0

We all know a password should contain a healthy mixture of letters (upper and lower), numbers, and special characters.

But does the randomness of their placement matter. Of course for letters it matters whether or not it spells a dictionary word, but lets say you have random letters, numbers, and characters.

So a simple concrete example:

Is klens4275 more or less secure kl7e25ns4?

Notice they have all the same characters but the order appears more random in the second.

But the key space is still the same, correct?

Dan
  • 111
  • 4
  • 1
    Password strength is dependent on the entropy of the password, not the characters it contains. See this question for more information: [XKCD #936: Short complex password, or long dictionary passphrase?](http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase) – Xander Aug 12 '14 at 15:25

1 Answers1

3

No, the order in the second password is NOT "more random". Randomness is not in the password itself, but in the way the password is generated; it does not relate to what the password is, but to what it could have been.

Password security is probabilistic: security is about the average success rate of the attacker. A single password is just that: a single password. To talk about the space of possible passwords, you need to envision the repetition of the scenario a huge number of times. The attack scenario really is the following:

  • The defender generates a password. The generation method uses some random choices (that the attacker does not know) and a deterministic mixing (that the attacker may know).

  • The attacker then tries to work out the password by trying possible password values, until he hits the right one.

We assume that the attacker knows everything except the random choices, and thus tries possible password in optimal order.

For instance, suppose that the generation method is: "take five random lowercase letters, followed by four random digits". This generation method may produce exactly 265·104 = 118813760000 possible passwords, and they are all equiprobable, so the optimal attacker will have to try half of them on average (59406880000).

Now, suppose that the generation method is: "take five random lowercase letters, and four random digits, and order them randomly". That generation method can produce 14970533760000 possible passwords, there again equiprobable. The attack cost raises to 7485266880000, 126 times the cost implied by the previous method.

Let's now switch again the generation method to: "take two random letter, followed by a random digit, then a random letter, then two random digits, then two random letters, then a random digit". The number of possible (and equiprobable) passwords is now back to 118813760000 and the attack cost is 59406880000 (on average).

Now is the important part: your first password example (klens4275) is possible with both password generation methods 1 and 2 -- but in the case of the second method, the attack cost is much higher. Similarly, your second example (kl7e25ns4) is possible with password generation methods 2 and 3; and, again, the attack cost is much higher with method 2 than method 3. So this shows that a password does not have strength "by itself". What matters is how the password was produced, because the generation method defines the space of possible passwords, therefore the optimal attacker's strategy and average cost.

Note that attack strategies are also probabilistic, and make sense only on average. If you consider a single password cracking effort, the best attack "strategy" is: get lucky, just try the right password on first step. This is intellectually unsatisfying. The notion of "optimal strategy" really means: the strategy which will yield the smallest attack cost on average (over billions of cases of password cracking).


So we can summarize as follows: a "random placement of letters" increases security if (and only if) it is indeed part of the random choices made for each password generation. In my example "password generation methods", only method 2 includes such an element. Note, though, that the following fourth method is actually even better: "take 9 random letters-or-digits". This raises the number of potential passwords to 101559956668416, almost 7 times as much as method 2 (and that's the best you can get if you want the password to always consist in 9 signs which are only lowercase letters and digits).

Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955