Zaphod Beeblebrox's kite harasses Tuscon. Great, one more collapsing home. Why? 7 termites risk 5 bad days. Knight's queen kills narcs; Good Game queen. Fighting inside futons upends Greater Detroit in 7.
But that's because you forced the choice on me, and I'm only willing to work so hard for a Hacker News post. Ideally, you turn it into one coherent story. If I can choose my password, and I usually can after all:
Zaphod Beeblebrox wears 3 hats. He gives 1 to Ford. Why did he do that? He only has 2 heads. Xavier can't read Zaphod's mind now. (Does he even want to?)
ZBw3hHg1tFWdhdt?Hoh2hXcrZmn(Dhewt?)
That's 35. I could have that mostly memorized in a day's relatively normal usage, and definitely have it by a week. I have some rules I apply, like numbers -> their digits, periods are "free" but the other punctuation goes in, etc. Doesn't much matter what your rules are, as long as you're consistent.
Technically, this is less random that a truly random password, because rather than drawing uniformly from the space of possible symbols, you're tilted in the direction of what words can start with and some other things like that. I tend to just make up for that by swinging more entropy at the problem, and trying to work in some Xs and Zs and unusual symbols, and figure that it gets me close enough.
One trick to this: If you find in the first day that you're consistently remembering the phrase differently than you first laid it out, just take the hint and change the password.
To me, there's an irony in that "Zaphod Beeblebrox's kite harasses Tuscon." is not only _more_ memorable on it's own, but is probably a _better_ password than "ZBw3hHg1tFWdhdt?Hoh2hXcrZmn"
Stop using passwords, just use a "pass sentence."
My last few passwords at my previous employer:
"Tim, bring me chicken #15"
"Mary, stop looking at me!"
"Nothing you can do about 2!"
"The coffee here is gross."
There's absolutely no way a five word password is better than 32 random characters. Two plain old random words, the entropy of that is less than 16 bits each, but we'll round up. One of the biggest cities in the US is probably even less useful, but let's credit it for 16 bits. And let's rate Zaphod Beeblebrox as one-in-a-million for entropy purposes.
That's 68 bits. It's somewhere between 11 and 12 random alphanumeric characters. It's unimaginably weaker than 32 random characters.
A random word is generally worth about 2 to 2.5 random characters. Sometimes that's easier to remember, sometimes it isn't.
And your example passwords are not that strong. A simple algorithm picking words just by rarity could hit "The coffee here is gross." within about 2^50 iterations, and a single consumer GPU can test about 2^48 - 2^52 hashes per day. "the", "here", and "is" are way too common. You only have two moderately random words.
> There's absolutely no way a five word password is better than 32 random characters.
That assumes the attacker knows it's a five word password, and that there are no misspellings, and that these are specifically English dictionary words in dictionary form, how you're capitalizing it, and whether or not you snuck a number or an exclamation mark in the middle. Might as well know your password at this point..
Not a single dictionary form, and not a single word spelled "correctly", but this sort of phrase is really easy for me to memorize. If you had dictionaries for all four languages involved, you still probably wouldn't get very close unless you also know to inflect these words like spoken/slangish Finnish sans umlauts. Say what, fellow Finns?
Guessing that it's English words is no harder than guessing that it's random uppercase/lowercase/numbers. So that part cancels out. Realistically you'd try all simple patterns in order of complexity. This makes cracking slower than knowing the pattern up front, but the password is already getting exponentially harder to crack every time it gets longer. The small factor of trying different simple patterns pales in comparison.
The attacker doesn't need to know how many words. They would try 1, then 2, then 3, etc.
Capitalization and tiny modifications are only worth a few bits. They can't get you anywhere near the quality of 32 random alphanumerics.
Your password example is a lot stronger. But even then I don't know if it's better than a full 32 random characters. That would mean every two characters in your password have more randomness than a completely random character with no patterns. That might be true.
> The small factor of trying different simple patterns pales in comparison.
I'm not sure I agree with that. There's an infinite number of simple patterns that one could construct, and guessing the right one from the space of all possible patterns could alone exhaust any bruteforce capability. The characters of a random password could be taken as constants that define a simple pattern according to some rule, so you can have as much entropy in the space of such patterns as you have in a randomly generated alphanumeric password; in a manner of speaking, the pattern is part of a password and by itself contributes to entropy (as long as we're talking about patterns with long enough outputs that different patterns don't have much overlap in what they spit out).
If the attacker doesn't have a huge library or eof simple patterns, then making an unbreachable passwords is very simple: just make up a new pattern, they probably won't guess it.
(Dang, now I'm tempted to make a game out of this: write a pattern generator, post a set of parameters in the public along with the md5 of the resulting pattern, and award some monies to the first person to figure it out.)
> The attacker doesn't need to know how many words. They would try 1, then 2, then 3, etc.
Sure. At what point would they exhaust their bruteforce capability or decide that they've probably got the wrong pattern and go for another one?
I hope the next pattern they choose isn't one to four random English dictionary words followed by the number of letters in the resulting phrase, expressed in binary using X for 1 and Y for 0!
> Capitalization and tiny modifications are only worth a few bits.
Five times a few bits quickly adds up though.
> Your password example is a lot stronger. But even then I don't know if it's better than a full 32 random characters. That would mean every two characters in your password have more randomness than a completely random character with no patterns. That might be true.
It's pretty hard to say since I made it up on the spot instead of randomly generating it after specifying a pattern, yeah.
But if you had just five words in different languages and you had to guess the language for each, that is quite a bit of entropy. Not enough to prevent any sort of brute force attack, but we're talking a few dozen bits at least. A quick google search shows that there are around 4000 human languages with at least 1000 speakers (https://www.infoplease.com/askeds/how-many-spoken-languages), that'd be 12 bits per word. You could guess it's got to be one of the most common 100 languages and you'd miss three languages that I used (Norwegian, Finnish, Esperanto), according to this list of top languages by native speakers: https://en.wikipedia.org/wiki/List_of_languages_by_number_of....
Of course not all words are unique across all languages, so a dictionary attack against my pattern could pick the wrong language for some word and still score the right dictionary entry.
Inflection, in the case of Finnish, proves interesting because there are ways to stack different endings and thus you can have hundreds or thousands of variations of a word, by the book. Slang and regional dialects only add to it.
> At what point would they exhaust their bruteforce capability or decide that they've probably got the wrong pattern and go for another one?
Go in increasing order of difficulty. Or estimated rarity based off of password dumps.
Something like: One character, two characters, one word, one word plus a character, one character plus a word, one modified word, three characters, etc.
"word" being a list of most common words in the united states, or something. Like you said, using many languages screws up dictionary attacks. But most passwords don't do that.
> I hope the next pattern they choose isn't one to four random English dictionary words followed by the number of letters in the resulting phrase, expressed in binary using X for 1 and Y for 0!
That would just be "four words plus five random characters".
> That would just be "four words plus five random characters".
Aye.. if you were going to pick the simplest (most bruteforceable) pattern first, you wouldn't want five random characters now, would you? I thought that's the whole point of this exercise :-) Of course I could decide to repeat that bit pattern four times and that adds no entropy if the pattern is assumed to be fixed, but then we get back to having the attacker try guess the right pattern.
Very often in these discussion people don't consider the pattern space at all as part of entropy and they only look at the entropy within the alphabet/words/variations after the pattern is fixed. I'm not sure that's right.
The pattern entropy matters, but it's much smaller than the entropy from the actual words and characters.
Don't try to outsmart the person cracking the password. Assume whatever clever scheme you come up with is relatively common. If only 0.05% of passwords use it, that's still less entropy than adding two more characters. And it's a lot safer to underestimate than overestimate.
> a single consumer GPU can test about 2^48 - 2^52 hashes per day
Surely that depends on the hashing function. Moreover, these passwords are usually used for authentication rather than encryption, making the speed of the GPU irrelevant.
Even for encryption, you should probably store a strong key on a hardware TPM and only using the weaker key to authenticate towards the TPM.
It matters for authentication. Databases are regularly leaked with password hashes in them.
You can use a bad password if the hash is good enough, or if you assume the hash can never be leaked. But you can't usually assume the hash will be good. It's safer to store a high quality password than to memorize a low quality password.
Realistically, which of my passwords are accessible by such? The vast majority of my passwords are on the web. I don't think any web server is capable of receiving that many password requests to brute force the creds there.
Otherwise to get access to my PC? Let's just say that if that ever happens, having a more randomized password (and one that I can actually use) that takes a bit longer to crack won't make much of a difference, considering they already have my PC.
If you're only worried about people trying to log in via the web, you can get away with a really bad password and you don't need any fancy tricks.
If they get the drive from your PC, the difference between a medium password and a good password is not "takes a bit longer to crack". A better password is impossible to crack using current or near-future technology. The difference between 12 and 20 characters is that it takes ten million billion times longer to crack.
(Assuming you encrypt your data. If you don't then all your effort on making a half-secure password is wasted from the start.)
If you want real convenience for logging in to your PC, without compromising your security, then use a PIN that unlocks a key stored in the TPM.
I ran a few tests with zxcvbn using five words (only nouns and verbs) and it estimates the complexity at roughly the same as that of a 32 random alphanumeric character password with capitals. Is zxcvbn wrong?
Even knowing nothing, any sane password cracker would attempt five letter sentences long long before they even reached 30 character alphanumerics. And 30 characters is itself more than a thousand times easier to crack than 32.
That technique works if you're good at remembering long phrases/stories/quotes verbatim.
Not everyone has a memory works that way. I've tried mind palace style and mnemonic techniques, and I will always remember the general gist, but typically not the exact order and specific words used. Same issue with reciting quotes. I can just about remember the 7 word phrase that I use to unlock my password manager, and I still sometimes mess it up.
Similarly I can never remember the plot of films more than a few days after I watch them - though one great thing about that is you can always re-watch films like they're new. Yet simultaneously, I maintain a working memory of several programming languages/frameworks, and otherwise generally have a good semantic memory.
I do passwords this way. At first, it's pretty slow, but after a while it's muscle memory: my fingers know my passwords better than my brain does.
I don't do passwords this way at work anymore, because they make us change it every 90 days. I just use keyboard patterns, and shift the pattern to the right for each successive password. Seriously people, expiring passwords is an idiotic idea.
I don't actually use 35-char passwords. That was just to answer the challenge. Mine are more on the order of 20.
It's fairly fast, actually. One of the things I've decided to do is trade some entropy for having only lower case letters and the minimum symbol count, because what tended to screw me up most was synchronizing the shift key with the rest of the password... which I suppose also gives a clue about the speed. It's at least no slower than a passphrase of equivalent strength, and it fits my brain.
But if passphrases work better for you, by all means, please do.
Also, I have a password manager. I only have about 4 of these at any given time, and I can afford the cognitive burden of ensuring they are all very strong. It'd be a different problem otherwise.
It's not just memorizing it, it's typing it every single time for every transaction that you want to do, if the administrators require it. The recommendation on one system I use is to force ssh and auth with username/pw for every git transaction. Because Security!
If I had a good reason to memorize this, I would have it down within a couple weeks. I'm pretty certain of this, as I do have private keys committed to memory. That's not even impressive, folks who have good memory palace practices could recite that string for you a few minutes after seeing it. I wouldn't expect it of the average user, but it is totally doable for a human of average intelligence -- it's just not something people care about. For long term storage (rather than a repeatedly entered password) it's even easier if you convert[0] it to an equally random yet more humanly memorable line of text: "duck fade ink love reality possible shown screw thing win invisible realize child suffocate somehow petal army nervous"
In fairness, if you have a good password manager on that phone, that password will be protected by not just the device's unlock PIN but the password vault's master password as well, along with potentially other layers of added protection as well (a second factor to unlock the password vault, biometric authentication to unlock the vault or the device, etc.)
But almost nobody uses a good password manager, so... yeah.
