• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

[Tutorial] - How to Create a Secure Password

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page Previous  1, 2, 3, 4  Next
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Physical Security and Social Engineering

View previous topic :: View next topic  
Author Message
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlāndia, MG, Brazil

Offline

PostPosted: Fri Aug 20, 2004 12:48 pm    Post subject: More thought. Reply with quote

The "200" figure likely came from an estimate similar to one that I previously made:

JustinT wrote:

Assuming standard English, you'll see a common rule-of-thumb of assuming 1.3 bits of information per character; that's asking for a little over 196 characters, to correspond to the level of security we would expect of a 256-bit symmetric key, roughly, with that formula.


Basically, due to what information theory dictates, in standard English, there is, roughly, 1.3 bits of information per characters. Obviously, there have been various other estimates, with values less than 1.3 and slightly higher, in the range of 2 bits; this, however, is a more consistent estimate, and the formula is more conservative; it corresponds to the actual rate of English, so to speak. Assuming that all characters are equally likely, which in practice they are most probably not, the absolute rate of English, according to the same formula, is around 4.7 bits of information per character. Even then, we're still looking at over 54 characters, to give us a level of security similar to that of a 256-bit cryptographic key. But, because we know English text is much too redundant to be this generous, a majority of the time, we can't reasonably assume such a generous bound; we stick to the actual rate, which is unkind, but realistic and conservative.

This applies to passphrases, generally, assuming redundancies of word-based English text; assuming that you mitigate this redundancy through randomization, the amount of entropy present can be increased. In all actuality, it's not that difficult to construct a password with much better entropy levels than those based on standard English. We can defeat these limitations of information theory, provided that we construct these values with two fundamental criterion - randomization and unpredictability. These are all solid approximations, but I would suggest exploring related theory, for more concrete values and formulas. Shannon gave us a wealth of research.

Also, even though I advocate the use of a cryptographically sound pseudo-random number generator over using passwords or passphrases as sources of derivation for cryptographic keys, I also understand the caveats of improper design. PRNGs aren't the panacea, either. If you incorrectly design and implement a PRNG, the amount of entropy rendered can be just as devastatingly low as if choosing a poor password or passphrase. It requires no less caution. The point is, when you are able to make the assumption that your PRNG is correct in implementation and semantically secure, your results are generally much better and more conveniently attainable.

For an algorithm that takes an n-bit key, we should require that it be given a value that contains n bits of entropy. If this value contains less entropy than n, then our level of security is obviously no greater than if we had initially used a key of that smaller length. Therefore, we fail to meet a general requirement. (If you ideally want something much closer to n bits of security, it's more appropriate to use a value of 2n bits in length) As aforementioned, we increase our chances of doing things right when we ensure that our values have a sufficient probability of being random and unpredictable.

The reason I suggest a PRNG for this assurance is quite simple. It's much easier to place trust in a cryptographic primitive, that is based on components that can be demonstrated, mathematically, to produce statistically random output in a manner that is practically unpredictable and indistinguishable from truly random output, to a certain meaningful degree (i.e., cryptographically secure pseudo-random), than it is to assume that an ad hoc "strength meter", based on some generally good, but incomplete, etiquette, is capable of consistently providing accurate measurements of the actual security of a value, equally.

Again, the most accurate portrait is painted when you consider your threat model. Theory approximates bounds we should aim for, to be at least properly secure, but in practice, we realize that scenarios are much different than general textbook examples. In practice, the realized threat may not prompt for a large margin of security, so you may be able to get away with relatively weak, low-entropy values. However, as a cryptographer, I only view this as an ignorant philosophy, because a threat model is only a conjectured amount of risk you assume to be imminently possible; it's an attempt to be minimal and hope your conjecture holds steady.

So, you may suffice with using proposed etiquettes and "strength meters", in a bulk of your practice, but it's a much wiser, conservative approach to be cryptographically precise and accurate, to the highest degree. Why? Not just for theory's sake, but just in case your threat encroaches your assumed threat model. Many may view being conservative, in the cryptographic sense, as setting larger bounds of paranoia; in fact, although we do set larger minimum bounds, these actually achieve levels of security equal to that of smaller bounds that fail to achieve their goal. In other words, we don't expect n-bit primitives to achieve n bits of security; we realize that n bits of security is more readily achieved with 2n-bit primitives.

This philosophy carries over to recommending a source of derivation for values. We don't rely on human etiquette and so-called security "measuring" tools to render us securely random and unpredictable solutions; we more consistently, and effectively, mitigate these fallacies by using a cryptographic primitive that is specifically designed with those two criterion in mind, with statistically verifiable appeal. I am biased towards being conservative and theoretical, regardless of my threat model; it's a safe tactic. However, my threat model isn't always your threat model, and some folks are minimal and practical, so it's up to the individual.

There comes a point in cryptography where "good enough" (i.e., at least out of the practical reach of dictionary-based exhaustive search), in practice, is all it takes to deter an attacker away and force them to focus on other aspects of the system, which lead to more compromise. It's usually not related to the cryptography itself, when you account for most successful exploitation. I don't live by that "point", but it certainly seems to be a popular argument in such debates. The best keys aren't password or passphrase-based; they are randomly and unpredictably generated by an algorithmic process. Based on the constraints of your threat model, determine how meaningful this is to you, in regards to the margin of security you wish to achieve.
Back to top
View user's profile Send private message Visit poster's website
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Fri Aug 20, 2004 8:13 pm    Post subject: Reply with quote

securityforumsusername wrote:
Yes I know, but apparently english language has 1.3 bits of entropy per character, so to achieve 256 bits of entropy you would need 200 characters.... Sad

True; when I said what I said, I was assuming you would use a random (or rather, pseudo-random) key - not just English words. If you use a strong pseudo-random number generator to achieve a key of 256 bits, you can represent that key in 64 characters - that's all I meant.
Back to top
View user's profile Send private message
Greatis
Just Arrived
Just Arrived


Joined: 20 Aug 2004
Posts: 0
Location: Montego Bay, Jamaica

Offline

PostPosted: Tue Aug 24, 2004 3:29 pm    Post subject: Reply with quote

Very informative tutorial and placed in the right section too.
Back to top
View user's profile Send private message Visit poster's website AIM Address MSN Messenger
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Wed Oct 06, 2004 5:34 pm    Post subject: Reply with quote

One of the ways we have found our users are happy to adopt is using initials of a phrase well known to them (maybe song lyrics or a poem). Just a couple of tweks for capital letters or replacing letters with numbers generates a password which is:
1) easy to remember and therefore reproduce, so they are prepared to use fairly long strings
2) very hard to guess or shoulder surf (anything which contains real words allows your brain to fill in the gaps - how easily can you recognise the word *ol*d*y ?)
3) relatively hard to crack.

eg:
F!Iw2l4e!
Idoaw25 12
Hmrmamwd?
Back to top
View user's profile Send private message Visit poster's website
alpinelegend
Just Arrived
Just Arrived


Joined: 22 Jun 2004
Posts: 3


Offline

PostPosted: Wed Oct 06, 2004 6:03 pm    Post subject: Reply with quote

I think i better change my password now Embarassed
Back to top
View user's profile Send private message
mightB
Just Arrived
Just Arrived


Joined: 10 Sep 2004
Posts: 0


Offline

PostPosted: Thu Oct 14, 2004 3:58 pm    Post subject: Reply with quote

is not more secure to have a password that is word from another language, so that it wont be prone to [English] dictionary attack?
Back to top
View user's profile Send private message
Karina
Just Arrived
Just Arrived


Joined: 02 Jun 2004
Posts: 0


Offline

PostPosted: Thu Oct 14, 2004 6:14 pm    Post subject: Reply with quote

i speak another language. i use that language to generate passwords and/or passphrases. but not everyone has that luxury.

problem with passphrases is that there are similarities.

aa lot of passphases use "to" or "too" and a lot of ppl replace is with a "2".
same with "for" replace with "4"

so there you go. you already potentially know one ot two characters.

Smile
Back to top
View user's profile Send private message
moner
Just Arrived
Just Arrived


Joined: 28 Sep 2004
Posts: 0


Offline

PostPosted: Fri Oct 15, 2004 5:04 pm    Post subject: Reply with quote

thats the usual convention replace "i" with "1", "e" with "3" etcetra, i wonder if the nsa or whoever have a dictionary based on that, it will be intresting...
Back to top
View user's profile Send private message
NeonWizard
Just Arrived
Just Arrived


Joined: 06 Aug 2004
Posts: 0
Location: Vancouver, Canada

Offline

PostPosted: Sun Oct 17, 2004 6:01 am    Post subject: Reply with quote

mightB wrote:
is not more secure to have a password that is word from another language, so that it wont be prone to [English] dictionary attack?


A word from another language is good only if someone is trying to find out the password using an english based dictionary. But in countries such as Germany, and Russia, they most likely have their own based dictionary on that language for finding passwords, as most people that live there won't use english as part of their password.
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
jasonr1023
Just Arrived
Just Arrived


Joined: 20 Oct 2004
Posts: 0
Location: Long Island, NY

Offline

PostPosted: Wed Oct 20, 2004 5:31 am    Post subject: Reply with quote

mightB wrote:
is not more secure to have a password that is word from another language, so that it wont be prone to [English] dictionary attack?


I would not assume you get more security. If I know that you speak another language, and I was after your password, I would simply add a dictionary of the language you speak... =)

I may also add a dictionary if I think I can guess what languages you might know.
Back to top
View user's profile Send private message AIM Address
Karina
Just Arrived
Just Arrived


Joined: 02 Jun 2004
Posts: 0


Offline

PostPosted: Wed Oct 20, 2004 10:02 am    Post subject: Reply with quote

Quote:
I would not assume you get more security. If I know that you speak another language, and I was after your password, I would simply add a dictionary of the language you speak... =)

I may also add a dictionary if I think I can guess what languages you might know.


well, you have a very good point there, nothing is ever 100% guaranteed to be 100% secure.

Except, for proffessor Ranum's 100% secure firewall solution:
http://www.ranum.com/security/computer_security/papers/a1-firewall/index.html

Razz

on a side note: i recently saw someones sig. on another forum that read, "there are 10 kinds of people in this world. the ones that understand binary and the ones that don't". it cracked me up.

my point to this is: programmers spend too much time behind the computer and not enough interacting with people. just as there is "slang" on the english language, there is "slang" also in foreign languages, which can not be found in dictionaries.
Back to top
View user's profile Send private message
AdamV
SF Mod
SF Mod


Joined: 06 Oct 2004
Posts: 24
Location: Leeds, UK

Offline

PostPosted: Wed Oct 20, 2004 12:52 pm    Post subject: Reply with quote

we have people at our firm who speak other languages and I always include those dictionaries when auditing passwords.

dictionaries available easily include things like cartoon characters, film stars and TV personalities, and these are oftne available for local areas too.

That said, because we force complexity some of our users now have reasonable passwords, so we use a variant of the brute force approach - rather than brute-forcing against the password hashes, you use the same sort of algorithm (ie cycle through all the combinations of characters you want to include) to pre-generate a dictionary of "random" sequences. This takes AGES. But this time is spent once, not every time you want to do an audit.

Files for the dictionary are immense if you use high length and many characters, we usually pick a "sensible" factor for these (all A-Z, a-z, 0-9, a few of the more common characters ?!), and length of 9 or 10. Our objective is not to break the passwords, but to identify anyone whose password could be easily broken in a "short" time and send them reminders of good practice.

(and thanks for the sig appreciation - I am told it is attributed to Jeremy Paxman, don't know if that's true but I like its elegance)
Back to top
View user's profile Send private message Visit poster's website
ShaolinTiger
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777215
Location: Kuala Lumpur, Malaysia

Offline

PostPosted: Thu Oct 21, 2004 5:00 am    Post subject: Reply with quote

I pwned that phrase long ago:

http://www.cafepress.com/sfdc.6988208
Back to top
View user's profile Send private message Visit poster's website
mightB
Just Arrived
Just Arrived


Joined: 10 Sep 2004
Posts: 0


Offline

PostPosted: Fri Oct 22, 2004 3:04 pm    Post subject: Reply with quote

what are the likely, practical [or even theoretical would be nice to know] attacks on a pass phrase that someone like a Government agency would carry out, like brute force, links, explanation types of attack would be nice thanks again
Back to top
View user's profile Send private message
Mongrel
SF Mod
SF Mod


Joined: 30 May 2002
Posts: 8


Offline

PostPosted: Fri Oct 22, 2004 4:25 pm    Post subject: Reply with quote

A little balance here. We have been discussing the bits and bytes,
difficulty in cracking, etc - in gorey detail.

Let's get down to brass tacks - we who manage networks and user
accounts need to give our users tools to pick a secure AND easily
rememberable password. One that does not need to be written down. One
that we do not need to reset weekly for the poor slob who makes things
too difficult on themselves.

Sooooo - that in mind - let me share my tricks - that I teach people - that
make passwords that are pretty damn strong and that they will never
forget.

The best part of it is that:

It CAN be a date
It CAN be a name
It CAN be something everyone knows about you

And STILL be difficult to crack.

Mind you this example isn't the greatest but certainly gets the idea across.
And I did LC4 this one once and it took a very long time to crack.

My present passwords, using this technique, have been run against LC5
for three days and not been detected. I got bored with waiting for it to
finish.

I'll take you through one I made for myself and show you how it works.
I'll be interested in the experts replies both in mathematical/scientific and
practical aspects.

Sooo - anyone who knows me well knows I like beer. If you REALLY know
me you know I used to drink Schlitz Malt Liquor (back in the '70s B4 it
was a racial thing). And everyone who knows me knows the year I
graduated High School.

Soo - onward and upward

Rule #1 - No words in any dictionary, names, places, things, brands.
(Baaaah Humbug on this one)

Simple solution - misspell a word, name, place, thing, or brand sufficiently
that it is not a real word but not so much that you forget it

Rule # 2 - Use lower case, caps

Simple solution - use both in your misspelled word(s)

Rule #3 - Mix numbers and special characters

Take that date and shift a couple characters.

19ShlitsMault&#

This is a password I will NEVER forget and passes all the rules of length
and complexity for any corporate environment, probably military
applications, and even if you know me you will be hard pressed to guess
that one in a million years.

Try it once - you'll like it - and teach your people
Back to top
View user's profile Send private message
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Sat Oct 23, 2004 11:08 am    Post subject: Reply with quote

NeonWizard wrote:
mightB wrote:
is not more secure to have a password that is word from another language, so that it wont be prone to [English] dictionary attack?


A word from another language is good only if someone is trying to find out the password using an english based dictionary. But in countries such as Germany, and Russia, they most likely have their own based dictionary on that language for finding passwords, as most people that live there won't use english as part of their password.


Actually, every language has its on set of frequencies over alphabets as english does. It would mean that some one who has done a statistical analysis on a given language would be correctly able to decrypt the language(based on a frequency analysis for simple ciphers). He needn't learn to speak or write the language to 'crack' it.

Data.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Physical Security and Social Engineering All times are GMT + 2 Hours
Goto page Previous  1, 2, 3, 4  Next
Page 2 of 4


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register