
Cracking the 12+ Character Password Barrier, Literally - sply
http://www.netmux.com/blog/cracking-12-character-above-passwords
======
userbinator
_Because remembering the password "horsebattery123" is way easier than
"GFj27ef8%k$39"_

One way I like to remember long yet high-entropy passwords is to memorise a
long, somewhat nonsensical phrase and use characters from it. The reverse is
also possible. E.g. that one could become "Gordon Freeman joins 27 electric
fences 8% kills $39"

~~~
rawnlq
I am pretty suspicious of my meat-based random phrase generator. A lot of the
analysis on the entropy of correcthorsebatterystaple type passwords assume the
words are uniformly drawn from a vocabulary of whatever thousands. But if you
have a large enough dataset of passwords I bet you can find the true (non-
uniform) distribution of words people actually draw from and the entropy will
be a bit lower. And if you further restrict it to be almost grammatically
correct phrases it will be further lower[1].

Am I just paranoid?

[1] RNNs can learn the distribution of your grammar easily
[http://karpathy.github.io/2015/05/21/rnn-
effectiveness/](http://karpathy.github.io/2015/05/21/rnn-effectiveness/). The
worry is that human generators will condition their random words too much.
e.g., "correct" ooohh brain just did a adjective let's throw it a noun next
"horse".

~~~
nommm-nommm
This is where diceware comes in. You are supposed to pick whatever word you
roll on the first try, no exceptions, for this very reason. Rolling until you
get a word you "like" reduces randomnesss significantly. They even say you
should use _only_ use real, meatspace dice to generate passwords to be truly
random, not pseudorandom.

[http://world.std.com/~reinhold/dicewarefaq.html](http://world.std.com/~reinhold/dicewarefaq.html)

>There are some obscure words in both lists. If you passphrase includes a word
you don't know, look it up in a good dictionary. Learning the word's meaning
will aid you memory and your vocabulary.

Of course there's exceptions when you should start from scratch.

[http://world.std.com/~reinhold/diceware.html](http://world.std.com/~reinhold/diceware.html)

>Because some words on the diceware list are two characters or less, you can
get a very short passphrase. If your passphrase, including the spaces between
the words, is less than 17 characters long, we recommend that you start over
and create a new passphrase. You should also start over if your passphrase is
a recognizable English sentence or phrase. (These situations are extremely
rare.)

(If it were me I'd just keep adding more and more words if my password was 17
chars or less)

~~~
ams6110
When I use diceware I use random.org for the dice rolls. They claim true
randomness generated from atmospheric noise.

~~~
DanBC
Is that because Random.org is really random, or because your threat model
doesn't include state level actors taking over random.org?

~~~
taneq
If state level actors really are interested in what you have to say, then
either you're a high enough level spook that you aren't using a web service
for your entropy source, or your crypto is not going to be the weak point in
your defense.

~~~
Cpoll
If every hacker uses random.org, it's more cost-effective to compromise the
service than to take a wrench to every single hacker's kneecaps. It wouldn't
be a targeted attack, but it might be very useful if a sufficient subset of
'interesting' people use random.org.

------
sfilargi
Practically, if one doesn't use a password manager, they probably have a much
more serious problem than weak passwords, i.e. password re-use.

~~~
kevin_thibedeau
As opposed to having your manager DB lost or compromised by a trojan.

~~~
danjoc
Using zx2c4 pass with a Yubikey 4. Passwords are GPG encrypted. The private
key is on the Yubikey and cannot be read out. The Yubikey 4 is set to require
a touch per password unlock. The only passwords at risk are the ones unlocked.
At that point, the trojan could install a keylogger and have the same amount
of success.

Losing the password store isn't a problem either. It has a git remote on a USB
stick. There's a backup if it's ever lost.

~~~
irremediable
In that setup, how do you handle needing passwords on your phone?

~~~
danjoc
There's an app for that. Android Password Store[1]. You can use a Yubikey Neo
with NFC in combination with Open Keychain[2]. Both are available on F-Droid.

[1][https://github.com/zeapo/Android-Password-
Store](https://github.com/zeapo/Android-Password-Store)

[2][https://github.com/open-keychain/open-keychain](https://github.com/open-
keychain/open-keychain)

------
chris_st
I really like Password Chart[1] as my "password encryption" scheme, since it
gives me nice long wacky phrases out of something memorable, per-site.

[1] [http://passwordchart.com](http://passwordchart.com)

~~~
vesinisa
Except until a couple of sites leak their plaintext passwords, and the
attacker can start piecing information together. Bob@foomail.com's PW on Yah
_oo_.com was ZuBrDf _PgPg_ , and on P _a_ tre _o_ n.com Sk _Br_ OxPdGq _Pg_
Lu. Any chance his PW for _Therapy_.com might be OxDfGqPdBrSkZu?

Such attack is more attractive and more effective the more people use this
specific method.

~~~
tomjen3
I highly, highly doubt that anybody is going to do that as a general attack
vector. Computers change, but people are people and are not like, in great
numbers, to suddenly start having good passwords, just as they are not likely
to suddenly start exercising.

~~~
rocqua
You are essentially relying on security through obscurity, it might work but
it fails to add security when viewed through Kerckhoffs's principle.

------
danjoc
>until auto-generating password managers gain mass adoption, this
vulnerability will always be around.

When auto-generating password managers gain mass adoption, there won't be much
point to cracking password hashes. Presumably, one would use a different
password for everything in that scenario, which makes the clear text password
basically useless anyway.

------
tmalsburg2
I think there is a relatively simple rule of thumb: If you can reliably
memorize the password with moderate effort, it is very likely not safe. The
approaches described in the linked article are clever but they do by far not
exhaust the possibilities. One big issue is the following: When you try to
come up with random words to compose a password, the words that you'll choose
are going to be very very non-random. Example: Tell a person to name a random
musical instrument. Most people will say violin or piano. Other instruments
will rarely be mentioned. Likewise with tools, most people will say hammer or
screwdriver. This has something to do with how words are represented in our
mental lexicon. There is a lot of research on that that you could easily
leverage in software for cracking passwords, at least the type of password
that's using supposedly random words.

~~~
yoha
> When you try to come up with random words to compose a password

That's why you don't. Give a 64ki word dictionary from your native tongue to
your computer and let it choose four words uniformly at random out of it. This
gives you a password from a distribution with 64 bits of entropy, and is
reasonably easy to memorize with moderate effort.

This means an attacker is expected to proceed to 2\ _\_ 63 hashes to crack
such a password. It would take almost 4 year to crack its MD5 digest on the
rig used in the demonstration. If you not using a password manager for
external sites (which might not use proper KDFs), you can throw in a fifth
word, and be safe for the foreseeable future.

~~~
tmalsburg2
Yeah, I get it. The thing is that many password guidelines do not emphasize
how important it is to draw words randomly, and that makes all the difference
as I tried to explain.

------
nindalf
Considering the ease with which "correcthorsebatterystaple" type passwords can
be cracked, I hope Randall Munroe updates that page and recommends people use
a password manager.

~~~
caf
Only if you're limiting your words to those in a small dictionary - or
regenerating until they're "common" words, which is the same thing (fwiw,
"staple" isn't in the Google list of top 10,000 English words that they're
using).

~~~
DanBC
> Only if you're limiting your words to those in a small dictionary

Diceware uses a 7776 word dictionary. How insecure is a 6 word diceware
passphrase? That should give 77 bits of entropy.

------
donatj
This is why most of my important passwords are at least 30 characters

~~~
gruez
30's probably overkill because it works out to 178 bits of entropy. You'd
probably be fine with 128.

~~~
rspeer
How are you making such a specific assessment without any knowledge of what
the characters are?

~~~
wvenable
It doesn't matter what the characters are; only what characters are
potentially valid.

~~~
rspeer
Would you say the password "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" has high entropy?

People have gotten their Bitcoin wallets owned with 60-character passphrases,
because they used phrases that appeared in a Web crawl. Number of characters
is not the important thing.

~~~
chipperyman573
It would be reasonable to assume that someone who reads HN will understand
that "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" would not be good, even if it is 30
characters long. Donatj probably considered this.

That said, your point is valid and it's possible you're right.

~~~
Dylan16807
That's obvious. What's not obvious is whether donatj's 30 characters are
individually random or composed of words. And 'individually random' could mean
anything between the 4 bits of hex and the >7.7 bits of codepage 1252.

------
philliphaydon
If my password was typed in Chinese would that make it hard to crack?? Or
would it just result in collisions?

~~~
shawn-furyan
There are a lot of hackers who know Chinese, so it probably isn't gaining you
any ground. See diceware.com for how to generate strong passwords (in many
different languages). Also, use a password manager with a password generator
for less sensitive accounts and so that you aren't reusing passwords.

~~~
philliphaydon
I already use 1Password with min 20 characters, unless the site has a length
limit ><

I was more curious about extending the characters past alpha numeric / special
characters, to include Chinese characters as well. That would open up the
number of characters required to brute force and probably result in relying on
a collision. Until technology catches up.

------
devwastaken
I've had many other devs link me to that XKCD post about how any standard
password is 'safe', yet fail to acknowledge the major differences in how those
passwords are hashed and stored. So many people just quote the math and say:
"Math can't lie". It can't, but the very complex math behind the actual
hashing is different from just multiplying charsets.

------
dbg31415
This is a dupe.

[https://news.ycombinator.com/item?id=13355850](https://news.ycombinator.com/item?id=13355850)

~~~
detaro
limited reposts are allowed on HN, so please only flag and link to previous
discussions if they have more than just a few upvotes and/or comments, or if
something has been submitted more than a few times already. Otherwise such
comments just add noise.

[https://news.ycombinator.com/newsfaq.html](https://news.ycombinator.com/newsfaq.html)

> _Are reposts ok?_

> _If a story has had significant attention in the last year or so, we kill
> reposts as duplicates. If not, a small number of reposts is ok._

