5

I know the standard tricks, create a long password, numbers, symbols, capital letters, etc. My questions is how do I judge password security.

I heard different tricks to make secure passwords. For example, until the famous xkcd comic came out (correcthorsebatterystaple), that would be a perfect password. No cracker would target it per-se, and to brute force it would take forever. Now that the pattern is known, that password style is not nearly as secure, since cracking software is now made to target it.

So even though normally password security tools measure bits of entropy, there are techniques that crackers use to make passwords easier to crack.

How do I know that my password is really secure? Are there tools out there to check my password against real cracking software?

Gilles 'SO- stop being evil'
  • 51,415
  • 13
  • 121
  • 180
  • 3
    We have a [canonical answer](http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase/6096#6096) regarding that xkcd comic. It doesn't exactly answer your question, but it's good reading nonetheless. Beware that some of the other high-scoring answers on that thread are wrong. – Gilles 'SO- stop being evil' Jun 19 '13 at 22:58
  • An article at arstechnica.com describing one persons attempt to get started with password cracking, which I think is related to your question: http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/ – 1615903 Jun 20 '13 at 06:26

2 Answers2

9

Strictly speaking, you cannot measure the entropy of a password. (Or if you like, you can measure it, but the value is 0.) There is no entropy in a password: the entropy is in the way the password is generated.

This is explained in the xkcd comic: “correct horse battery staple” is just one example, what the password illustrates is the procedure to generate that password. Namely: “four random common words”. The next panel gives the quantification “44 bits of entropy”, which is based on 11 bits per word (i.e. choose each word randomly among 211 = 2028 words). That password generation procedure has 44 bits of entropy, which means that on average, an attacker who knows how the password was generated will need to make 243 guesses to find the password. (On average, the attacker needs to enumerate half the password space.)

The comic does not recommend that you pick “correct horse battery staple” as your password. It recommends that you select 4 random words. The pattern is known, but not the random choices. Diceware is a popular variant of this method: you pick words on a list of 65 words by rolling five dice for each word.

To put it yet another way: there are two aspects in choosing a password, the randomness and the cleverness. The method is cleverness and does not contribute to the security of the password. The randomness makes the password secure, regardless of any cleverness. Cleverness is only useful to make the password easier to type and remember. If you're clever, you only get protection against attackers who are less clever than you.

A method like “pick random words” is easy to quantify because as long as the random choices are independent, the entropy adds up. If you add constraints (e.g. generate something and “smooth it out” to make it memorable), you need to count the number of possibilities that remain and take care if the smoothing can map several different random rolls to the same final password.

Yes, there are tools to check the strength of a password. They come in two kinds. The fast ones apply some heuristics. They don't always get it right, because they have no idea how the password was generated; they tend to favor passwords with clever bits over passwords with randomness. Since they see only the final result and not the generation method, they cannot take randomness into account. For example (picked at random — not in the cryptographic sense) passwordmeter.com tells me that “correcthorsebatterystaple” is weak (25%) and “homechasebogbigamy” (which I just generated randomly with the XKCD procedure) is very weak (19%). Yet if I'd only told you how I'd generated that second password and not what the random choice was, it would take 1000 computers about 3 year to find at 100 attempts/second/computer! In contrast, pass+word1! is rated strong (64%).

The second kind of password strength checker is… cracking software. This gives you the perfect measure of your password against that same cracking software. It doesn't tell you much about other cracking software.

The best way to ensure that your password is secure is to measure the amount of randomness that goes into it. N bits of randomness = 2N-1 guesses needed on average to crack it. Figure out how much you want 2N-1 to be and deduce N.


Exercise: to generate “homechasebogbigamy”, I used a list of 4172 distinct words in alphabetical order and generated each word by taking a random word among the first 2048. Assume that list is public. Does the fact that the list was sorted alphabetically reduce the entropy of the password? Is my claim that this procedure has 44 bits of entropy correct?

Gilles 'SO- stop being evil'
  • 51,415
  • 13
  • 121
  • 180
3

Have a look at this and this posts from Thomas Pornin for the theory.

I would suggest you to try your password against real cracking tools like John the Ripper or Hashcat if you want to have a feel of its strength.

Keep in mind that password cracking requires tuning to build good dictionaries and rules. John the Ripper wiki contains a lot of valuable tips and advices on the subject.

Moustache
  • 646
  • 5
  • 9