21

I mainly use 2 passwords: 1 is a 4 word full lowercase passphrase of 18 letters long which I use wherever possible. The other is basically 3 words and a digit with the first word in full uppercase and only 14 digits long. I use this whenever the first passphrase is not valid due to length or character set constraints. the words are fairly common (top 5000 words on popular TV shows).

I've calculated the entropy for both passwords using http://rumkin.com/tools/password/passchk.php. the entropy for both passwords is about equal at 68 bits, give or take half a bit. I mainly use these passwords for gaming related matters (MMO accounts, desktop clients, forums). I do not use these passwords for financial data, apart from 2 empty paypal accounts and a read-only prepaid credit card statement.

I don't know how valid these entropy numbers are, but judging from these parameters, are these passwords safe enough for their intended purpose? And what is the general guideline for password entropy for different purposes?

Nzall
  • 7,373
  • 6
  • 30
  • 45
  • 1
    For what purpose? Are you protecting your preferences on a news site, or are you protecting the secrets of the universe? Security is a slider switch, not a toggle. – MCW Apr 04 '14 at 13:31
  • See also [What's the best length for randomly generated passwords? (Security vs. compatibility)](https://security.stackexchange.com/questions/171816/whats-the-best-length-for-randomly-generated-passwords-security-vs-compatibi) – Gilles 'SO- stop being evil' Oct 22 '17 at 00:19

2 Answers2

30

Password meters are no good. Well, that's a bit simplistic, so let me say it in more details: a "password meter" application like the one you used is mindless and generic; what it measures is the effort of breaking your password, using the mindless and generic strategy that the password meter author thought of. In particular, that password meter system has no idea that your passwords have been generated by assembling words taken randomly from a short list. However, an attacker who is intent on breaking your password will know that, and adapt: you just wrote it on a public forum, so it has become public information.

A correct entropy computation does not work over the actual password value, but over the process by which the password was generated. We simply assume that the attacker is aware of the process, and knows all of it except the actual random choices. With 4 words from a list of 5000, you get one password in a set of 50004 with uniform selection probability (that's an important assumption), so the entropy here is 49.15 bits (because 249.15 is approximately equal to 50004). With 3 words, you get 36.86 bits. For more on entropy calculation, see this answer.

(The wisdom of entering your password in a Web-based "password meter" is questionable, too. The one you link to claims that it does all the computations in Javascript and your password does not leave your browser, but did you really check the Javascript source to make sure of it ?)

As far as passwords go, 36.86 bits of entropy are rather good. Entropy from passwords selected by average users is much lower than that. Such a password will be broken by an attacker who got the corresponding hash IF the hash was not done properly (e.g. some homemade construction with a couple of SHA-1 invocation), but even then chances are that other users will fall first.


However, you are doing something real wrong. It is right there, in your first sentence:

I mainly use 2 passwords: 1 is a 4 word full lowercase passphrase of 18 letters long which I use wherever possible.

Emphasis is mine; it shows the problem. You are reusing passwords. That is Bad. You shall not reuse passwords. When you use the same password on N sites, you lower the security of your account on all sites to the level provided by the worst of the N. Moreover, when that site gets hacked and your password stolen, and your password shows up on lists of login+password exchanged over P2P networks, you will not know which site did it wrong. A lot of sites still store plaintext passwords (a shooting offence) so any widely reused password MUST be assumed to have already leaked.

If you use site-specific passwords, then any damage will be contained to the specific culprit. Of course, this implies some storage system on your side, e.g. KeePass, or a low-tech "passwords.txt" file (you have to take care of where you store it and use it, but that can be managed with decent physical security), or even a printed list that you keep in your wallet. In practice, separation of passwords for damage containment will be a lot more important to your security than password entropy.

Tom Leek
  • 170,038
  • 29
  • 342
  • 480
  • I'm worried about using KeePass, because about half of my passwords are not online, but in 3rd party websites which autologin (like Steam, Battle.Net desktop client, Origin, Uplay,...). Do keepass and LastPass work with that kind of passwords as well? – Nzall Apr 04 '14 at 13:27
  • Personally I am using a passwords.txt file, and/or my brain, both of which working well. As far as I know, KeePass offers automatic entry in Web-based forms as an optional feature, but can also store and show passwords "generically". – Tom Leek Apr 04 '14 at 13:30
  • @NateKerkhofs Sure, you can use password managers for other things than browsers, too. Usually you'll have to copy & paste the passwords around, but the password manager makes sure to clear the clipboard after you've pasted it (or after some time). – Karol Babioch Apr 04 '14 at 14:19
  • 1
    xkcd on password reuse: https://xkcd.com/792/ – palsch Dec 14 '16 at 14:41
  • @Nzall I realize this is an old post, but for things like Steam you can log in on the web and save things that way. But of course, you can also add passwords manually, they don't necessarily have to be linked to a *website*. – alexia Aug 18 '17 at 17:21
  • @TomLeek "As far as passwords go, 36.86 bits of entropy are rather good." it's important to justify this reasoning with proof, argument or references, because It's your answer to the question being asked in the title, (however on the body there are other different questions, so I assume your answer is directed mainly at those, right?) – Santropedro Nov 29 '18 at 02:09
7

Measuring entropy of a passphrase is often tricky. For example, if you follow NIST guidelines for measuring entropy of human-generated password then entropy of your both passwords will be ~33 bits.

I would say even at 33 bits this is OK for intended purposes, however, you're doing one thing very wrong: you should NEVER EVER reuse a password. I know that in current digital world that's hard to attain, but there are tools to help (see e.g. KeePass or 1password). Adopt one of such tools early and it will save you in the future.

Anders
  • 65,052
  • 24
  • 180
  • 218
Andrey
  • 2,236
  • 17
  • 14
  • "Later research into human-selected password entropy using newly available real world data has demonstrated that the NIST scheme does not provide a valid metric for entropy estimation of human-selected passwords." So is your entropy calculation really that accurate? – Nzall Apr 04 '14 at 11:09
  • I know, I know. I mentioned that measuring entropy of human-generated passwords/passphrases is non-trivial, and there's no single accepted way to do this. I personally use NIST's method for passphrases as it is more conservative. – Andrey Apr 04 '14 at 11:23