Password Strength: Rebuttal to http://xkcd.com/936/
The XKCD comic here made an interesting argument about passwords: that we should, rather than creating short passwords with random characters and 1337 substitutions, create long passwords out of easy-to-remember words. We are much better at remembering words than symbols per byte of entropy, the logic goes, so our passwords should be made out of words. The problem is that there are two very important variables that the analysis misses out on:
1. Ease of typing in password
2. Difficulty of getting password from shoulder surfing
Let's consider 'Tr0ub4dor&3' vs. 'correct horse battery staple'. How much longer would the latter take to type? One is 11 characters long, the other 28, but there are a few adjustments to take. First, in favor of the latter, typing does take longer if the shift key is involves, as it is here twice, so we might adjust this to 13 vs 28 "effective characters". Second, though, is the issue of typing errors. The possibility of making a successful input decreases exponentially with the password length, so the average number of tries increases exponentially. If the success rate for the shorter password is 80%, the longer password will see a rate of 63%, so the longer password would, in effect, take 1.27x as many tries. Since there is a period of waiting between inputting an incorrect try, the computer rejecting you, you realizing what just happened, and you typing in the password again, so a 2-try success might actually take 3-5 times as long as a 1-try success, the effect is even worse. Thus, in practice, the suggestion of switching to the long password, if it gets adopted at all (most likely due to an enterprising IT geek drafting a corporate policy), will run into the fact of user laziness and will encourage users to stay logged in to everything forever on any computer they ever touch, clearly reducing security.
The second issue works like this: 'Tr0ub4dor&3' has 28 bits of entropy for 13 "effective characters", or 2.15 bits/ch. 'correct horse battery staple' has 44 bits for 28 characters, or 1.57 bits/ch. Thus, someone shoulder surfing the shorter password would have far more information to take in all at once. Due to linguistic redundancy, with the longer password he can even miss half the characters and get the password right. And god forbid the user fumbles and has to input the password twice...
I'll finish up with my password policy:
1. The three really important things - my desktop password, my email password and my Bitcoin wallet encryption password, are all their own 18-character strings made in a similar style to 'Tr0ub4dor&3'. The desktop password is considerably more incomprehensible - this is okay because you will remember something you have to type in 5-20 times a day no matter what it is, and if you're typing it that often the battery staple approach is obviously unreasonable.
2. Website passwords are formed from a algorithm based partally on the website's name and partially on a short 6-character string, forming an 11-character password unique to each website that I do not have to remember, but can figure out from the website name. Currently, the algorithm isn't very good (and I do plan on changing it soon) - comparing 2 website passwords can reveal the pattern, but the it defeats attackers who get username/password combinations on one website and try them everywhere else automatically. I prefer this over password managers due partially due to paranoia and partially because I want to be able to access all my sites on other people's computers.
1. Ease of typing in password
2. Difficulty of getting password from shoulder surfing
Let's consider 'Tr0ub4dor&3' vs. 'correct horse battery staple'. How much longer would the latter take to type? One is 11 characters long, the other 28, but there are a few adjustments to take. First, in favor of the latter, typing does take longer if the shift key is involves, as it is here twice, so we might adjust this to 13 vs 28 "effective characters". Second, though, is the issue of typing errors. The possibility of making a successful input decreases exponentially with the password length, so the average number of tries increases exponentially. If the success rate for the shorter password is 80%, the longer password will see a rate of 63%, so the longer password would, in effect, take 1.27x as many tries. Since there is a period of waiting between inputting an incorrect try, the computer rejecting you, you realizing what just happened, and you typing in the password again, so a 2-try success might actually take 3-5 times as long as a 1-try success, the effect is even worse. Thus, in practice, the suggestion of switching to the long password, if it gets adopted at all (most likely due to an enterprising IT geek drafting a corporate policy), will run into the fact of user laziness and will encourage users to stay logged in to everything forever on any computer they ever touch, clearly reducing security.
The second issue works like this: 'Tr0ub4dor&3' has 28 bits of entropy for 13 "effective characters", or 2.15 bits/ch. 'correct horse battery staple' has 44 bits for 28 characters, or 1.57 bits/ch. Thus, someone shoulder surfing the shorter password would have far more information to take in all at once. Due to linguistic redundancy, with the longer password he can even miss half the characters and get the password right. And god forbid the user fumbles and has to input the password twice...
I'll finish up with my password policy:
1. The three really important things - my desktop password, my email password and my Bitcoin wallet encryption password, are all their own 18-character strings made in a similar style to 'Tr0ub4dor&3'. The desktop password is considerably more incomprehensible - this is okay because you will remember something you have to type in 5-20 times a day no matter what it is, and if you're typing it that often the battery staple approach is obviously unreasonable.
2. Website passwords are formed from a algorithm based partally on the website's name and partially on a short 6-character string, forming an 11-character password unique to each website that I do not have to remember, but can figure out from the website name. Currently, the algorithm isn't very good (and I do plan on changing it soon) - comparing 2 website passwords can reveal the pattern, but the it defeats attackers who get username/password combinations on one website and try them everywhere else automatically. I prefer this over password managers due partially due to paranoia and partially because I want to be able to access all my sites on other people's computers.
posted by vub @ 13:04
3 Comments
3 Comments:
I'm somewhat skeptical of XKCD's calculation of the entropy of passwords, but I'll let it pass since it went ~28.
I think that once you get to the type of password described in the XCKD, there isn't much of a cost to going to true random characters (with the ascii range 32-126 so that one can type it) and getting about 6.5 bits of entropy a character...
In any case, you've made excellent points with ease of entry and remembering something one has to type in every day.
I agree, the XKCD calculation for Tr0ub4dor&3 is quite a bit on the low side - once you allow a substitution as unlikely as just 'o' for the second 'ou' in "troubadour" each substitution locus deserves 3 bits minimum - if I was writing a leetspeak password brute forcer Tr0ub4dor&3 would have gotten past entirely.
BTW, I just realized that I actually remember Tr0ub4dor&3 _better_ than "correct horse battery staple" - I got the order of the words mixed up there, especially since the XKCD comic really encourages a memorization of "horse battery staple correct". Tr0ub4dor&3 just stays in my memory as "TrOOHbador and three" with the vague idea that there's a 4 in there superimposed.
Why would you publicize the length of your password? That instantly annihilates most of the search space.
Post a Comment
Subscribe to Post Comments [Atom]
<< Home