exactly the way I've done it - and I'm OK revealing that. I find it very easy to remember a set of master passwords of good entropy, far easier (for me) than a shorter but cryptic set. A master master password for an isolated password and certificate/key management system and only used for that purpose, means that you ultimately only need to remember one password.

    I like that everything can be lower case so I'm not scratching my head over that, and it makes keyboard variants less problematical. Whichever way you do it, I think ensuring complete randomness is the key, any "clever" techniques may have radically reduced entropy. Add some two-factor authentication and password managers (LastPass for web, Password Safe for local, both with Yubikey TFA) for standard account passwords, and it's as good as I'm likely to get.

    I strongly disagree with the article in that I think rolling physical dice is no big deal and MUCH preferable to doing it on any electronics or with any program to help you. That's simply absurd in the circumstances. A darkened room with no electronics. A physical dice. Write it down on a bit of paper. Memorize. Burn.

    They also do not sufficiently emphasize the potential vulnerability of those passwords to "terrifically weak" endpoint security. As usual, claims of being NSA proof are silly, because they'd not bother unless an obvious weak password had been used, they'd either compromise the client or use wrench persuasion.
     
  5. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    I think people overthink this too much. Take for example Wewilllrockkyou. I consider this very secure. The problem remains your OS/programs or the website who are storing your data.
     
  6. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    Not very secure. Standard well known phrase right out of pop culture. No randomness, no numbers or other characters. Good enough for a forum, maybe, but not eBay or a banking site. If you are going to use a stock phrase, use something much more obscure. Being knowledgeable, for example, in 18th century literature in languages other than English could lead to some good ones. It can also be longer. Stock phrases that are easy to remember should be long and obscure if you want to use them as passwords and I would tag on a second part that is also easy to remember but unrelated to randomize it.
     
  7. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    Memorizing one random sentence (i.e. Ilike1redshinyflyingpegasus) is nice and far easier than diceware randomness. But things will boil to how about 10 or 100, where will you start mixing or forgetting them?
     
  8. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    I think the opposite, Wewillrockyou is secure for ebay, maybe not from a family member who will know you. Wewilllrockkyou (will has 3 L and rock 2k), would need to be brute forced, so you'll have bigger problems than that if any government would want your password.
     
  9. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    Instead of using words that you can find in a dictionary or alterations thereof, I prefer using random syllables put together that you can sound out in your head, which makes it easy enough to remember- like "gabbjescploss", some syllables or first characters of those capitalized, in addition to random strings of several digits and special characters thrown in.

    "Wewilllrockkyou" will not require a straight brute force, it's far less random than for example

    &(*&agreffblagrewuq293NEBU

    Cracking programs have sophisticated algorithms to guess misspellings/alterations of dictionary phrases (killl, rockk, or b!cyc1#) well before going to purely random brute force. We're talking about the ubiquitous John the Ripper having those capabilities, I'm sure that the NSA has far better algorithms. Even my password scheme is far less than perfectly random, but I feel that it's more than sufficient. It's easy enough to remember if you use the password daily, but easy to forget after not typing it in for a while, which is a decent countermeasure to the wrench in many situations.
     
  10. roady

    roady Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    262
    I simply use a 26 characters long master password to unlock Sticky Password,and create a 20 character password for every place which needs 1,which gets stored in my password manager........and it also protects me from keyloggers.
    ATM,I have no interest to memorize 40-50 different passphrases...... :D
     
  11. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    @phalanaxus , @Wroll - how do you answer the simple but necessary question: what entropy does my password have? You can guess, and my feeling is that you would wildly overestimate. If you need a dose of sobering up, this link provides an introduction:

    http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

    The only way of being sure what entropy you have is to use a random password (or set of them).

    As far as "overthinking" it is concerned, one of the benefits of being open to learn in this forum is that you can take advantage of people who have thought things through. For sure, you cannot guess people's threat model and risks (and, for example, in the original article, we're talking about people risking jail or worse). On the scale of security and privacy issues, I've found the Diceware master password scheme plus password managers to be straightforward in planning, execution, memorizing and operation - way simpler than issues of browser security and privacy, sandboxing, operating system hardening, VPNs, FDE, and firewalls, and I am much more confident in my authentication schemes than all the other things. It's basically good practice and you can take advantage of it - or not. But spending time on all those other things is fairly pointless if your account security is weak.

    As far as remembering loads of strong individual website passwords, that's absurd, and as @roady notes, the longer master password is the gateway into a password manager which does keep those records. If you wish to combine that with TFA, again, that's actually much easier than you might imagine.
     
  12. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    The answer to your question is you can't calculate entropy easily when a human is involved in the process. (Actually you can but will have loads of different results depending on the technique and assumptions, you can try some techniques to see what my example will yield) I'll advise you to reread the article you post and mind your manners when talking to people you don't know. I will stop answering and commenting on this topic since I don't feel like arguing.
     
  13. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    How about using the Diceman technique?
    There was an old woman who lived in a shoe... or
    Little Miss Muffet sat on a tuffet...
     
  14. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    Thank you for recognizing the key point that you indeed cannot calculate entropy easily when a human is involved in the process. Either it's not very important to the person, or they can't be bothered remembering a demonstrably strong password (in which case they would do well to use a password manager generating the strong passwords for the sites); or it is important in which case a demonstrably strong password set (to whatever entropy level the person's threat runs to) plus a password manager for run-of-the-mill sites, plus TFA is the right approach (plus whatever else you need to do securing the client etc).

    As far as manners are concerned, you seem to think that disagreement with what you're saying contravenes that. Do you not agree that it's important to challenge information which could be dangerous to some people reading this forum, backed with discussion, which is what I've done? The biggest danger is the faux-strong password, which is exactly what "clever" human based schemes dream up.
     
  15. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    How many important cases do you people know of a 3 letter agency going after a guy and being stopped by a password? You are from UK, so you know very well that the UK law is "give the password or rot in jail". Personally, I see passwords as something that can defend me from hackers, not from the government.
     
  16. phalanaxus

    phalanaxus Registered Member

    Joined:
    Jan 19, 2011
    Posts:
    499
    I said I won't reply but have to clear something before I leave it at that. The problem is not challenging ideas it's the way how you do it (i.e. dose of sobering doesn't go well as far as well manners)
     
  17. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    "I forgot it, I remember it was really long and complicated though, like 30 random characters. First couple were Hafds@ I think, I can't recall the rest though"

    Prove beyond a reasonable doubt that I'm lying. I doubt Johnny Cochrane could pull that off. You can't go to jail for forgetting a password in the developed world, as long as you have a half decent defense attorney.
     
  18. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    You assume that the policemen are idiots and base their case on nothing. The reasonable doubt is also subjective, after all, there have been innocents sentenced to death, so a judge might not believe you even if you had told the truth.
     
  19. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    For me, no passphrase listed here seems to be random enough, even &(*&agreffblagrewuq293NEBU cuz it separates each char types, but I agree that properly estimating entropy is not easy, and it is well known in psychology that human-made "randomness" is actually not much random.

    I'm sure Diceware is better for most ppl, but it has its own drawbacks. Firstly final phrase have to be quite long to assure security, i.e. at least more than 6 words. But that's okay as it is more intended to be used in e.g. at rest encryption. But more serious matter is, what if you haven't used the passphrase 1 or even half a year? Can you remember such long phrase? Also, what if you need 100+ different passphrases, can you distinguish and remember them correctly w/out help of text file or pwd mgr?

    IMO, most of "clever" technique are simply not much clever, and if you employ really clever technique it will excel Diceware in memorability and maybe security.

    As to memorability, anyone served for mathematics or physics would know forgetting procedure (e.g. how to solve simultaneous equation) is much harder than contents (e.g. what happened in A.D.1096). For security, the point is not necessarily entropy but making guess impossible as well as bruteforce, so you should make many devices.

    Firstly you make root password which will be a base of many of final passwords. It's better to make more than one root passwords w/ other mnemonic you can't forget and assign different roles or usages for each root password.
    There will be infinite ways to make root password, but if you use e.g. song, never use phrases directly. If it is Elton John's "Your song" ("It's a little bit funny, this feeling inside..."), one idea may be "IaLbF,TFi.". Actually it's too much simple and someone who knows you're Elton John's fan may be able to guess, so make more devices, and if you like very minor song which only you know you like it, it's better suited. Not only final password but even root password should look meaningless to all English speakers as well as all languages you can understand, should include symbols + upper & lower letters + numbers, should be flexible in length.
    Then, it's decoration time. More complex decoration you made, basically more secure, but never solely rely on alteration such as S to $, i to !, l to 1 etc.. Also some ppl may use service or program name directly, e.g. for Google they add "Goo" as prefix and "gle" as suffix, but do not directly use those names and make more complex algorithm. Again, there will be infinite ideas. e.g. as "G" is 7th alphabet, replace it to "007" etc. etc.. Also you should take statistical characteristics in password cracking into account e.g. many ppl use upper latter in their first char of the password, and use 1 or 2 digits numbers in last. You should outwit them.

    Finally you can get long, seemingly random, but 100% re-generatable and memorable passphrases even for 100+ different usages. I myself do it. Firstly it will take quite a time to re-generate passphrase as you have to conduct complex calculation, but once you're accustomed the time will dramatically decrease just like complex math calculation. Not as a kidding or joke, it will be good brain training to prevent aging. I know some ppl don't rely on cash register in shopping instead calculate sum purchase in his/her head.
     
    Last edited: Apr 3, 2015
  20. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    @Yuki2718 "what if you haven't used the passphrase 1 or even half a year?" You have a One Ring password (I think this is what you mean by root password, yes?) which you do remember, and that is used only to store the other passwords and certificates (on an isolated system, never on anything that is subject to KSL or exfiltration). If you forget any of the others, then you have to do a bit of work to recover it, but you can. I used to do the "clever" stuff with decorations etc. but I've weaned myself off that - there are a lot of clever people out there who likely do the same thing. I find the long diceware passwords remarkably easy to remember, much easier than the clever ones ironically, because I could double-guess myself into a labyrinth of possibilities. Judicious use of TFA and password managers means you never need to remember that many strong passwords.

    If we're talking advice to journalists or sources here (no disrespect to them), and protecting them and their sources, we have on the one hand asking them to come up with a clever non-random memorable passwords (with variable degrees of cryptographic success and quite possibly disastrously weak), or else use a prescriptive random method which WILL generate any level of desired entropy reliably (however clever they are/not) - (Diceware), at the expense of a longer possibly harder to remember password. Which is what the article is responsibly doing.
     
  21. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210

    I think that the "&(*&agreffblagrewuq293NEBU" scheme is far more random than any Diceware password less than maybe ~12 words in length. Diceware's complexity is only 7,000 ^ X, X being the number of words chosen. My scheme is

    One 3-6 pseudo-random special character blob- 1.1 million combinations
    One 3-6 pseudo-random number blob- 1.1 million combinations
    One 2-6 meaningless syllable blob, all lowercase. I'm guessing that there's about 100,000 possible 2-5 character phonetic syllables using a-z (correct me if that's too generous), so that's 100,000^6 + 100,000^5 + etc. = 1.0 x 10^30 possibilities
    One 2-6 meaningless syllable blob, all uppercase, same as above

    The order of the blobs is of course arbitrary. It's definitely not perfectly random, but I think that it's about as easy to memorize as 10 truly random characters, but far more robust against a brute force.

    If my logic is flawed correct me, but there is no chance that any arrangement of dictionary words is superior unless the total character length is far greater than my scheme. Of course the longer the blobs are, the more secure it is- I would reserve ~30 character strings for FDE, banking, etc., but stuff like my Wilders password utilizes the same scheme but much shorter for convenience.

    &(*&agreffblagrewuq293NEBU clocks in at 208 bits according to Keepass, far more than is crackable by any technology foreseeable within the next few decades, and stronger than many FDE and VPN keys.
     
  22. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    @krustytheclown2 - perhaps one of the factors which drives peoples' preferences here is how proficient they are at typing. For example, I learnt touch typing many years ago, so most normal words are in muscle memory and fast to produce - so the diceware words roll off the keyboard, and I know when I've made a mistake. And I can fit some form of memorable story to the random words reliably enough.

    I'd agree that the scheme you've outlined has more entropy than a - say 7 word - diceware password - we cannot be sure how much more because of the pseudo-random nature of the scheme you prefer, and how much effort the adversary has put into trying out various schemes that people are likely to use. But both are (currently) strong.
     
  23. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    Something everyone should be aware of is the "backdoor" to all your information and accounts is the password reset options on your email accounts which is often ludicrously easy to hack. I know most people on here are aware of this but for those who aren't...
    I used to date a girl who was bad for doing this to all her friends they would try to "own" each others online stuff to get one over on each other and of course she did it to me too. The password reset options were one of her favorite tricks.
    It works like this once she knew someones main email account she goes to the forgot password options, secret question, and read the question. Usually the questions are things like, street you grew up on, best childhood friend, first pets name etc. Bearing in mind most people set up their accounts years ago and the last thing on their mind is their secret questions. So then she would in random conversation coerce the answer out of them and most times they are oblivious to why she is talking about childhood friends or where they grew up at etc .. once she got the answer out of them she goes online and resets their email password.
    Once she did that she then could go to all their online stuff, facebook etc and do the forgot password thing, and of course they would send a reset code to the very email account she now owned....
     
  24. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    Yes, social-engineering as a method of password defeat.

    This is a basis of how red-teams often defeat their hosts.
     
  25. Yuki2718

    Yuki2718 Registered Member

    Joined:
    Aug 15, 2014
    Posts:
    1,257
    I'm not sure if I correctly understood what you said, but if Ring password means master password with which you can get all password stored in somewhere, that's not what I meant by root password. Root password is literally root of all final passwords, IOW not-yet-decorated password. As you said, if you combine password manager or text file with encryption, only thing you have to remember is master password so you can remember it. But as I said in older thread, I don't fully rely on pwdmgr and use it only for convenience. Even if I lost all info stored in pwdmgr, I can re-generate all passwords. As to "there are a lot of clever people out there who likely do the same thing.", sure there will be ppl who use partly same logic, but I don't think anyone use exactly same combination of my tricks. They may use G to "07" transformation (explained) or "G" to "3E" (guess it!), but it's quite unlikely any of them use exact same methods combination (it will be much less than 1 in world's population), and decorate the root password exactly same way―tho I use prefix and suffix too, I also insert decorations to middle of the body in root password in defined way.

    Anyway, I'm not opposing to Diceware or combining pwdmgr. Anyone has different value and view, needs, etc. But I admit as you say if one ask jounalists etc. to make strong pwd, suggesting Diceware is better than expect them to develop strong algorithm.
     
Loading...