[QUICK TIP] Creating strong passphrases

Discussion in 'privacy technology' started by amarildojr, Sep 30, 2015.

  1. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,975
    Location:
    Brasil
    EDIT (10-19-2015): added: why xkcd's post can't be taken into consideration. https://bbs.archlinux.org/viewtopic.php?pid=1375311#p1375311

    The first thing I do is to take note of a song I like. For this demonstration, let's say this song is ABBA's song called "Lay all your love on me" (I really like this song).

    Next I scan the song's lyrics and try to find a good phrase. Let's say this is the phrase:
    Code:
    Don't go wasting your devotion

    Here's where all the magic is done.
    First, I change some of the letters to Capitol, like this:
    Code:
    dONtgOwaSTInGYoUREemotIONs

    Next, I change some of the letters to numbers so there aren't meny repetitions:
    Code:
    d0NTgOw4STInGYoUR3Emot1ONs

    At this part you might think "this is good enough". To some extent, yes it is; however, this kind of passphrase wouldn't stand long to a dictionary attack that takes "l33t sp34k1ng" into consideration. So if you think you're a valuable target that might suffer a brute-force or dictionary attack, don't stop here.

    Next comes the fun part: symbols.

    I LOVE to use symbols in my passphrases because they make them look so complicated and pretty! However, you must know that just replacing letters/numbers with symbols will also make your passphrase fall under a good attack. So, here's what I would do to this passphrase:
    Code:
    #$d0N'T-gO(w@$T1nG+YoURrrR_)Emot!OnS!!!:D
    See what I did there?
    * It's easy to remember the topic since it's a song I really like;
    * It's a good passphrase;
    * It's not as hard to remember as a true random passphrase;

    You can make the passphrase longer or shorter depending on how good your memory is.

    If you type this passphrase a few times (around 10 works for me) you probably will remember it. It's not so random to the point where you must type it 100 times to remember it; yet it is complex enough to make a good passphrase that would probably stand up to an attack for millions of years, even if all current computational power was devoted to "crack" it.
     
    Last edited: Oct 19, 2015
  2. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Great post!!!:thumb:
    I thought I knew all the tricks to create a secure password.
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    @amarildojr - thanks, and I think your statement "might not be suitable for everyone" is right.
    For a previous discussion, including Diceware (and the mirimir method), see:
    https://www.wilderssecurity.com/thre...rize-but-that-even-the-nsa-cant-guess.374679/
    I'm a Diceware fan, because it's memorable for me, I can type fast, and the entropy is predictable and completely random. By the time you get to your end result, I find myself being unsure about what tweak and decoration I actually used, and I worry that the entropy is not predictable, and for example, I suspect that the letter substitutions you're using contribute less entropy because they're "known" to cracking tools. So for me, remembering the letter variants, slower typing because the characters are mixed case and special, and being uncertain about the entropy is all uncomfortable. Diceware is very regular if longer. But - each to their own!
    What I'd also observe is that it can make sense to have a very restricted hierarchy of strong passwords (not very many) which are only used in particular circumstances/uses or on particular machines. A good password manager with 2FA completes the picture. In that way, you ultimately only need to remember one strong password, which opens an airgapped system keeping records of the others (if you forget), and for doing things like key generation.
     
  4. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    How do you go from 'devotion' to 'eemotion'? Sounds like a difficult one to remember when using multiple passwords.
    I'd rather use 'DoesyourmotherknowFernandoChiquitita_Onandonandon' or something like that.

    -And no, I'm not trying to be rude towards amarildojr; All Abba songs.
     
  5. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    This is cool. You are basically encrypting by hand which has some real unpredictability. I see one weakness at least. You are using the words of a song as a base. Just Google part of the base phrase and see if the whole phrase it came from pops up on the first page of results. I've tried some pretty obscure stuff in obscure languages and they have turned out to be well documented. I had one quote that I was fond of that I thought would be good password material. It was very obscure and scholarly. Googling four words of the phrase quickly brought up not only the whole phrase but the book I had taken it from. If you want this to be really secure, you will have to write your own songs and not sing them to anybody.

    I use math with passwords and quite a bit of linguistic manipulation. Sometimes you can take a known phrase and translate it into another language and it will be unsearchable. It is best to translate badly as that will make it more random than if you do a correct translation.
     
    Last edited: Oct 1, 2015
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    It's potentially worse than that - it's a personal favorite song, which makes it very likely that it will be in some playlist, music file, digital trace on your machine or in the cloud. Forensic tools are known to scan your whole hard drive for words than will be used as a base for password guessing, as well as all well-known phrases (think Shakespeare and suchlike).
    Of course, the variation shown here is likely sufficient, though I do not think letter substitution adds much because the adversaries again know these tr!cks, and it adds significantly to the cognitive/recall load.
     
  7. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,975
    Location:
    Brasil
    Yeah, "emotion" and "devotion" are part of the lyrics :p I misplaced it there. My bad.
     
  8. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,975
    Location:
    Brasil
    EDIT (10-19-2015): added: why xkcd's post can't be taken into consideration.
     
  9. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    I'm puzzled by that statement - clearly, the same length passwords with different strategies are not equally strong because the "chunks"/letters are drawn from a different number of options. But you can create Diceware passwords to have whatever entropy you want, even for strong disk encryption - works out to 7 words for a decent strength. Yes, it's longer in terms of number of characters, my experience - for me - is that it's just as fast to produce and rather more memorable than special schemes which are shorter.
     
  10. Lagaa

    Lagaa Registered Member

    Joined:
    Dec 30, 2014
    Posts:
    5
    First, let's take this statement:

    "Considering it's not hard to build a cluster of 25 GPU's that "devour password hashes at up to 348 billion per second"

    Google search reveals he got this from http://www.zdnet.com/article/25-gpus-devour-password-hashes-at-up-to-348-billion-per-second/

    That "348 billion per second" is for some very lame Windows XP "LM Password Hashes" (16 years old)

    Almost all modern software use some kind of key stretching or password hashing with many rounds. It's either scrypt, bcrypt or PBKDF2 with SHA256 with 10,000 or more rounds. There is no way on earth you can get even close to "348 billion per second" with 25 GPU. Even getting to 1 billion per second would be hard. Lets be charitable and say each GPU can do 1 billion SHA256 hashes per second, then he gets only 25 billion with 25 GPU. However, 10,000 rounds of SHA256 during password hashing will reduce that number to only 250 million passwords per second (not 348 billion)

    However, let's give him his "348 billion per second"" (even though he is never going to reach that number in reality)

    If you have a dictionary with 30,000 words in it, and you randomly pick 5 words from that dictionary, as your password. That gives you entropy of 74 bits

    log (30,000) / log (2) * 5 words = 74.3 bits

    Even if he can search 348 billion passwords per second (and most certainly he can't), it will take him (on average) around 900 hundred years to brute force 74 bits (5 random word password from a dictionary of 30,000 words).

    2^74 / 2/ 348 billion / 3600 / 24 / 365 = (around 900 years)

    Well, as it turns out, xkcd's is correct, and it's especially true since memorizing 5 random words is far easier than 15 random characters (even if it's stronger -- but who cares, 5 random words is strong too) . And xkcd's were probably talking about passwords for online site like email where bruteforcing isn't even going to work, as long as your words are random . Even 3 random words would be fine for an online account.
     
    Last edited: Nov 13, 2015
Loading...
Similar Threads
  1. Mister X
    Replies:
    24
    Views:
    670