19 comments

[ 2.8 ms ] story [ 51.2 ms ] thread
instead of remembering passwords i remember only one function i've been using for many years which takes the name of the site as an argument and returns the password as the result.
Two years ago I wrote about why this type of password is no longer safe: https://medium.com/@hnlean/imp3n3tr-ble5832-not-an-impenetra...

(See step #6 in the list of steps in the article)

I'm sure the situation has only got worse since then.

Xkcd was advocating diceware, not "making up a passphrase". If your pool of words is sufficiently large, your rolls are random, and you have enough rolls, your password should be as secure as a random number.
The point of a passphrase is to randomly generate each word in the phrase.

Even Diceware, which uses a list of 7776 words, is resistant to attacks if you have a 7 word passphrase.

You use your long random passphrase to protect your password safe. The passwords in your safe are long randomly generated strings of lower case, upper case, digits, and special chars.

> But you’re forgetting the massive GPU array. The hacker runs a program that generates random combinations of two, three or four dictionary words and tries it against your password hash. It’s going to take a while because the number of such combinations are very large, but it’s not impossible. If the hacker is really obsessive about it, he will just keep the program running for weeks until a match is found.

No one today recommends 4 word passphrases - 7 word is the minimum. But 4 words is probably better than most passwords that people use at the moment.

> But you’re forgetting the massive GPU array. The hacker runs a program that generates random combinations of two, three or four dictionary words and tries it against your password hash. It’s going to take a while because the number of such combinations are very large, but it’s not impossible.

The xkcd comic suggests a combination of four from a very modest 2000 (2^11) common words resulting in ca. 2^44 combinations to check. It also assumes 100 guesses/sec which result in over 500 years to break. That's precise math and a somewhat reasonable assumption.

You counter this with an argument like "the number of such combinations are very large, but it’s not impossible". You give no new numbers, no counter-assumptions, you don't argue that 100 guesses per second is too slow, you just state this.

So in this form your argument is ungrounded.

100 guesses/sec is really slow, though, when a desktop pc can do billions of SHA hashes a second.
Ever since reading that xkcd comic and learning about diceware, I've really wanted to create a password generator that could spin out complete diceware sentences of arbitrary length. (Markov chains?) Mnemonics of various kinds could be taken into consideration: rhymes, onomatopoeia, etc. Instead of a 4-word nonsense passphrase, you'd get something like "the red rancid raccoon bit into the butter bucket biscuit" — easy to remember and secure. Unfortunately, I'm not too familiar with this subset of programming.

(Limiting the word pool of each slot due to mnemonics would complicate the entropy calculation, but it should still be fairly straightforward.)

I kind of feel like all these passwords schemes and discussions about password strength fundamentally miss the point. Password reuse is the single greatest threat that any user faces. Nobody's going to guess your gmail password, even if its just six random lowercase letters. They're going to get it from a database dump of a compromised site where you reused that password.

I have well over a hundred websites listed in my password manager. There is not a chance that I could remember a unique password for every one of them, no matter how easy they were.

Wouldn't it be then enough to just simply use a unique scheme? I mean if noone will guess your password and just use possible DB dumps, this would be more than enough:

G#00gl3

A#m4z0n

F#4c3b00k

...

If a human can see one of your passwords, it's extremely easy to crack the other ones, no matter H0w m4ny tricks you try to use.
I know, but the OP said DB dumps are the biggest problems, not the password strength or if someone sees me typing it
Even that ridiculously weak password scheme would probably stay secure until there were a few DB dumps. Then you'd be screwed for reusing the same password scheme across multiple sites. That was sort of my point: reuse is the enemy.
I just use Diceware: https://qrmn.uk/dwr/

(With thanks to Alyssa Rowan for the CSPRNG design. Public domain - feel free to copy it.)

For really important stuff, actual dice just to make sure.

The most important thing I realized when it comes to passwords was the classification into 2 types: strong passwords (keys, local login, local encryption, master passwords for password managers) which is best generated using the Xkcd method, and then the less obvious disposable passwords (all non-local usage, i.e. websites and other temporary need). For the later, I use SuperGenPass[1]. It ensures that 1) my passwords are not reused across sites and 2) they are strong without the need to remember them directly. Because SGP uses hashes, it is very easy to add counters to existing passwords/secret phrases and create a brand new password without much mental effort. I've outlined such a procedure in the issues[2]. Using counters in the "secret" field, I will probably never ever need to change my master passphrase.

I won't deny though that for mobile use, it's a bit cumbersome. The Android app is fine and free[3], and iOS app is a buck[4]. And overall it's a pain if you must login to sites frequently (ideally, using a native app reduces this greatly, login once until you manually logout).

It's also pretty confusing for non-technical people to get behind. I actually sent out an entire email blast to friends and family giving them my best attempt at an explanation, argument, and tutorial of how to use it. I don't think anyone did it.

So while the interface is kind of clumsy, the strategy is solid and I love knowing that I can use it.

[1]: http://www.supergenpass.com

[2]: https://github.com/chriszarate/supergenpass/issues/40#issuec...

[3]: https://play.google.com/store/apps/details?id=info.staticfre...

[4]: https://itunes.apple.com/us/app/supergenpass/id451606360?mt=...

Neat, I have the following in my `.bashrc` to accomplish pretty much the same thing. It should be noted that I do not use it for passwords (I have a password safe for that), but I do use it for passphrases since I may have to read them over the phone.

    secret () {
        # '\u' for `sed` is a GNU extension.
        shuf /usr/share/dict/words \
            | grep '^[A-Za-z]\+$' \
            | head -n 3 \
            | sed -e 's|\(.\)\(.*\)|\u\1\2|g' \
            | tr -d '\n' \
            | sed -e 's|$|\n|g'
    }

    > for _ in `seq 7`; do secret; done
    InterweaveMakariosEncrusting
    DisseminatingAgriculturalistCautioned
    EffectuatingCobblersEgos
    AccidentalKopeckRevolts
    RefDivansUndersigns
    SalesmanSubmitterFlak
    TempsIlluminedQuickening
Good luck reading "makarios" over the phone, though. You need a phonetically distinct alphabet, like the NATO alphabet, and entropy is very low there.
Your mileage may wary, but I have never had any issues reading them to the human operators. Security questions are bad policy anyway and I assume that they are less picky when hearing "SiloRepossessedTapir" compared to "SiloRepossessTapir", than for "Mary" to "Maria".
Wouldn't such a misheard phrase make the password you've set not match?