61

Making a strong password AND remembering it is like eating while talking. You choke. So the same thing might happen if you have a p455w0(R).|L1K3thys and someone cracks it. I'm just not sure if it's actually true. Are these leet passwords more crackable than completely random passwords that a random password generator makes? Are there any leet password crackers out there? Is there a way to safely simulate a penetration test on some offline leet passwords?

Foxcat385
  • 717
  • 1
  • 5
  • 5
  • 1
    "Are there any leet password crackers out there" it's really simple to write one and use a big wordlist. – Samuel Shifterovich Oct 16 '16 at 19:21
  • 43
    whenever I read anything about password strength, my mind comes automatically to this: https://xkcd.com/936/ – dave_alcarin Oct 17 '16 at 10:11
  • 11
    Leet speak looks like a simple set of substitutions: When you crack passwords, you use a dictionary and a set of rules/transforms. I searched for `se3` (replace e with 3) in the dive ruleset for hashcat, and this was one of the first things to come up `"sa@sc – Nathan Cooper Oct 17 '16 at 11:55
  • [xkcd 936 explained](http://www.explainxkcd.com/wiki/index.php/936:_Password_Strength) – Peter Mortensen Oct 18 '16 at 00:10
  • I use a variant of the xkcd method with a password manager. A 5-word password I can remember to unlock my USB-key password vault (yes, it's cloud backed-up), then the pw manager producing passwords that look like random gibberish for everything else. – Jason Oct 18 '16 at 02:42
  • 1
    A good site/methode to generate those "xkcd"-type passwords is Diceware: http://world.std.com/~reinhold/diceware.html – Selenog Oct 18 '16 at 07:32
  • @dave_alcarin isn't a password made from common words easily crackable with a wordlist? – enkryptor Oct 18 '16 at 16:40
  • There are many combinations of how someone might leet-ify a word. Let's say, in "word", w can be \/\/ or VV, o can be 0 or (), or you could type werd or make funny spellings. "Fake" can be "faek" or "fayk" which leads to "|=@y|<" and "F@€<" and many different combinations. How will an algorithm know all of the ways a word or a sentence could be spelled? Does such an accurate algorithm exist? – Foxcat385 Oct 19 '16 at 00:38
  • Ars Technia had an excellent article on this topic back in 2013: [Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”](http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/). – Dan Dascalescu Oct 19 '16 at 05:08
  • @enckryptor that depends on the size of the wordlist and how much time you have (and how lucky). If I choose several common words that as a sentence has no sense at all, it is not very likely that a word list will come to that combination any time soon, since it will need to try a lot of combinations, and most dictionary/wordlist attacks usually start with meaningful sentences. Anyway, the point of the xkcd is that a password strength is more in the length than in the character set (actually, in the bits of entropy) – dave_alcarin Oct 19 '16 at 19:12

3 Answers3

79

I think Trey Blalocks answer is great, but I would like to complement it with some math.

If your password is randomly picked from the 171,476 words in the Oxford English Dictionary you get log2(171476) or about 17.4 bits of entropy.

Lets assume there is about 4 natural leet substitution in the average word. Randomly either doing or not doing each substitution adds one bit, so adding the leet would increase the entropy by 4 bits, meaning it takes 16 times as long to crack. (If you just use leet for all available substitution you just add one bit - the password is either leet or not leet.)

On the other hand, a completely random 8 character alphanumeric (upper and lower case) password has log2(62^8) or about 47.6 bits of entropy. That means it takes a bit more than a billion times as long to crack!

So adding leetspeak is slightly better than just taking an english word, but it is not nearly as good as randomizing.

Community
  • 1
Anders
  • 65,052
  • 24
  • 180
  • 218
  • 6
    And when they tell you the randomized string is too hard to remember, you can tell them about password managers and how with a little bit of responsibility you'll be more secure and as a plus... never forget a password again!! – corsiKa Oct 17 '16 at 15:52
  • 2
    I've seen many passwords which use this substitution in all places instead of at a random number of places, and it's worth mentioning that this adds 0 bits of entropy. – Charles Oct 18 '16 at 18:20
  • @Charles I argued in my answer that it adds one, since everybody will not do it. But on the other hand, if the attacker knows that you do it then I agree it is zero. – Anders Oct 18 '16 at 18:36
  • @Anders Yeah, agreed, it's just in what you assume about the likely passwords. – Charles Oct 18 '16 at 18:42
  • Except leet has several possible substitutions for every letter, not just four as you presume. See http://www.robertecker.com/hp/research/leet-converter.php . Obviously, if you use his "basic leet" setting, that's one bit of entropy. βμ+ !ƒ Ψøμ ρℓαΨ αЯøμηÐ ω!+н +н€ +αβℓ€, !+ Ðø€$ α η!¢€ ʝøβ øƒ !η+ЯøÐμ¢!η& €η+ЯøρΨ. (Not that I can remember all those substitution rules or type all those special characters, mind you.) – John Deters Oct 18 '16 at 22:40
  • @JohnDeters Interesting point. I would argue that some of the special characters requries you to remember keyborad sequences to be able to type, but maybe not all. I would encourage you to post an answer exploring this case! – Anders Oct 19 '16 at 11:10
49

Cracking libraries do include common Leet substitution algorithms and there are Leet dictionaries which can be used by tools like Hydra. There are also tools to convert an entire dictionary of words to "Leet-speak"

More importantly hashes are available for the most common Leet passwords and Leet word variations so if someone is cracking a large password dump of these against a very large set of pre-hashed words which include Leet passwords in use they are very likely to find matches.

Finally a better way to determine real-world consequences might be to look at password dumps which have already occurred that also included Leet passwords. The proof of them being cracked is visible in a real world password dumps that have gone public. Likewise their presence in common hash tables (MD5 and SHA1) would also lend likelihood to them being cracked easily.

Trey Blalock
  • 14,109
  • 6
  • 43
  • 49
  • 8
    "The proof of them being cracked is visible in a real world password dumps that have gone public" - cracked as in guessed randomly and found to correspond to at least one actual user in a leaked database that wasn't salted? This is why you salt, kids. – John Dvorak Oct 17 '16 at 04:44
  • 2
    Anecdotal evidence: I managed to crack a 7-zip (aes256) file password by defining my own algorithm based on [cRARk-7z](http://www.crark.net/crark-7zip.html). It took < 50 hours running solely on my system at just over 20k attempts per second (AMD 6-core CPU + good GPU). The password was something like `cr4zym0nk3y!`. [Note] I knew upfront it were all lower case and had a symbol at the end. – Marc.2377 Oct 18 '16 at 12:37
  • It's basically just an extended alphabet, so just an increased number of iterations once you have produced the substitutions. Brute force will work eventually. – mckenzm Oct 19 '16 at 02:20
16

Obligatory and extremely relevant XKCD reference:- enter image description here

What I'm inclined to do is combine both approaches but I don't think that makes a ton of difference. Another approach would be to utilise the first letter of every word in a favourite poem or song. NGGYUNGLYDNGRAADY etc...

mcottle
  • 281
  • 1
  • 5
  • 2
    Your "other approach" is the naive user's method. The proof of the pudding is the randomness. A favourite poem or song is not random! Even a little bit of determinism can lead to an easily hacked password. – Timm Oct 18 '16 at 12:24
  • New to security here, but didn't experts agree that the only secure-ish password is the one you can't remember? – Nahuel Ianni Oct 18 '16 at 12:37
  • 15
    It's not every day that you get rickrolled by a legitimate answer on the Security Stack Exchange. – Brian Oct 18 '16 at 14:43
  • 1
    @NahuelIanni No, experts don't agree on that, although I've heard that saying before. People can memorize secure passwords -- the challenge is getting them to take the time to generate one and then commit it to memory. Most people don't want that extra work so they use less secure choices. – PwdRsch Oct 18 '16 at 15:03
  • 2
    @brian ;). Glad it didn't go to waste. – mcottle Oct 18 '16 at 15:25
  • 3
    There's 52 weeks in a year. Considering most of the time there's repeats a lot of repeats, let's be extremely generous and say there's 1000 top40 songs in a year. Go back 50 years and that's 50,000 songs in the top 40. The song method is log2(50000)=15.6 bits of entropy. You can mix in a few more bits here and there, but you end up with the same problem. – corsiKa Oct 18 '16 at 16:29
  • I love it how 'funny comic' ended up as legitimate argument in security specialists' discussion. – Szymon Drosdzol Oct 19 '16 at 09:55
  • Yet it is. Randall proves more clearly than a 5000 word article WHY current password policy is broken and then suggests a plausible alternative. Although if it becomes mainstream a multi word dictionary attack becomes the technique of choice and the entropy drops markedly... – mcottle Oct 19 '16 at 10:05
  • You should also prove that human mind can decide 4 random words in a really random way... I think that on a big scale, people would just invent very similiar passwords since most used words are the first tha came to mind. – CoffeDeveloper Oct 19 '16 at 10:20
  • 1000 distinct Top40 songs in a year is a generous estimate. – Dr. Funk Oct 19 '16 at 17:27
  • @corsiKa Unlike my "example" I don't use top 40 songs. I use obscure stuff from defunct bands with zero web presence (I checked). The songs do not exist outside my memories and old cassette tapes sold at gigs. Good luck :) – mcottle Oct 20 '16 at 06:20