TC Password Strength

Discussion in 'privacy technology' started by No1UKnow, Mar 2, 2009.

Thread Status:
Not open for further replies.
  1. No1UKnow

    No1UKnow Registered Member

    Joined:
    Mar 2, 2009
    Posts:
    4
    I know this subject has been run over ad-nauseum, but I have a general question regarding TC passwords, or any encryption password for that matter.

    We know that someone trying to "Crack" or brute-force a password is generally going to use some form of dictionary attack, and generally speaking more advanced attempts are going to use a specialized dictionary that ties back to the user they are cracking against (ie DOB, SSN, known passwords, etc).

    So, in this example, lets assume the cracker has a dic that includes 9 of the 10 pieces that make up a password - as in this diagram:

    Password = (1)(2)(3)(4)(x)(5)(6)(7)(:cool:(9)

    They do not know the order, in fact they don't even know for a fact they have any part of the password, but we assume they do have 9 of the 10 parts, all they dont have is the (x).

    We will assume that each piece is between 4 and 7 chars for this example, however the cracker does not know this. We will say (x) is 6 chars, containing alpha, num, and symbols. (1)-(9) are also alpha-num-symb.

    Deep breath.

    So given all the above, is that password really any stronger than the 6 char (x)?

    This is WAY above my head, so thats why I ask. The cracker doesn't know they have (1)-(9), nor do they know in which position (x) is, and that they don't have (x).

    My initial thought would be, that in theory, they have a head start on cracking the password, but given the length (which they do not know) and the enherrient entropy in each piece, even tho they have it in a dictionary, that in reality they really are in no better position to crack that password than if they knew none of that information.

    Is that a sound assumption, or is this password really reduced to the entropy of (x)?
     
  2. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    I believe (but am not certain) that it is a slightly (insignificantly) stronger than (x), but no where near as strong as it would be if they didn't have that information. Here is my reasoning:

    Lets say the password is 123456789X. If they know 123456789, but not X, they can make an algorithm that tries 123456789 in different combinations with X. There will be slighlty more combinations than all that are possible for X, but not many. A standard english keyboard has around 94 possible keys (alpha, caps, numeric, special). So x can be one of 94 things in this scenario. So x by itself will be brute forced for sure after 94 attempts. There are ten different slots in the full password (123456789X). So as far as the attacker knows, it can be 123456789x, x123456789 etc. Each spot that X is in can be represented by 10, and the total amount of possible Xs can be represented as 94. 10 * 94 = 940 attempts versus merely 94.

    If they don't know 123456789 or X, each of the numbers can also be one of 94 things. So it would be 5.386151140949e+19 possible combinations (10^94).

    Feel free to correct me if wrong, I didn't really put much thought into this heh.
     
    Last edited: Mar 3, 2009
  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    There are 3 options to crack a password: brute force, dictionary and a combination of the two.
    Strength of a password is given by it's length (which makes brute force attack harder) and it's randomness (which confuses dictionary attacks). For instance, let's say I have a 5 char password: "X@5f+". It will never be found by a dictionary attack but it is easy to crack using brute force. If we use a 13 char password using my names, like "JimmyJohanson", it will be cracked very fast using a dictionary, but not by brute force. But, there is one more thing that gives strength to a password, and that is it's structure. For instance, if I choose as a password "first four leters of my name followed by 5 random chars and the rest of the name" which would be "JimmX@5f+yJohanson", even if both parts of the password can be easily cracked with different methods, the combination will prove to be a challenge for a cracker. This could be cracked in theory by a combined attack, but it will be very hard. If, however I choose "JimmyJohanson13579", this will be cracked with the combined method just because this sort of combination is tried by cracking tools. So the trick here is to try to use a structure that is not tried by existing or future cracking tools/algorithms.

    Disclaimer: Jimmy Johanson is not really my name :)
     
  4. TKHgva

    TKHgva Registered Member

    Joined:
    Feb 19, 2009
    Posts:
    77
    Location:
    Confoederatio Helvetica
    What do you think of the Diceware system in terms of structure strength, against the two types of attacks you described?
     
  5. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    I don't think: Jimmy@5f+yJohanson would be any harder to crack than JimmyJohanson@5f+y. There are :

    5 character combinations out of 94 characters: 7339040224
    4 character combinations out of 94 characters: 78074896
    3 character combinations out of 94 characters: 830584
    2 character combinations out of 94 characters: 8836
    1 character combinations out of 94 characters: 94

    A total of: 7,347,954,634 possible regular text combinations (alpha, caps, numeric, special) that are 1-5 characters long. Thats not much at all in computer speak. I could make a rainbow table of all possible traditional passwords five characters or less, then I could have a dictionary that inclides Jimmy Johanson in it. I would set it to try (Where x = every possible password 5 characters or less)

    Xjimmyjohanson
    jimmyXjohanson
    jimmyjohansonX

    and that would be a total of: 7,347,954,634 * 3 possible comibinations = 22,043,863,902 possible combinations. With different capitalization on the Jimmy Johanson part it would be a good bit more but it still wouldn't be super hard to crack. When keyspace is in the billions instead of well above the trillions, it isn't too strong, especially against a super computer.


    The best way to make a password is like this. How many phone numbers do you know by heart? Probably a lot. Phone numbers are seven digits long because thats how many characters th human brain can easily remember. So do this.


    Password One: Ag56Yh7
    Password Two: &84boja
    Password Three: Rfi$$53
    Password Four: @39ByUl

    Then memorize them one at a time. Then after you have all four individually commited to memory, make one big password out of it: Ag56Yh7&84bojaRfi$$53@39ByUl. You can even write down a helper like this: "A&R@" which by itself wont be very helpful with cracking your password at all. Now when you type in your password, just remember password one, type it in, password two, type it in, password three, type it in, password four, type it in. If you need a reminder on one of the passwords, look at your helper to see what it starts with. My password for my whole drive encryption is very random, over 49 characters long and completely committed to memory (although I am prone to forget at the drop of a dime, give me a few months with out typing it or thinking about it and I would totally forget it, which imo is a security advantage in itself!)

    4.82241771922651e+96 possible combinations that are 49 caracters long using standard keyboard ;-).
     
    Last edited: Mar 3, 2009
  6. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    From a mathematical point of view, you are correct. The probability of cracking the two passwords is the same. However, your password cracker must know that kind of password structure for this to work. If you will re-read my post above, you will notice that I proposed "JimmX@5f+yJohanson" and not "JimmyX@5f+Johanson". The probability for cracking this one is exactly the same as the other 2 variants. But, if your cracking tool will consider only Xjimmyjohanson, jimmyXjohanson and jimmyjohansonX and not all possible positions for X inside the name, you will not find the password with that tool. That is why I said that password structure is important too when you want to crack it. Of course, this doesn't offer too much added security (in a way it is a bit similar with security through obscurity, which is not real security) and a method of generating random letters (like your method) is always better. But what I was trying to show is that a bit of imagination can make things harder for a cracking tool.

    BTW, I like your way of generating passwords (I use a similar idea), but I'm not sure everyone has a memory that good as you do :)
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Damn! Is it really necessary to have a password that is so complex? And as far as using words, what if you used common words but misspelled them? Like cirkumvent. And what if you created a fake web address like www.!@#$%^&*cirkumvent.com ? Would that be good enough?
     
  8. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    It really depends a lot on what you are encrypting your drive for in the first place, or using the password for in the first place. If a common criminal steals your computer, I think a nine or ten character password is more than good enough. If you have a hard drive with credit card numbers of clients on it, or the information of hundreds of employees, I would use a very long passphrase at least 50 characters long if you can manage to memorize something that big. Another option for companies with data they need kept private is to split the password up between maybe four people, each one knowing 1/4th of the passphrase. That way a 40 character passphrase can be remembered with four people remembering only a 10 character passphrase. Might be better for 8 people to know 1/4 of the passphrase, in case one dies or something. Another thing you can do it use keyfiles on a USB but that has its own weaknesses and advantages.

    My smallest passwords are seven characters long and the largest is over 49. The smaller ones I use for other things, so I can help myself remember them, and then the large one I use for whole drive encryption. With out the large one, you will not get any of the small ones (I mostly use the smaller ones for encrypted shell files inside of the whole drive encryption, it just helps to be forced to type each smaller part of the large passphrase every day to commit it to memory better). Also with out the smaller ones, you will not get the large one. The large one is all the small ones put together, plus a few more characters at the start and end.

    Good enough is something that needs a qualifier. I think that passphrase you suggested (www.!@#$%^&*cirkumvent.com) is probably good enough. But I am a bit of a security nut and I can memorize a large one (how many phone numbers do you have memorized? You could put them together to form a very large passphrase, although that isn't good because the phone numbers may be easy to find out for an attacker, so I use the 7 character smaller passwords in place of phone numbers and put them together for the most important part of the encryption.)

    Another thing to take into consideration is that if your passphrase includes ANY numbers, letters, special characters, or capitals, it will majorly increase the strength.

    A!2-odfjdps is still much stronger than asedodfjdps even though they are the same length, and A!2-odfjdps is much easier to remember than A!2-5^^4Rr# even though they are the same length, and since both are taken from the same character set they should provide equal security. That is another good way to remember long passphrases. Even if it has only one capital, it has the added security of using capitals. For example:

    A ten character password that only uses non capitals has a character set of 26 characters. There are a total of 24^10 (63,403,380,965,376) passphrases that are from this character set. Even by just adding a single capital in place of a single non capital, you increase the character set to 52 and make the entire amount of passphrases 52^10 (1.44555105949057e+17). So just by having a single capital, you get essentially the same security as if you have 4 capitals and 6 non capitals, and it is easier to remember a single capital than it is to remember 4 out of 10.
     
    Last edited: Mar 3, 2009
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thank you so much for this information. You have been very helpful. Great post!!
     
  10. No1UKnow

    No1UKnow Registered Member

    Joined:
    Mar 2, 2009
    Posts:
    4
    I am with you 100%, in fact this is very similar to what I am proposing in my original question. Given your example of one password that is pass1 + pass2 + pass3 + pass4, in my example, the attacker would have p1,p2, and p4 in a dictionary (allong with thousands of other words, combinations, passwords, etc that are localized to the user) but they do not have ANY knowladge of p3.

    They don't know IF it exists, they dont know a length, they dont know anything. Thus, they would have to use a combo attack against that password. So using your group of examples, they would be combo attacking against a 49 char pw, however they would have 41 of those char's in their dictionary (but again they would not know this.)

    Simply, they KNOW nothing about the password. They dont know the len, they dont know if they have any values in their specialized dictionary, they dont know they are missing anything. Given that, and that the password is actually 49 chars of randomness, even though they DO (unknown to them) have pieces of that password, that the combo attack would be slightly more successful since those 3 of 4 pieces exist in their custom dic, but at the end of the day, the advantage they have over cracking that password is a theoretical minimum, and statistically insignificant...if I am thinking correct.
     
  11. n33m3rz

    n33m3rz Registered Member

    Joined:
    Jan 10, 2009
    Posts:
    114
    I believe if p1-p4 are used and the adversary knows p1, p2 and p4 but not p3, that the total password would have security greater than p3 but much less than if the adversary didn't know p1, p2 and p4. Although if they don't know they know it that would probably help a lot also.
     
Loading...
Thread Status:
Not open for further replies.