Choosing a Good Master Password

nikgreennikgreen Junior Member
(was: Suggestions: How Secure is my Password)
Apologies if this isn't the correct forum for suggestions/wish-lists (please feel free to correct my error and point me in the right direction)

I've been a 1Password user for 2/3 years on Mac and now PC and have managed to 'convert' several family members and friends along the way.

One of the common problems I find with new users is getting them to understand just how the security of there password relates in the 'real world'

The password strength indicator bar you have goes some way towards displaying this, but is a bit to esoteric for non technical users, however when I showed my wife and mother this site http://howsecureismypassword.net/ they immediately understood in real terms how different lengths and complexities of password offer different levels of protection.

I realise that this test is highly reliant on the algorithm that is used, and its an imperfect science, but I still think that if you could incorporate a similar feature into the password box and the list view more users would review the merits of there chosen password.
«1

Comments

  • Penelope PitstopPenelope Pitstop Junior Member
    The security of 1PW depends upon users choosing good master passwords so it is important to know how to do it. From the 1PW User Guide:

    "A password nine characters or longer that is not based on a dictionary word or phrase will protect you from even the toughest criminals."

    and:

    "Be sure not to use a password that is easily guessed, such as a dictionary word or a simple “algorithm” like replacing O’s and I’s with 0’s and 1’s. These types of passwords are easy to crack and therefore must be avoided. Generally speaking, the longer your password is, the better. Be sure to select a password that is at least eight characters long and increase its length depending on your security needs."

    Good advice but I think it would be helpful to augment it with some suggestions on practical techniques for choosing and memorising a secure master password.

    There are hundreds of thousands of articles on the subject available on the internet. Unfortunately many of them are about what not to do instead of suggesting practical techniques. It is also hard to discriminate between good and bad advice because the credentials of the authors of these articles is uncertain. Furthermore, knowledge on this subject continually evolves as different cracking techniques are developed e.g. http://www.schneier.com/blog/archives/2007/01/choosing_secure.html.

    Since Agile are experts in this subject area with a vested interest, I thought it might be helpful to kick off a thread about this so that a synthesised version might eventually be incorporated into the user guide/FAQ.

    For example, if I picked three different dictionary words separated by special characters and used a different random character replacement strategy for each word, would that be good?

    e.g. dogs bark loudly -> d0G$*BAhk!loudLy

    Or, for example, construct a random sentence and construct the password from the first characters of each word and use some sort of random character replacement and capitalization strategy on that?

    I like riding my bike around the block every day -> ilrmbatbed -> iLrm&aTB3d

    Or, get 1PW to generate a random one and use some sort of mnemonic strategy to remember it?

    dc2wA7oKPvPQ -> "david cuts 2 waffles AND 7 oranges KEVIN PILFERS violet PANSIES QUIETLY"

    I prefer the last one personally because the actual password string is truly random. The downside is that it takes quite a bit of effort to devise an effective mnemonic. It's also pretty risky because if you do fail to remember it, then you are in a world of pain having to reset passwords on all those accounts.

    1. What technique do you use?

    2. Taking my last example of a mnemonic on a random string generated by 1PW, the string would be stored in my agile keychain. Does that make my keychain easier to crack?

    3. If you used my preferred approach, do you have any tips for making it memorable?

    Apologies in advance if this has already been discussed here but I couldn't find it in my searches.
  • roustemroustem AgileBits Founder

    Team Member
    This is an interesting idea. Thank you for the suggestion!
  • Penelope PitstopPenelope Pitstop Junior Member
    Very interesting. I started this thread over in the lounge on a related topic. Nobody responding yet though.
  • sjksjk oversoul 1Password Alumni

    I started this thread over in the lounge on a related topic. Nobody responding yet though.

    If these two related topics were merged I could compose a single response that draws from both. :)
  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member
    The two threads are now merged.

    Here is an excerpt from a comment I posted on Joe Golton's essay on the subject.


    First start with some phrase, possibly from literature. For my example here, I will start with

    Once upon a midnight dreary
    

    I recommend that you pick something not as well known, but it is also important to avoid something that has special meaning for you. (Someone who knows you well or guesses your interests and tastes should not be able to use that knowledge to get a head start on guessing the phrase.) There is a strong tendency for people to make passwords personal and meaningful. Try to avoid that.

    Now with that phrase that you have taken, change a few words:

    Twice upon a midday bleary
    

    Now add in some misspellings:

    Twice upun a midday bleery
    

    Finally, change some punctuation and capitalization:

    2ice upUn a miDDay# bleery
    

    If you are using a good password management system with reasonable settings, you should end up entering your master password several times a day. So after a few days you really will learn it and be able to type it quickly. But when you first start out, during your first few hours and days of usage, you should set the lock time on your password manager to lock very frequently. This will force you to enter it many times. That process will help you learn it.


    I'd like to also add that the encryption that 1Password uses a system of key strengthening which hinders automated password guessing systems. The actual process of getting from the entered password to the form that is actually used for the encryption is designed to be unavoidably slow. The particular system we use is PBKDF2 with 1000 HMAC iterations.

    I hope this is helpful
  • sjksjk oversoul 1Password Alumni
    jpgoldberg wrote:

    The two threads are now merged.

    Thanks! My longer reply is postponed 'til later …
  • khadkhad Social Choreographer

    Team Member
    edited September 2010
    I have actually been reading some good articles on this topic as a result of customer support e-mail queries.

    Now, I don't speak for Agile on this but for myself.

    I never use punctuation in my master password. It's too much for me to remember. In fact, I use only lowercase letters and a couple digits. I would never use a dictionary word, but I do use pronounceable passwords (often from http://www.multicians.org/thvv/gpw.html).

    I can tell you all of this with complete confidence because of two things:

    1. My 1Password data is stored on my computer. An attacker (maybe you?!) would have to have physical access to my machine in order to even attempt to brute force my password. The copy on Dropbox is encrypted via SSL in transit and stored using AES-256 with my Dropbox password (which is long and strong and down to get the — er, nevermind). What I mean is that even I don't actually know what my Dropbox password is. That's what 1Password is for.
    2. According to the aforelinked http://howsecureismypassword.net/ site, even a password of only 12 lowercase letters (quite a weak password by many accounts) would take approximately 302 years to brute force crack. Of course, that figure may not be completely accurate but it illustrates a good point. The length of your password is much more important than its "complexity."


    The simple algorithm for determining a password's "keyspace" (all possible combinations) and thus the time it would take to "guess" a password via a brute force attack is:

    X^L
    


    Where X represents the "complexity" (or characterset) and L represents the length.

    Check this little exercise out from McAfee blogger Juan Bocanegra:

    A "complex" password policy like:

    • At least one uppercase character
    • At least one lowercase character
    • At least one digit
    • At least one symbol
    • At least 7 characters


    would take less than 10 years to brute force. That is still much longer than any of us need to worry about — unless we've got the Feds on our tail in which case our password strength is probably not our weakest link — but it is a helpful number for our purposes.

    In contrast, a "relaxed" password policy that requires no special characters at all like:

    • All lowercase characters
    • At least 15 characters
    • Non dictionary words


    would take over 12 million years to crack (on that same computer)!

    This sentiment is echoed in an InfoWorld article called "Password Size Does Matter" by Roger A. Grimes.

    One last link before I fade out here. :-)

    In "Changing Passwords Isn't Worth the Effort" by Neil J. Rubenking, he reviews a study by Microsoft researcher Cormac Herley that asserts, roughly, that by the time you have changed your password, a hacker has already used it. Additionally, unnecessary security advice "treats as free a resource that is actually worth $2.6 billion an hour."

    So, do what I do. Use a semi-long password that is not in the dictionary but easy to remember. Twelve characters is more than enough.

    Life is too short to worry that your master password is as well.

    Just don't forget: let 1Password work hard so you don't have to. I like Rubenking's advice in his article: use a password manager. What I have been writing about is my master password, the one I have to actually remember. As I alluded to earlier, every single password I have stored in 1Password was generated using the built-in Strong Password Generator of at least twenty-characters in length. No one could even torture them out of me. I simply don't know them.

    That just goes to show how much I trust 1Password!
  • Penelope PitstopPenelope Pitstop Junior Member
    edited September 2010
    jpgoldberg wrote:

    Here is an excerpt from a comment I posted on Joe Golton's essay on the subject.

    Hi Jeffrey, thanks for your reply. Exactly the sort of response I was hoping to stimulate with my original post. I like the technique you suggest. I think it makes it easier to construct something that is both memorable and long enough (as Khad remarks).

    jpgoldberg wrote:

    I'd like to also add that the encryption that 1Password uses a system of key strengthening which hinders automated password guessing systems. The actual process of getting from the entered password to the form that is actually used for the encryption is designed to be unavoidably slow. The particular system we use is PBKDF2 with 1000 HMAC iterations.

    If I understand you correctly, this key strengthening technique will slow down a computer program emulating a real person using your software? Wouldn't an expert trying to crack a 1PW keychain just analyse the binary of the keychain files themselves in an offline brute force attack?
  • Penelope PitstopPenelope Pitstop Junior Member
    edited September 2010
    Hello Khad, thanks for your reply and all the links. I get it, long is better ;-)

    Your suggestion of using a pronounceable password generator to build a long password is interesting too.

    So now I wonder about 1PW's Password Strength rating. Is that using the X^L formula?
  • khadkhad Social Choreographer

    Team Member

    So now I wonder about 1PW's Password Strength rating. Is that using the X^L formula?


    I am not one of the devs, but I'm sure it is using a (perhaps far more complex) form of it. There really isn't any other way to calculate it that I know of.

    I hope Roustem or Dave step in to correct me if I am wrong.
  • Penelope PitstopPenelope Pitstop Junior Member
    I came across this article written by some academics that not only suggests a good technique but also presents results from an empirical study into the effectiveness of the technique. This for me is now the last word on the subject :)
  • khadkhad Social Choreographer

    Team Member

    I came across this article written by some academics that not only suggests a good technique but also presents results from an empirical study into the effectiveness of the technique. This for me is now the last word on the subject :)


    Finally had a chance to read that article. Interesting, but I don't think it changes my strategy. They were still only dealing with very short passwords. They mention that increasing the characterset (complexity) of a password makes it harder to crack, but make no mention of the fact that increasing the length actually increases the difficulty literally exponentially. The closest they come to even hinting at this is in not attempting to brute force passwords greater than 6 characters. I think that says it all. :-)

    Thanks for the read!
  • Penelope PitstopPenelope Pitstop Junior Member
    khad wrote:

    Finally had a chance to read that article. Interesting, but I don't think it changes my strategy. They were still only dealing with very short passwords. They mention that increasing the characterset (complexity) of a password makes it harder to crack, but make no mention of the fact that increasing the length actually increases the difficulty literally exponentially. The closest they come to even hinting at this is in not attempting to brute force passwords greater than 6 characters. I think that says it all. :-)

    Thanks for the read!

    Your point about the short passwords is well made. What was interesting to me was the technique they used to construct the passwords and that the mnemonic technique was just as secure as a random string. I posted the link because of this particular point rather than to suggest that 6 character passwords were OK :-)
  • khadkhad Social Choreographer

    Team Member
    Of course.

    I don't know you too well, but I think I know you well enough that I would never suspect you would suggest such short passwords. :-)

    From the perspective of a brute force attack, a mnemonic password is certainly just as "random" to an algorithmic password cracker while being easier for a human to actually remember. I'll not harp on it any longer, but my point was simply that if your password is long enough, it does not matter (from the perspective of an attempted brute force attack) whether it is random, mnemonic, or barely "strong" at all. Long is strong. :-D

    Do you listen to Steve Gibson's Security Now! podcast? Lot's of good stuff there. I think I am going to listen to episodes 4 and 5 again ("Personal Password Policy" parts 1 and 2). It's been 5 years (already?) and I am curious to [re]hear what he had to say.

    Let me know if you have any other good articles. I eat this stuff up.
  • Penelope PitstopPenelope Pitstop Junior Member
    khad wrote:

    Do you listen to Steve Gibson's Security Now! podcast? Lot's of good stuff there. I think I am going to listen to episodes 4 and 5 again ("Personal Password Policy" parts 1 and 2). It's been 5 years (already?) and I am curious to [re]hear what he had to say.

    Let me know if you have any other good articles. I eat this stuff up.

    Tried ShieldsUP years ago when I was learning about firewalls. Didn't know he did podcasts. I'll check them out. Thanks.

    I will most certainly let you know of anything else I come across that is good.

    Cheers

    PP
  • khadkhad Social Choreographer

    Team Member
    Oh, I love Steve! Relistening to those podcast episodes (4 and 5), and they are great! It takes a minute to get going in episode 4, but it's worth it.
  • brentybrenty

    Team Member
    khad wrote:

    Oh, I love Steve! Relistening to those podcast episodes (4 and 5), and they are great! It takes a minute to get going in episode 4, but it's worth it.


    Indeed. Steve is the man. Thanks, Sir Mixalot! :P

    And thanks to Penelope and nik for getting this kind of discussion started: this is beautiful!

    While the time estimate given on 'How Secure Is My Password?' is curious, it's a great 'rule of thumb'-sort-of-thing to link our parents, grandparents, and less-security-minded friends and associates. It definitely makes an impression!

    I hadn't given it much thought until now, but it seems to me that the length over complexity paradigm is nice in one very specific way: web passwords. I can't tell you how many times I've used 1Password's strong password generator to create a password for one webservice or another, only to be told that it is invalid for some reason. Unsupported special characters; first character must not be a number; must contain at least n digits; too long -- TOO LONG? Ugh. Fortunately, nearly every site supports passwords up to 12-15 characters in length; so even if they don't support special characters, or only certain ones, at the very least I can just generate a maximum length password with uppercase, lowercase, and digits, and the length itself does most of the work for me.

    Food for thought: wouldn't it be theoretically possible for a brute force attack to guess the correct password at random on the first try (or second, twenty-second, etc.), no matter how complex/long? It's improbable, but fun to think about.

    Actually, I think that happens a lot in movies.
  • khadkhad Social Choreographer

    Team Member
    Food for thought: wouldn't it be theoretically possible for a brute force attack to guess the correct password at random on the first try (or second, twenty-second, etc.), no matter how complex/long? It's improbable, but fun to think about.

    Actually, I think that happens a lot in movies.


    Just like winning the lottery happened to Earl in My Name Is Earl...

    It's possible a plane will land on your house today, but not in any way probable. :-P
  • invictus26invictus26 Junior Member
    One of the best things about 1Password is that it keeps us from having to remember all our passwords, but there are always a few we do have to know (like our master password). I read a great article that looked at the true security of different lengths and complexities of passwords and found that having three or more words with spaces between them is more than enough. This also makes passwords easy to remember and type in. You can read more about it on my post or check out the original article here. This tip just made my life a whole lot easier!
  • khadkhad Social Choreographer

    Team Member
    edited April 2011
    Thanks for sharing that, invictus26! I have merged your post with the appropriate thread. :-)

    As you can see above, I am a big advocate of longer passwords vs. more "complex" ones as well.

    If we can be of further assistance, please let us know.

    We are always here to help!
  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member
    invictus26 wrote:
    I read a great article that looked at the true security of different lengths and complexities of passwords and found that having three or more words with spaces between them is more than enough.


    One caveat on this is that the words must really and truly be chosen at random. More on that below.

    This also makes passwords easy to remember and type in. You can read more about it on my post or check out the original article here. This tip just made my life a whole lot easier!


    Thanks for that! I am aware of the research behind this and I personally do this for some passwords including 1Password master password, Dropbox or my primary email which.

    But while what you describe solves one half of (human) the problem, having memorable passwords, we need to look at the other half of the human problem. The other half is generating the passwords. If you leave people on their own to "pick words at random" they won't actually pick things at random, and so these sorts of passwords remain guessable. It is absolutely vital that the words you use are chosen at random. Fortunately there is a technique for this called "diceware."

    With diceware you roll a die five time, keeping track of the sequence of results, and then use that sequence to select a word from a particular list. You need to do this for each word in your passphrase.

    Do not reject words because you don't like them. Go with what the dice give you, otherwise you are reducing the randomness of the overall pass phrase.

    Thanks for bringing this up. I've wanted to talk about diceware and master password choice for a while now as it is the scheme that I actually use myself.

    Cheers,

    -j
  • brentybrenty

    Team Member
    jpgoldberg wrote:

    With diceware you roll a die five time, keeping track of the sequence of results, and then use that sequence to select a word from a particular list. You need to do this for each word in your passphrase.


    I really like this, Jeff. It's something that anyone can do if they have Monopoly lying around. I think it also appeals to me as sort of an analog solution to a digital problem. Very nice. :)
  • invictus26invictus26 Junior Member
    After some of the comments here and in other places, I decided to really look into password strength and wrote up a very in-depth look at security and types of attacks (complete with graphs and tables!) here. I would appreciate peoples' comments on it so I can improve it if possible.

    One of the footnotes has a link to some code I put on github that will allow you to test your password against different attacks. I think it works better than others because you can set a time period and see the probability that an attacker will break your password. I think that's a better way of looking at it. Unfortunately, it doesn't do a dictionary-style attack, but I'm going to try to add that soon. I'm also working on a program that will generate random pass-phrases from a very large dictionary (thanks for the idea jpgoldberg!). It's much easier than diceware, and also more secure because it draws from a much larger dictionary. You can also choose what parts of speech to use, so you can have VERB ADJECTIVE NOUN for a better-sounding password if you want. I'm hoping to put these up as web apps at some point, so let me know if there are things I should include.
  • khadkhad Social Choreographer

    Team Member
    edited May 2011
    Thanks for the link! I will read it when I get the chance and have passed it along to our resident "Defender against the Dark Arts." :-)
  • jpgoldberg wrote:

    One caveat on this is that the words must really and truly be chosen at random. More on that below.



    Thanks for that! I am aware of the research behind this and I personally do this for some passwords including 1Password master password, Dropbox or my primary email which.

    But while what you describe solves one half of (human) the problem, having memorable passwords, we need to look at the other half of the human problem. The other half is generating the passwords. If you leave people on their own to "pick words at random" they won't actually pick things at random, and so these sorts of passwords remain guessable. It is absolutely vital that the words you use are chosen at random. Fortunately there is a technique for this called "diceware."

    With diceware you roll a die five time, keeping track of the sequence of results, and then use that sequence to select a word from a particular list. You need to do this for each word in your passphrase.

    Do not reject words because you don't like them. Go with what the dice give you, otherwise you are reducing the randomness of the overall pass phrase.

    Thanks for bringing this up. I've wanted to talk about diceware and master password choice for a while now as it is the scheme that I actually use myself.

    Cheers,

    -j


    Thanks for this, JP!

    The Diceware solution appealed to me, because of its simplicity. . .and the fact that no was was trying to sell me anything.
    Today I bought dice and in no time at all have generated a passphrase I can actually remember. ;)

    Just wanted to say. . .Everyday when I wake up the iMac, I give thanks for how much easier is my computer life because of 1Password!
    I feel so much better now, because I know things are secure.
  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member
    Hi Macrina! Thank you for your comments

    Macrina wrote:

    The Diceware solution appealed to me, because of its simplicity. . .and the fact that no was was trying to sell me anything.

    One of the other things about the "low tech" nature of diceware is that you don't have to trust a third party at all. You do it by yourself, and you can verify on your own that the diceware word list doesn't have duplicates.


    Today I bought dice and in no time at all have generated a passphrase I can actually remember. ;)

    That is great. Diceware seems unusual at first, so I am especially delighted that you (and hopefully others) are making use of it.


    Just wanted to say. . .Everyday when I wake up the iMac, I give thanks for how much easier is my computer life because of 1Password!
    I feel so much better now, because I know things are secure.


    That is great to hear. Thanks again.

    Cheers,

    -j
  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member
    invictus26 wrote:

    I decided to really look into password strength and wrote up a very in-depth look at security and types of attacks (complete with graphs and tables!) here. I would appreciate peoples' comments on it so I can improve it if possible.

    That is terrific, Matt!

    I am really pleased that you have relied on the research (in this case the NIST report (PDF)) instead of merely speculating. So as you know, and show in your first graph, a fragment of English after it's reached a certain length adds about 1 bit of entropy per letter, which really isn't very much. Deliberate spelling errors and truly random capitalization (which nobody really does) might be able to bump that up to three bits per letter, but that is a generous guess.

    It is when I started looking at the actual research on password strength and human memory and generating constraints that I started to recommend diceware.


    One of the footnotes has a link to some code I put on github that will allow you to test your password against different attacks.

    Cool! (And we are big fans of Ruby around here.) It is good you have the source available so that people can run it locally. I would not recommend that people test their passwords on a website. After all, the easiest way to get someone's password is to ask them for it. So we all work hard to train people to never give out the passwords.

    One limitation of this kind of software is that the question "what is the entropy of this particular password" is not actually answerable. We have to know the how large the "space" of alternative passwords is. What your code does is try to guess what possible character set is by looking at the actual password:

        @charset = 0
        # Lowercase
        @charset += 26 if @password.match(/[a-z]/)
        # Uppercase
        @charset += 26 if @password.match(/[A-Z]/)
        # Numbers
        @charset += 10 if @password.match(/\d+/)
        # Symbols
        @charset += 16 if @password.match(/[.,,,!,@,#,$,%,^,&,*,?,_,~,-,(,)]/)
    


    But a randomly generated 8 character password from the full set may not contain any digits at all. (I'm to lazy to calculate the odds of that happening, but I'm confident that it is a realistic possibility.)

    I don't really have a solution for this, but it needs to be noted as a problem with testing any password. (Of course we face the identical problem when we estimate password strength for user supplied passwords in 1Password.)

    I'm not sure about the straight division by 4 for user generated passwords. I think it is safe to say that the longer a user generated password is, the fewer bits of entropy per character there will be. So I think the amount you divide by needs to be an increasing function of the password length. So instead of

    @combinations = @charset**@length
    @combinations /= 4 if user_gen
    


    It should be something like

    @combinations = (@charset/@user_gen_factor)**@length
    


    As long as @user_gen_factor is greater than 1, this will have an increasing penalty with the length of a under generated password.


    I think it works better than others because you can set a time period and see the probability that an attacker will break your password. I think that's a better way of looking at it.

    I love this part! Yes, I think that this is a very useful innovation.

    Unfortunately, it doesn't do a dictionary-style attack, but I'm going to try to add that soon
    .
    I think that this is the biggest issue. We do a simple dictionary check in our password strength tester, but of course it is limited to only a few languages and doesn't check for spelling errors.

    So this is a hard one to solve without actually trying to crack the password itself.


    I'm also working on a program that will generate random pass-phrases from a very large dictionary (thanks for the idea jpgoldberg!). It's much easier than diceware, and also more secure because it draws from a much larger dictionary.


    Diceware is inconvenient because it is not automated. But because it is not automated, it means that a user doesn't have to trust anyone else's software. A malicious password generator could look identical to an honest one, but would do its evil by using a poor random number generator.

    We've been thinking about adding a master password "suggester" into 1Password that would be exactly like what you describe. Here the trust issue isn't such a problem because people are already trusting their secrets to our software. So I think that there is a place for both.

    You can also choose what parts of speech to use, so you can have VERB ADJECTIVE NOUN for a better-sounding password if you want.


    I love that idea, but be sure to do the math on that carefully. Unless you have a very long lists of verbs, adjectives, and nouns this might be a real problem. The diceware list has 65 (7776) words, so a three word diceware password has 615 bits of entropy (about 470 billion bits). If you want to match that with VERB ADJECTIVE NOUN then you will need 65 of each type of word. Finding 7000 English verbs may be a challenge.

    I'm hoping to put these up as web apps at some point, so let me know if there are things I should include.

    I think it is great that you are doing this. If some of my criticisms come across as harsh, it is because I really respect what you have done and are doing, so I want to be as clear and straightforward about points of concerns.

    Anyway, your blog post is absolutely fantastic! It's the kind of thing that I wish I had written. And I think that developing user tools around those ideas is great.

    Thanks!

    -j
  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member
    edited May 2011
    invictus26 wrote:

    I decided to really look into password strength and wrote up a very in-depth look at security and types of attacks (complete with graphs and tables!) here. I would appreciate peoples' comments on it so I can improve it if possible.

    That is terrific, Matt!

    I am really pleased that you have relied on the research (in this case the NIST report (PDF)) instead of merely speculating. So as you know, and show in your first graph, a fragment of English after it's reached a certain length adds about 1 bit of entropy per letter, which really isn't very much. Deliberate spelling errors and truly random capitalization (which nobody really does) might be able to bump that up to three bits per letter, but that is a generous guess.

    It is when I started looking at the actual research on password strength and human memory and generating constraints that I started to recommend diceware.


    One of the footnotes has a link to some code I put on github that will allow you to test your password against different attacks.

    Cool! (And we are big fans of Ruby around here.) It is good you have the source available so that people can run it locally. I would not recommend that people test their passwords on a website. After all, the easiest way to get someone's password is to ask them for it. So we all work hard to train people to never give out the passwords.

    One limitation of this kind of software is that the question "what is the entropy of this particular password" is not actually answerable. We have to know the how large the "space" of alternative passwords is. What your code does is try to guess what possible character set is by looking at the actual password:

        @charset = 0
        # Lowercase
        @charset += 26 if @password.match(/[a-z]/)
        # Uppercase
        @charset += 26 if @password.match(/[A-Z]/)
        # Numbers
        @charset += 10 if @password.match(/\d+/)
        # Symbols
        @charset += 16 if @password.match(/[.,,,!,@,#,$,%,^,&,*,?,_,~,-,(,)]/)
    


    But a randomly generated 8 character password from the full set may not contain any digits at all. (I'm to lazy to calculate the odds of that happening, but I'm confident that it is a realistic possibility.)

    I don't really have a solution for this, but it needs to be noted as a problem with testing any password. (Of course we face the identical problem when we estimate password strength for user supplied passwords in 1Password.)

    I'm not sure about the straight division by 4 for user generated passwords. I think it is safe to say that the longer a user generated password is, the fewer bits of entropy per character there will be. So I think the amount you divide by needs to be an increasing function of the password length. So instead of

    @combinations = @charset**@length
    @combinations /= 4 if user_gen
    


    It should be something like

    @combinations = (@charset/@user_gen_factor)**@length
    


    As long as @user_gen_factor is greater than 1, this will have an increasing penalty with the length of a under generated password.


    I think it works better than others because you can set a time period and see the probability that an attacker will break your password. I think that's a better way of looking at it.

    I love this part! Yes, I think that this is a very useful innovation.

    Unfortunately, it doesn't do a dictionary-style attack, but I'm going to try to add that soon
    .
    I think that this is the biggest issue. We do a simple dictionary check in our password strength tester, but of course it is limited to only a few languages and doesn't check for spelling errors.

    So this is a hard one to solve without actually trying to crack the password itself.


    I'm also working on a program that will generate random pass-phrases from a very large dictionary (thanks for the idea jpgoldberg!). It's much easier than diceware, and also more secure because it draws from a much larger dictionary.


    Diceware is inconvenient because it is not automated. But because it is not automated, it means that a user doesn't have to trust anyone else's software. A malicious password generator could look identical to an honest one, but would do its evil by using a poor random number generator.

    We've been thinking about adding a master password "suggester" into 1Password that would be exactly like what you describe. Here the trust issue isn't such a problem because people are already trusting their secrets to our software. So I think that there is a place for both.

    You can also choose what parts of speech to use, so you can have VERB ADJECTIVE NOUN for a better-sounding password if you want.

    I love that idea, but be sure to do the math on that carefully. Unless you have a very long lists of verbs, adjectives, and nouns this might be a real problem. The diceware list has 65 (7776) words, so a three word diceware password has 615 (about 470 billion) possible passwords (about 40 bits of entropy). If you want to match that with VERB ADJECTIVE NOUN then you will need 65 of each type of word. Finding 7000 English verbs may be a challenge.

    I'm hoping to put these up as web apps at some point, so let me know if there are things I should include.

    I think it is great that you are doing this. If some of my criticisms come across as harsh, it is because I really respect what you have done and are doing, so I want to be as clear and straightforward about points of concerns.

    Anyway, your blog post is absolutely fantastic! It's the kind of thing that I wish I had written, and given my conceitedness, that is very high praise. I think that developing user tools around those ideas is great.

    Thanks!

    -j
  • edited May 2011
    I have another question, please. When I'm changing the passphrase at a site, if their requirements do not allow for spaces, could I just run the words together? Or would doing so lower the security? I did see the mechanism at Diceware for randomly choosing symbols and I did that, but for me, it makes the phrase harder to remember, for some reason. (I think it's a brain/math thing, and I was obviously behind the door when those abilities were given. :o )

    Thank you for being so kind in your replies; I'm embarrassingly low-tech in knowledge, but am trying to learn.
  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member
    Macrina wrote:

    I have another question, please. When I'm changing the [diceware style] passphrase at a site, if their requirements do not allow for spaces, could I just run the words together?

    Great question, Macrina!

    I should have mentioned this earlier as my email provider doesn't allow spaces in passwords, so I had to do the same thing myself. The spaces are really just to help us. They only a a little bit (pun intended) to the security of a diceware password. So feel free to run the words together.


    Thank you for being so kind in your replies; I'm embarrassingly low-tech in knowledge, but sm trying to learn.

    You are very welcome. As you have discovered, I love talking about this stuff. We want to make it easy for everyone to do things securely, whether (like you) they are interested in what goes into the system or like many others just want to use the system without having to analyze it themselves.

    I think it is a big sign of our success that 1Password is loved both by techno-security-geeks and by everyone else.

    Cheers,

    -j
This discussion has been closed.