# [clug] [OT] all text passwords == secure?

Paul Wayper paulway at mabula.net
Sun Aug 26 00:52:50 MDT 2012

```-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 26/08/12 12:19, Scott Ferguson wrote:
> [*1] don't take my word for it, but the maths in the comic strip are out
> by a large factor in the real world.
> Hint: the real math for the strip example is 52 x number of *alpha*

I would think very carefully before challenging Randall Munroe on mathematics.

It's important to note that he's not measuring the basic number of
combinations it would take to brute-force a word - e.g. Tr0ub4dor&3, which is
about 80 ^ 11.  He's measuring the number of bits of decisions based on the
formula he gives: an uncommon base word of nine letters, with common
substitutions, and a number and punctuation added in a random order.  If you
were building a program to generate such words, you'd have vastly fewer than
80^11 combinations to search; 28 bits of entropy is correct for that algorithm.

Obviously, one can add minor variations - move the numeral and punctuation to
the front, etc - but that gets you very few extra bits of entropy at the cost
of being even harder to memorise.  His whole point is to find ways of
generating passwords that are easy for humans to memorise but have more bits
of entropy to greatly increase the number of combinations a brute-forcing
program would have to go through.

This is all ignoring the Shannon entropy of words.  Even if you posit someone
coming up with English-sounding non-words, they're still more likely to follow
a 'q' with a 'u' than a 'g'.  Leet substitutions would not change much here
either, as Randall shows.

Scott, you don't say whether you believe Randall's numbers are too high or too
low - which way are they "out by a large factor"?

The real, fundamental problem we have is that thanks to the leaking of the
password hash databases out there now, and crackers having time and machines
capable of brute-forcing those hashes, crackers have a large set of known,
site, "Passw0rd" won't be tried just after "Passw0rc", it'll be tried much
much earlier - they don't try every permutation in alphabetical order, they
try every known-used password in order of frequency.  Add a couple of random
numbers and letters to the ends of those and you've got most of the passwords
ANYONE will use.  It includes surnames, place names, slang, creative
misspellings, pet names - all the stuff that I'm sure people think is already
super secure because "no-one will guess that my second dog's name was Sparky".

I suspect now that our only hope is to use one of the password safes - I'm
familiar with KeePass, and I know Ian Munsie was working on his own - to
generate a new, unique, over sixteen character, random password with as many
different characters as the system allows.  Because almost any password you
can think of, even the four randomly-chosen word passwords Randall suggests in
the comic, are now starting to populate the database.  For years I've used a
system that takes one secret word and one word associated with site I'm
logging into and mangles them together to produce my password.  It doesn't
matter - if I reuse that password, it's now vulnerable.

We know that these crackers start with people's accounts on one service and
password.  What I haven't seen is any observation that they're correlating the
different hash databases, looking for people who definitely do reuse
passwords, and trying them first.  That's the next logical step, to me.
Because they're now at the point where if you've used any of a number of

The three things I think will protect us in the future against these attacks are:

1) Never, ever reuse a password.
2) Use long collections of unrelated randomly-chosen words or symbols as

It's a big problem.

Have fun,

Paul
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAlA5x8EACgkQu7W0U8VsXYI5oQCdF9ud28LwOrPaZtJURFwacJ9Y
E+EAn3sOw0UMEORjaa8mokTIc0a/poDg
=d02N
-----END PGP SIGNATURE-----
```