Entropy on Passphrases From The Generator
Maybe I need better search skills, but I couldn’t find out how many words are in the word dictionary used by the password generator.
Please can somebody point me at where this information is provided?
Also, is the dictionary constantly being expanded?
Reason I ask is that I was helping a friend to get started and looked at the advice for choosing a master password. It contains references to blog posts that are now quite old. I went back to the diceware pages for the first time in ages and see that the advice on numbers of words has been updated to six or more. It made me curious about the password generator built into 1Password. I wanted to generate a random master password for him, but I didn’t know how many words to use.
I also think it might be time to produce some more prescriptive advice for a complete newcomer. The old blog posts are still relevant and great, but my friend reckons it is just too much to take in. When you’re new, just working your way around the website and the apps is enough to take on board.
He would have preferred something along the lines of “do this and read here later to see why we advise you to do it”. Having re-read the document, I must say that I agree.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Maybe I need better search skills, but I couldn’t find out how many words are in the word dictionary used by the password generator. Please can somebody point me at where this information is provided?
@Penelope Pitstop: It's not you. I know I've posted about it before myself, but I can't find them either. If I do, I'll post links here. It's a bit over 18,000 words.
Also, is the dictionary constantly being expanded?
It's not being expanded. We have, however, trimmed some words here and there over time when we found some that were...undesirable. :dizzy:
I wanted to generate a random master password for him, but I didn’t know how many words to use.
:) We wanted to know too, so we ran this contest:
How strong should your Master Password be? For World Password Day we’d like to know
It ran starting April 26th, and the first password was discovered on October 14th (the others within the following weeks). So, long story short, it takes roughly 6 months to brute force a three-word Wordlist password. We generally recommend four, because it's not much to ask to remember one more word, and it increases to the difficulty of guessing it exponentially.
I also think it might be time to produce some more prescriptive advice for a complete newcomer. The old blog posts are still relevant and great, but my friend reckons it is just too much to take in. When you’re new, just working your way around the website and the apps is enough to take on board. He would have preferred something along the lines of “do this and read here later to see why we advise you to do it”. Having re-read the document, I must say that I agree.
I hear you. I do think that it's important to avoid being prescriptive though, since an attacker could then potentially use that advice to train algorithms to guess "1Password approved" Master Passwords more easily. Also, what is good advice for me may not be for you, and vice versa. We do have a more general primer on this on our support site though:
How to choose a good Master Password
Anyway, I hope this helps. I'll see if I can find some more links for you, but if you have any other specific questions I should be able to answer those on the spot too. :)
0 -
Someone super helpful pointed out this thread:
https://discussions.agilebits.com/discussion/56902/diceware-dictionary-size-and-feature-request
I believe there were others too.
0 -
Thanks for your customarily helpful replies @brenty.
That How to choose a good Master Password is precisely the article that I think is hard for a newbie to grasp. After reading it, they can’t work out quickly what to actually do.
I respectfully disagree with your view on the importance of avoiding being prescriptive. Surely the whole point of a secure choice is that you know it is invulnerable to current tech even when they know what system you are using? Furthermore, if the Agilebitsies can’t provide prescriptive advice, who can? Anyway, it was just my suggestion for improvement based on direct new user feedback. I’m not trying to stimulate debate.
I have a supplementary question. Long ago, I lost an iPhone and your colleagues were super helpful in allaying my fears and explaining what goes on under the covers with the master password as my attention to this was brought into sharp focus by the experience. IIRC, the master password is used to generate and encrypt another key that is the one actually used to encrypt the data. Furthermore, it used to be that when the master password was changed, the actual key used to encrypt the data didn’t. I might have got hold of the wrong end of the stick, but I think that meant that changing the master password didn’t really do anything. Is that right nowadays?
Would there be anything wrong with using the password generator to create a new, say five or six word, password?
From a theoretical point of view, is any weakness introduced into the system by knowing that the master password is actually inside the encrypted data it is used to protect?
It’s surprising how quickly you forget all this stuff if you aren’t thinking about it all the time.
0 -
The number of words (at this moment) is 18324.
Also, is the dictionary constantly being expanded?
Quite the opposite, @Penelope Pitstop. It is slowly shrinking. When we constructed the wordlist we made an effort to remove most taboo language, but we didn't catch everything. So we have had to occasionally remove the odd word here or there. It's been pretty stable now that it's been in use for a while.
The wordlist will be included with the resources associated with the app. On the Mac it is in
/Applications/1Password 7.app/Contents/Frameworks/AgileLibrary.framework/Resourcesin the fileAgileWords.txtNecessary vagueness
Unfortunately the reason why it is hard to give specific advice to a broad audience is that the real answer is "pick the longest one you can most reliably type and remember", but an absolute minimum of three words.
I typically recommend that people make it four words long. But I vary my advice depending on the person. If I know that someone will balk at a four word master password, I will "three or four". If I know that someone won't feel secure unless they are really working for it, I will say "four or five".
So you, armed with the knowledge that an attacker who captures the local data will be able to crack a three word password with approximately $1000 worth of effort (directed solely at that one password), and tens of millions of dollars worth of effort to go after a 4 word master password, are in the best position to make a recommendation to your friend.
0 -
Sorry for the bump, @jpgoldberg , but I've been reading through this and other threads on Diceware and "AgileWords", along with various 1P blog posts etc. and have a question! :)
Do you have updated tables on Master Password guessing times for different bits of entropy / no.s of words, given the increase in GPU power etc. since the John the Ripper (2012) and hashcat (2013) articles, along with the increase in PBKDF2 iterations to 100,000?
0 -
Yes @Tezcatlipoca, I do have updated information, but it isn't nicely formatted in pretty tables.
We ran a cracking contest a little while back to estimate the cost of cracking. We gave out around $32,000 in prizes and set some achievable cracking that would still take a lot of effort.
Anyway, what we concluded is that with assuming the attacker has your Secret Key, then it costs about 6USD to try 2³² master passwords if you are set up to work at scale.
This makes the cost of cracking a three word password to be about 4,300 USD. Let me see if this table from a draft write-up I have works
Method Bits Cost (USD) Example 3 word, constant separator 42.48 4,300 prithee-insured-buoyant 9 char, with lowercase, digits 45.00 25,000 azdr3oqxc 8 char, with uppercase, lowercase, digits 46.25 58,000 8NhJqHPY 3 word, digit separator 49.13 430,000 swatch2forte1dill 10 char, with lowercase, digits 50.00 790,000 fovav9v6ot 9 char, with uppercase, lowercase, digits 52.03 3,200,000 siFc96vGw 11 char, with lowercase, digits 55.00 25,000,000 aev7x9cgm3q 4 word, constant separator 56.65 79,000,000 align-caught-boycott-delete 10 char, with uppercase, lowercase, digits 57.81 180,000,000 rmrgKDAyeY 12 char, with lowercase, digits 60.00 810,000,000 8cjfqtzj7yx3 4 word, digit separator 66.61 79,000,000,000 convoy2chant3calf9senorita 5 word, constant separator 70.81 1,400,000,000,000 passion-ken-omit-verso-tortoise 0 -
Thanks @jpgoldberg :)
0 -
On behalf of jpgoldberg you are welcome @Tezcatlipoca! If you have any other questions, please feel free to reach out anytime.
Have a wonderful day :)
0
