Another take on passwords: entropy vs length

Shortly after writing about password strength, Linkedin managed to loose 6.5 million hashed passwords. The hashes have been made public by the crackers responsible for the attack. Posting so many password hashes in public is quite interesting. For starters, the hashes can be analyzed. Now we can read in the news what the most popular passwords for Linkedin are. After reading this list, it is pretty clear to me that there are many people who simply do not care about the security of their Linkedin accounts. Some companies were also extremely fast to provide extra tools such as  Linkedin password checker – I guess a case like this is good advertisement for LastPass.

As you can imagine, I was less-than-amused to find out my password was leaked, too. Granted, only the SHA-1 hash was leaked and my password was a random string. However, the geniuses at Linkedin forgot to salt the password hashes, making them easier to crack. I also do not quite understand why it took Linkedin longer to send me a warning email than Lastpass to write the password checker tool.

After changing my password and making sure I did not re-use this password on other sites, I started reading some more articles about password strength. One of the more interesting ideas was to pad random passwords with easy to remember strings. The article argues the password “D0g…………………” has the same length as the completely random “PrXyc.N(n4k77#L!eVdAfp9” but is much easier to remember. The latter has a much higher entropy which is usually considered as more secure. However, the author claims that padding passwords with easy to remember strings does not make them less safe unless the cracker knows the padding system. If the system used to pad the password is not known to the attacker, brute force is the only valid strategy to crack the password. The author concludes that password length beats entropy in most cases.

I agree with the basic conclusions of the GRC password strategy. However, looking at the most popular cracked passwords list cited above, I believe most people will just use very few padding strategies. Once these are known, password crackers can update the brute force algorithms to make guesses for the padding, effectively decreasing the security of these passwords.

Are password policies promoting weak password choices?

Passwords are one of the most cumbersome parts of modern life. It used to be enough to have a password for the UNIX account at work and a four digit PIN code for the debit card. But not anymore. Nowadays, almost everybody has several email accounts, social network logins, home banking, login to the favorite online newspaper, and so on.

Many people use the same password for everything. If one site gets corrupted – it might be because this password was not strong enough or because the site got hacked – all other logins are open to the attacker. A solution is the use of a password manager. But in some cases this is not practical (and of course we need at least one password to unlock the password manager…). Therefore, finding a way to generate safe but easy to remember passwords is arguably a big challenge to computer security.

In many organizations, password policies are used to enforce a minimum level of password strength. In a recent blog post, John Fontana argues that most password policies actually decrease password security. He cites Cameron Morris who proposes password policy improvements and wrote a tool called Passfault to measure password strength.

After reading about weak passwords a few years ago, I started to use a small command line toll called pwgen to generate random passwords. as it turns out, 7 random characters is pretty much the most I can remember.  In fact, there were several embarrassing incidences where I had to call IT support only half an hour after choosing a new password because I forgot it. Passfault estimates that a random password generated with “pwgen 7” contains 78 billion pattern and can be cracked in about 1 day – sounds not bad to me.

The makers of webcomic xkcd propose an alternate way to make up strong passwords. They suggest to choose 4 random words which are easier to remember than random strings. Knowing my memory, I put this to the test with just 3 random words “garden dolphin dictionary” using the Passfault tool. result: 27 quadrillion pattern taking an estimated 9 centuries to crack – wow! And it is really easy to remember: I lost this paragraph while writing the post but was still able to remember my password while I typed it again later on.

Unfortunately, most password policies do not allow a password like “garden dolphin dictionary”. Some password policies do not allow use of common words. Users can get around this by “keyboard shifting”. For instance, “bird” becomes “notf” on an US keyboard shifting all key presses one position to the right. This does not significantly enhance password strength and some password cracking programs are optimized to detect this.They often require the inclusion of numbers and special characters like ‘&’. As a consequence, users tend to substitute some letters with numbers, a technique well known to password crackers.

A quick web search reveals that there are many opinions on this topic.  For instance, take a look at Per Thorsheim’s Security Nirvana, Schneier on Security who simply advocates to write the password on a piece of paper, and this discussion at Stack Exchange. Personally, I have to say that I like the idea of using a few simple random words – I seem to be able to remember this much better than other passwords. For passwords I have to type often, e.g., to unlock screens, I still prefer shorter random strings. In the end, the single day necessary to crack the above mentioned 7 character random string password by brute force might still provide good enough security for me.