Re: Someone said 256 bits is not enough




jj wrote:

I would like to ask about passwords for myself.
Is a password that has no words or phonetic possibilities safer than
one which does?
For example ?===!!!~!!!===? seems to be memorable.

A lot depends on what the attacker looks at first, which depends
on his guesses about you.

Imagine someone who sets up, say, 100 computers to try to guess your
passphrase. One of them strings together dictionary words. It will
never guess your passphrase. Another tries all letters and numbers.
It too will fail. Another tries all ASCII characters. It will
eventually get it, but the attacker will die of old age first.
But what if the 80th computer is programmed to try only punctuation
marks on the keyboard (`~!@#$%^&*-_=+[{]}\|;:'",<.>/?) and the
81st is programmed to do the same with each guess expanded to a
palindrome? Computer number 81 only has to guess 8 characters
out of a set of 33 characters, and will guess your passphrase in
short order.

Another possibility where memory for a complex password might
be obtained is from a large text, say the KJ Bible. If a start
position is selected by the date,

This assumes that our imagined attacker doesn't set up a computer
that tries passages from common texts. Or just from whatever books
are found near your computer or on its hard drive.

and say read backwards every 3 characters,

This assumes that our imagined attacker doesn't set up a computer
that tries passages from common texts and several trivial and
easy to remember modifications of each.

then only chance would provide a word, and there is a system
which could generate a new password per day. As far as I can
tell this gives a challenge to the sorts of guessing described.

Consider an attacker who runs those 100 guessing programs and
many more on a single computer. Let's say he runs 65,536
different guessing programs, all optimized for different ways
someone may construct an easy-to-remember passphrase. He has
increased his workload by 2^16 -- 16 extra bits. If one of
those programs is a good match for your passphrase, you are
hosed.

A good, easy-to-remember passphrase that withstands even
such an attack might look something like this:

PXQ Corporation's offices in Irving, Texas have 4 glass
doors, 2 stairways and one fish tank.

or

Marvin Jingleheimer Wang owns 2 AWD Subarus, hates sushi,
and loves Nehi grape soda.

Passphrases such as the above are reasonably resistant to
guessing because there are so many possible words that could
go in each position. One or two uncommon words makes guessing
even harder. Assume a strength of around one bit per character.

You can even use the technique on systems that don't allow long
passphrases: PCoiIh4gd2saoft or MJWo2AShsalNgs are as easy to
remember as the longer passphrases above but would still be
quite hard for our imagined attacker to guess.

Needless to say, if Marvin is your brother or you work at PXQ,
a smart attacker would be able to use that info to try to reduce
the number of guesses. It would be a lot harder if Marvin reminds
you of Carl and it is Carl who owns the Subarus and loves Nehi
grape.


--
Guy Macon
<http://www.guymacon.com/>

.

Relevant Pages

  • Re: Passwords: length vs. complexity
    ... number of characters in it, but by the number of tokens. ... character passphrase consists of 7 words, ... Always consider an attacker with inside knowledge. ...
    (Security-Basics)
  • Re: XOR passphrase with a constant
    ... to the attacker it does not immediately provide progress in either direction ... hashes that it provides progress on, ... passphrase, even if it is know to the attacker, then it can be considered ... passphrase could have enough entropy that the apparent entropy overflows ...
    (sci.crypt)
  • RE: Crypto Question
    ... make it infeasible for an attacker to break it, then making it any larger is ... that your passphrase strength matters if an attacker can get access to the ... passphrases that are truly difficult to brute force, and indeed, most people ... PGP / XML GATEWAY APPLIANCE ...
    (Security-Basics)
  • Re: PGP scripting...
    ... > If the passphrase were to be entered by hand, say at boot time or some ... This will close the problem of recovering a ready-to-use key from some ... there's still holes here - if the attacker gets access to the server's ... % gdb your.server -p ...
    (SecProg)
  • Re: Cahoot security problem
    ... access to a user's login name and mother's maiden name to successfully ... characters from a password, and those two characters are in the range ... Given that puny humans pick crap passwords, an attacker ... presumably that page gave him another attempt at guessing the same two ...
    (uk.finance)