0

If we compare only these two passwords, which one is the safest?

Ss1*x_32 or Very-hard-password-it-is-so-hard-to-break-it-1

The question is not about how many bits every password contains but about statistics, which brute attacks are more common: dictionary or random symbols?

narra_kk
  • 17
  • 5
  • And the answer to *that* is not linear. They use the combination of approaches that they feel will give them the greatest success, Common dictionaries first, then optimised patterns that include randomness, then purely random if they really want it. So it also depends on how much time and resources they want to spend getting the password. If they think you've used a common password, then they will use a list. If they think you've used a random string, then they will use that. – schroeder Apr 22 '20 at 10:49

3 Answers3

2

Statistics on the attack methods aren't reliable. For example, we could say that a password like this-password-is-really-awesome-dude-believe-me is better than 3h8wnho9 because we could suppose that the average attacker would focus on 8-char alphanumeric passwords rather than long sentences, but is this assumption even true? We don't have a way to compute precise statistics. Also, in the information security field, the average case is often not very interesting. You need to consider lots of different cases and assess their specific risks for you.

So how can you choose a secure password if you don't know the method hackers are going to use to crack it? Well, you don't need to know how a hacker is going to try to crack your password, if you make sure your password has enough entropy. For example, if your passphrase has been generated by diceware and has 128 bits of entropy, then it won't matter if the attacker has a good dictionary or a good supercomputer, because they won't be able to crack it by bruteforce. Problem solved!

reed
  • 15,538
  • 6
  • 44
  • 65
  • You are also assuming a uniform statistical distribution when you talk about 128 bits of "entropy." This just means there are 2^128 different possible passwords and we assume the attacker has to try about half to find your password. Counting bits is no different than counting characters (e.g. 94^8 -> 52 bits of entropy) or counting words (e.g., 1000^10 -> 100 bits of entropy). We can still say a ten word password chosen from a 1000 word dictionary is better than a 8 character password chosen from a 94 character set. – hft Apr 21 '20 at 02:52
  • @reed: 1) Your question *"you don't know the method hackers are going to use to crack"* implies that first one need to know his hackers. This is not good approach. One should always assume that an attacker knows what algorithm is used. Think of Kerckhoffs's principle. 2) Your statement about Diceware and dictionary is misleading. If Diceware is used , an attacker will use exactly the same dictionary that Diceware. Where as your statement *if the attacker has a good dictionary* shows that you suppose that some other dictionary will be used.... – mentallurg Apr 21 '20 at 09:40
  • @reed: 3) The question is not about Diceware. So this part of your answer including *problem solved* is not relevant. The OP does not say if Diceware is used. That's why it is important to know the words from what dictionary are used. If dictionary is big enough, the entropy will be higher. But if the dictionary consists of 100 words, entropy will be around 20 bits, which is comparable with normal 8-symbol password. – mentallurg Apr 21 '20 at 09:42
  • @hft, yes, I'm assuming that given *enough* entropy, the probability distribution of the password and the statistical distribution of the attack can be considered uniform for all practical purposes. – reed Apr 21 '20 at 12:45
  • 2
    @mentallurg, I don't think your comments are really relevant. The way I understand the OP's question, is that he/she wants to know more details about the statistics of bruteforce attacks, so that he/she can figure out what kind of password is more secure in practice, regardless of their theoretical entropy. What I said, basically, is that such statistics are hard to find and might not be reliable anyway, but the OP can avoid worrying about statistics if they make sure the password has enough (a lot of) entropy. That's all. – reed Apr 21 '20 at 12:52
  • @reed: 1) Entropy cannot be theoretical :) 2) "more secure in practice" - in what practice? The OP does not define any requirements or constraints about practice. 3) "a lot of" entropy - this is new cool security metric :) :) :) 4) "statistics are hard to find" - I don't understand that. No need to search for any statistics. Entropy should be **calculated**. 5) I think you don't understand why particular passwords are considered more secure or less secure. This is what I and *hft* talking about. Telling people that they have *a lot of* entropy without any reason can lead to disaster. – mentallurg Apr 21 '20 at 15:11
  • @mentallurg Entropy is not 100% correct method to tell which password is more or less secure. If attacks based on dictionary words are twice more common, than 128 bits of entropy password consisting of common words would be considered less safe than 120 bits random symbols password – narra_kk Apr 21 '20 at 16:44
  • @narra_kk: It **does not matter** if attack is common or not. When we talk about password strength we assume that password is generated *randomly*. If the number of combinations is 2^128 and password is generated **randomly**, only in such case we say that entropy is 128 bits. But if password is chosen from some dictionary, e.g. password is one of 500 people names, then entropy is log(500) = 9 bits. Only 9 bits, not 128. If we choose password from dictionary of 8000 words, then entropy is 13 bits, not 128. So if you choose password from dictionary, you cannot say that it has 128 bits entropy. – mentallurg Apr 21 '20 at 17:23
  • @narra_kk: When you say about entropy 128 bits and 120 bits I suppose you confuse password length and password entropy. Password length itself does not define entropy. Entropy is defined by the number of possible values that can be used. If the passwords is selected from the list of 1000 possible passwords, each 128 bits long, then the entropy is log(100) = 10 bits, not 128 bits. – mentallurg Apr 21 '20 at 17:29
  • @narra_kk: I suppose that you are confused about word "dictionary". You are asking what type of attacks are more common. But your example with password of 10 words has nothing to do with this. We talk about dictionary attacks when password is relatively short (like 10 - 15 symbols) and user *should* use low and upper case letters, digits, special symbols, but instead he uses some word. Dictionary attacks are applicable for the passwords of the 1st type that you shown. If user instead of password like "Ss1*x_32" would use "mount123", such password can be brute-forced by a dictionary attack. – mentallurg Apr 21 '20 at 17:39
  • @narra_kk: Your 2nd example that consists of 10 words has nothing to do with dictionary attacks. This is just a way to make password more convenient to use (for some people), to reduce the number of typos. One essential difference is that in case of short passwords users are actually discouraged from using normal words, and an attacker checks if user violated this requirement and used words. Where as in the 2nd case the list of wordsis not a secret, it is **publicly** available, like i case of Diceware. Also the number of words in the password in particular use case is known... – mentallurg Apr 21 '20 at 17:48
  • @narra_kk: ... The strength of the password in such case is based on what words (from the public list) in what sequence were chosen. If we use Dictionary of 7000 words (like Diceware for English), then each word mean about 13 bits entropy. If we take password of 4 words, we have 4 x 13 = 52 bits entropy. If we take 10 words, we have 130 bits entropy. If you use some small dictionary, say 100 words, then each word will give only about 7 bits entropy. Thus a password of 3 words will have about 20 bits entropy. That's why I said at the very beginning that the dictionary size is very important. – mentallurg Apr 21 '20 at 17:49
  • @narra_kk: I suppose that these 2 completely different usages of word "dictionary" could confuse you about entropy and password strength in both cases. – mentallurg Apr 21 '20 at 17:54
0

It depends.

How many symbols are used for password of the 1st type? What is the length? Based on this calculate the number of possible combinations.

For password of the 2nd type: How many words are in the dictionary from that the words will be picked up? How many words in the phrase are contained? Again, calculate the number of combinations. Then compare.

mentallurg
  • 10,256
  • 5
  • 28
  • 44
  • But we also need to take into consideration probability of brute-forcer using dictionary words, or all symbols including `!@#$%^&*()`, numbers, lower and upper cases. – narra_kk Apr 20 '20 at 23:43
  • @narra_kk: For the 1st type no dictionary is needed. Ann Attacker will just try all possible combinations. Dictionary is applicable for the 2nd type only (because you say you use regular words). If you have 100 words in your dictionary, you can create 10^20 passwords. If you have 1000 words in the dictionary, you can create 10^30 passwords. Etc. For the 1st type suppose you use all printable ASCII symbols, there are about 128. If you use 8 symbols for password then you can create about 10^19 passwords... – mentallurg Apr 21 '20 at 00:11
  • @narra_kk: ... This means, if you have a dictionary of 100 words and password length is 10 words, then both types of passwords have approximately the same strength against brute-forcing. If you use dictionary of 1000 words, the 2nd type will on average require more time to brute force. – mentallurg Apr 21 '20 at 00:14
0

Which password is safer? Long one which consists of regular words or short one with random symbols?

If we compare only these two passwords, which one is the safest?

Ss1*x_32 or Very-hard-password-it-is-so-hard-to-break-it-1

TL;DR: The long one with regular words is safer.

Caveat: This answer is based on simple counting and does not account for real world attack characteristics.

Based on the examples provided you seem to want to compare a "short" (eight character) password consisting of "random symbols" (upper case letters, lower case letters, number, and special characters available on a keyboard) to a "long" (about ten words) password consisting of "regular words" (I'll assume this means basic English chosen from a basic language dictionary of 1000 words).

There are 26 + 26 + 10 + 32 = 94 "random symbols" on a typical keyboard. That means the number of different passwords of the first type is 94^8 (94 raised to the power 8).

We are assuming there are 1000 basic "regular words" to choose from, which means the number of different passwords of the second type is (1000)^10 (1000 raise to the power 10).

Since 1000^10 is clearly larger than 94^8, the long password of regular words is better.

hft
  • 4,940
  • 17
  • 32
  • What if most of the attackers statistically use dictionary words? And if we consider the fact that minority of the attackers use !@#$%^&*() symbols in their password generators? If we consider these two facts will the answer be the same? – narra_kk Apr 20 '20 at 23:50
  • The answer I've given is based on simple counting and is most applicable where the attacker performs a brute force attack uniformly. My answer does not account for the probability that an attack may or may not use certain symbols or words. If you have quantitative probabilities that an attack may or may not use symbol X with probability Y, etc, this information could be incorporated into the analysis. – hft Apr 21 '20 at 02:42
  • 1
    @narra_kk: *hft* has explained it well. And the number 32 includes already special symbols. – mentallurg Apr 21 '20 at 15:16