On the other hand, if you're using MD5 CRYPT, they're assuming $100,000 worth of ASICs. If you're using PBKDF2-SHA256 with standard "login credentials" parameters (100 ms of CPU time), it's $14,000,000 worth of ASICs. bcrypt, $100,000,000. scrypt, $4,000,000,000. And if you're using scrypt with typical file-encryption parameters (5 s of CPU time), $15,000,000,000,000 worth of ASICs.
Moral of the story: Whether your password is strong enough depends as much on how it's stored as it does on the password itself.
Intel has brilliantly demonstrated a social engineering/phishing attack here. "A street game" on New Yorkers, of all people! http://www.intel.com/content/www/us/en/security/passwordwin-...
But the strength estimates they give are far too high: What is the strength of a password which a user is willing to type into a non-https website or computer on the street?
This is about as rough as an approximation as you can get. For example, if your password contains dictionary words that aren't in their top passwords, it drastically overestimates the the difficulty of cracking it.
Type `"".hackability` in the console to see the code.
> Step 3: Diversify your social passwords for added security
> "My 1st Password!: Twitr"
> "My 1st Password!: Fb"
> "My 1st Password!: Redd"
stty -echo; echo `read | sha1sum` LittleBitOfSalt | sha1sum | cut -c 1-40 | pbcopy; stty echo
Then paste whatever ends up in the clipboard as your password.
pbcopy is MacOS X specific I think, but IIRC there was similar way to shove stuff into clipboard on linux. Else you end up with (1) password on the screen (2) immense pain typing 40 senseless hex chars :-)
Both Intel's contest and the test at http://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.htm... mentioned elsewhere in this thread seem to be relatively happy with the result..
The fully random passwords with the password manager are probably better though...
If someone is attacking you personally, yes.
If someone attacks a group that includes you, breaks one of your passwords, and posts a dump on the internet, yes.
But if someone gets some password database, bruteforces all the passwords under 20 characters, and now has a username-to-password map with a million entries.... you're probably safe from that attacker using your username/password on other services. So I'd say that it's better than "marginal".
So it depends on what attack scenario you're defending against. Which is true for all safety judgements.
"bacon giraffe coffee paper head": 2 weeks
"coffee banana tourist nose": 15368 years
Or even worse:
"i like salt": 18 years
"i like pepper": 9 hours
> "i like pepper": 9 hours
Well that's clearly because salted passwords are more secure.
"salt tastes ok": 324658 years
"intel password sweepstakes": 8441109 years
"dictionary attack": 390 years
It would take about Infinity years to crack your password.
For comparison, here is the best password checker I've found:
(I am very impressed by the password checker though; it's difficult to cover all scenarios)
"m1p.5AsGs9LXo_HN" for HackerNews
"m1p.5AsGs9LXo_RandomForum" for some random forum
"m1p.5AsGs9LXo_WF" for Wells Fargo
and the random forum's database gets popped, how secure do you think your Wells Fargo password "m1p.5AsGs9LXo_WF" is? Less than 12486848 years. That goes from the realm of password cracking to some guy typing out all the abbreviations he can think of for Reddit or Twitter.
In case you're wondering, Wells Fargo will not accept "m1p.5AsGs9LXo_WF" as a password - too long!
To me, it always feels like they're putting up a humongous, blinking sign proclaiming "Proudly storing your passwords in plaintext since 1991!" (Most notable offender, last time I checked: Skype)
That said, there's no excuse for setting the upper bound so low that any human ever gets their actual choice for a password rejected.
edit: on the plus side, "CONGRATULATIONS!
It would take about 2546476408336 years to crack your password."
(I typed in a password that was roughly equivalent to a very secure and memorable one I memorised but have never found a use for. It's a correcthorsebatterystaple style password.)
In general, including the spaces is a better idea, because collisions.
Say we're taking strings of one or two words, picked randomly. With spaces, there's an equal chance of any string that can be generated. Without spaces, "therapist" has twice the chance of the typical string, which is some information an attacker could exploit.
EDIT: This video explains it: 10 hidden cameras.
And while public key authentication may seem difficult to implement server-side by doing such a thing you will never risk a database password leak again.
interesting toppasswords string. wasn't there a post a few weeks ago about how someone owns a patent on telling you your password is common?
edit: indeed there was: https://news.ycombinator.com/item?id=5543393
Also, "Password" as a part of an example password? "Append a special character"? What is this, 1995?
Nice idea with the entropy checker, though.
password1 = 0 seconds
password12 = 0.0002 seconds
password123 = 0.0027 seconds
password1234 = 0.0272 seconds
Conclusion - password1234 is 100 times safer than password12. Thanks Intel! Changing my passwords now!
"realistic password strength estimation"
I think it's a solid scheme for using unique passwords on every site, based on just having to remember at minimum one input password.
I finally settled on 1Password for the iPhone. I don't remember any of my passwords. I unlock 1Password, find and reveal the password, and type it in. This allows me to have really complex and long passwords. I always have my phone on me, as I use 2-step authentication for every service that provides it. In the rare event I forget a password, I still have email fallback recovery.
(No, that's not a phishing page)
abcdefg123456! < 1 second
abcdefg!123456 < 1 second
abcdefg1!23456 = 5 seconds
a!bcdefg123456 = 1 week
Moving the ! supposedly increases the difficulty several orders of magnitude.
Your first password, they interpret as aa!
Your second, a!a
Your third, a1!23456
Your fourth, a!bcdefga
I think we trust it primarily because it's client side code and on Intel's site.