Re: password vs pass-phrase (was: Are users right in rejecting security advice?)

[Steven Alexander <alexander.s () MCCD EDU>]

If we assume the hash isn't compromised, then the passwords don't really have to be nearly as strong stand up to 
attack, especially with any sort of lockout or delay.

 I don't think we should wait until they are before we worry about passphrase security.  Attackers may be using better 
tools well before we become aware of them.    

The last time I looked, the standard password cracking tools were not capable of doing the sort of phrase guessing that 
I mentioned, but it would not be hard to create separate word/phrase lists and adapt a program like John the Ripper to 
create passphrases based on those lists.  The lists could even be generated by doing a word count on the text of a 
sample of current news articles, fiction, etc.  Assuming someone takes the time to modify or create a program to do 
basic guessing, phrases like "I like football" would probably fall pretty quickly, much faster than an average brute 
force attempt against a 40-bit key.

I think we should encourage people to longer more unusual passphrases, things like "I like to eat purple rhinos on 
Tuesdays!"  or "My first dog was a stegosaurus."

-Steven

________________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Eric Case 
[ecase () EMAIL ARIZONA EDU]
Sent: Wednesday, March 17, 2010 9:03 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] password vs pass-phrase (was: Are users right in rejecting security advice?)

<snip>
Is it obvious to a brute force password cracker?  If we assume the password
hash has not be compromised and a key logger was not used, is it obvious
that
        four score and seven years ago
is an awful choice?  Based on how the U of Arizona implemented NIST
SP800-63, the above password/passphrase would score 53 bits of entropy.
        4 score and 7 years ago
Would only score 48 bits of entropy even though it uses three character
classes and the first one only uses two classes.


<snip> But we're also going to run into problems with users
> picking phrases that are too simple and end up being subject to
> predictions based on language analysis.

I agree, once the password crackers start using language analysis or AI, the
game will change.  Until then, can we get by with long 'simple' passphrases
that are easy for users to remember?


Based on how the U of Arizona implemented NIST SP800-63 . . .
        I swim waffles          = 37 bits of entropy
        I like pancakes.        = 40 bits of entropy
        I like football.        = 40 bits of entropy
        My husband is boring.   = 46 bits of entropy
        Alice in Wonderland     = 44 bits of entropy
        TriSsmitp               = 27 bits of entropy
        My lawn is always green = 48 bits of entropy
        My lawn is sempre verde = 48 bits of entropy


> I'm not suggesting that passphrases are bad, just that they are
> unquantified.  Without good language analysis and lots of real-world
> examples of chosen passphrases, we don't know whether people actually
> choose better passphrases than passwords or how a passphrase of length
> X compares to a password of length Y.

At least for now, you can quantify them based on length, character classes
and dictionary/complexity checks by using NIST SP800-63.  When the crackers
evolve, we will play catch-up (again).

NIST SP800-63 uses the research the Brian points out.
-Eric



Eric Case, CISSP
eric (at) ericcase (dot) com
http://www.linkedin.com/in/ericcase

This email has been scanned by a Spam/Virus Firewall. If your email has been classifed as Spam please contact the 
HelpDesk at (209) 384-6180.