Date: Wed, 11 Nov 2015 02:50:38 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Passwords poems? On Tue, Nov 10, 2015 at 02:02:09PM -0500, Alain Espinosa wrote: > I came across this research to generate complex and easy to remember passwords as tiny poems: > http://www.isi.edu/natural-language/mt/memorize-random-60.pdf > http://www.isi.edu/natural-language/people/poem/poem.php > What do you think? Are this better than the normally recommended passphrase? Not to me. These poems feel about as cryptic, yet are longer to type. I think it's better for a person to choose and memorize passphrase hints of their own (which they wouldn't have to type in each time) rather than be forced to use a specific poem by a computer. That said, I wouldn't mind having these offered as an option, assuming there are no biases by design and the implementation is sound. The paper chooses 60 bits for a bogus reason: a 2.8 billion per second password cracking speed for some fast hash on a GPU. I think password hashing (or KDF) should generally be corrected first (and using a fast hash is just not correct), and password policy next. Also, as specified this approach appears to focus on exactly 60 bits, which is inflexible. With proper password stretching, passwords for most resources (which are mostly not-too-valuable) don't need to be this large. OTOH, without password stretching, 60 bits might not be enough to protect encrypted sensitive data. Their "XKCD Baseline" used for testing user preferences used a huge 32768-word dictionary. This is way too many, resulting in most words being exotic. No wonder users would not like those. They did not test against Diceware (7776 words), nor against passwdqc (4096 words, or 8192 with first letter case toggling). I think 4096 is about the maximum (and Diceware already gets into the exotic words territory too far). I think passwdqc's method of increasing entropy per word with first letter case toggling and random separator characters is not as unfriendly to users as requiring them to memorize words that are not normally in their vocabulary. Thus, I think this paper's empirical results are not sufficiently relevant, and more relevant testing would be needed. Here are 5 example poems (generated by the website above in a row, with none skipped): Pierre created theorized assignment sided exercised . Replace the Rios avenue exploring Madam revenue . Decisive Iverson Michelle arresting fancy clientele . Avoid heroic enterprise of centre showing signifies . A dentist eager getaway released the laughter anyway . These are 60 bits each. Here are 5 example passwdqc "passphrases" (generated by "pwqgen random=64", with none skipped, to be similar to the above, even though I think 64 bits is usually excessive yet is sometimes insufficient): methyl2Video6Parent*Native Birch6Drift6mole7prior Ford4Ample+sunday8blond Send_assent_never+hand Horn&Parcel-lens-resent Here are 47-bit passwdqc "passphrases" that it generates by default (with no options given): Plea2knife*spouse Many-bind!bullet Tall_detest&Helix Scar+alpha2Lord aware=peak+Scout These are meant to be reasonable to use for password authentication when the system employs decent password stretching and salting. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.