Re: Password entropy

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Tue, 25 Jul 2006 09:26:19 CDT, Roger Safian said:

> So, just to be clear, a 12 character passphrase, depending on the distribution
> of special characters, capitalization, etc. is likely to fall into the 80
> bit "strong enough" bucket.  Yes?

Possible, yes.  Likely, probably not, at least not with any password policy
your users are likely to put up with.  The only way to get to 80 with only
12 characters is to force all 12 to be totally random selections from the
printable-96 set (at which point you have 12*6.5 or 78 - so you're *still*
a bit shy, but the difference probably isn't anywhere near a problem... The
total-random nature may irritate your users, though.

Cn7&;$wop~~@?mx - so speaks my /dev/urandom.  I *know* what your users will
say, especially when their next password is C_XG?7c#DFC[  (And yes, you *will*
need to machine-generate them at that point, as users *will* choose biased
pseudo-random characters...)

With 16 characters, you only need 5 bits/char, and you can write policies that
are a lot more slack (require 3-4 uppers, digits, and specials, and you're
probably there).

Or require 20 characters, and be *really* lax (but you probably *still*
want to compare against a "popular phrases" list).

For those who do RedHat/Fedora or other Linuxoid that has pam_cracklib,
specifying something like this should work well:

minlen=24, dcredit=2, ucredit=3, ocredit=4.

For those who don't do pam_cracklib, the rules are as follows:

1) You need 24 "points" to be "strong enough".
2) Each character gets 1 "point" just for being a character.
3) Each digit gets +1 bonus, to a limit of 2 bonus points for digits.
4) Each uppercase gets an additional +1, to a limit of 3 for uppercase.
5) Each special/other gets an additional +1, to a limit of 4.
6) Any combo of 24 or more is enough, you decide how to get there. ;)

So a passphrase of 24 lower case, or 15 if 2 are digits, 3 are upper case, and
4 are specials, or 20 if 2 are upper case and 2 are specials, etc.

For the picky, yes, I intentionally said "extra credit for a max of 2 digits" -
adding more digits is allowed, but only counts the same as a regular lower case
character. I considered requiring a minimum number of digits, uppers, and
others, which is supported by cracklib, but felt giving more options would go
over better with users (and forcing a min number of a given character type
actually *decreases* the strength - if you *require* a digit, for example,
there's only 10 possibilities, rather than 96... so the password is almost
10 times weaker than if it was optional...)

Add salt, pepper, documentation, and other seasonings to taste. ;)

Attachment: _bin
Description: