5

I was wondering how sound is the concept presented by the Gibson Research Corporation (see below if you do not want to follow the link) about simple passwords (= very easy to remember) with the addition of padding.

I understand what Gibson is getting at with increased search space, etc., but I was wondering if this applies to a real world scenarios, i.e., everyday use for your accounts and peace of mind that the passwords are 'secure' even if their entropy is super low.

FOR THOSE THAT DO NOT WANT TO GO TO THE WEBSITE:

Gibson has a search space calculator which indicates what is the search space for a given password. The search space depends on length of passwords and characters that form the password itself (letters - uppercase and lowercase - and/or numbers and/or symbols)

He then goes on about the importance of the length of a password and the mixture of letters, numbers and symbols.

Everything does perfectly sense, but then, he argues that "entropy" is not important, in his own words:

ENTROPY: If you are mathematically inclined, or if you have some security knowledge and training, you may be familiar with the idea of the “entropy” or the randomness and unpredictability of data. If so, you'll have noticed that the first, stronger password has much less entropy than the second (weaker) password. Virtually everyone has always believed or been told that passwords derived their strength from having “high entropy”. But as we see now, when the only available attack is guessing, that long-standing common wisdom . . . is . . . not . . . correct!

He refers to 2 passwords:

1) D0g.....................

2) PrXyc.N(n4k77#L!eVdAfp9

And argues that although the first one is infinetely more memorable than the second one (and even contains a dictionary word) the time to 'crack' it is orders of magnitude greater than the required time for the other, hence, it is more secure.

Is this concept sound? In lay terms... Shall I change all my passwords to something like the first one (super easy and super long) or this is just asking for troubles in todays hyper-connected world? :)

Is entropy completely useless in the "online account passwords" world?

Maybe this question should be asked on StackOverflow since concerns more with practical use of low-entropy passwords in computer systems authorization mechanisms woth regards to password cracking. Don't know...

Is this ok now or shall I be even more concrete? Is this off-topic altogheter?

Dave

  • 3
    The question looks OK now. That cannot be said about the padding idea of Gibson. But these two remarks *are* opinionated :) – Maarten Bodewes Dec 03 '14 at 17:54
  • 5
    That website sets off several of my 'kook' alarm bells. – pg1989 Dec 03 '14 at 17:55
  • 3
    @pg1989 Gibson is a well known security researcher. That said, he's mostly well known because of his rather non-conforming (and sometimes rather far fetched or idiotic) ideas. – Maarten Bodewes Dec 03 '14 at 17:57
  • 1
    Yes, basically it is not secure if you allow an attacker to explicitly target your password scheme. And since schemes should be considered public knowledge, this method does not provide significant defence. But I don't have enough time right now to put that in mathematical notation. – Maarten Bodewes Dec 03 '14 at 18:47
  • @owlstead ah OK, thanks, I understand that. But, if you keep your scheme 'secret' then there are not downsides. Even better if you could somehow generate your padding scheme from the very simple word you've chosen as 'base', right? Of course the generation should be know only to you. –  Dec 03 '14 at 19:09
  • 1
    You cannot keep it secret as Gibson just published the basics :) The choice & number of character does not add enough entropy. – Maarten Bodewes Dec 03 '14 at 19:14
  • 7
    @DaveKimble Perhaps you should read up on [Kerckhoff's principle](https://en.wikipedia.org/wiki/Kerckhoffs_principle). While it was originally written with cryptography in mind, it pretty much applies equally to all matters of security. In short, to be properly effective a security mechanism should not be weakened based on how much the attacker knows about the system so long as the key itself is kept secret. This does not meet that principle because the system is easier to attack if the attacker knows how you generated the key material. – Iszi Dec 03 '14 at 22:31
  • 1
    @owlstead Well, Gibson effectively merely stated that padding a simple/memorable word would increase the time an attacker needs to crack it. He shows that by padding "D0g" with a lot of 'dots', thus increasing the search space. But it does not say that you should always use 'dots' so he's not really publishing any 'secret'. I could choose this pattern '.>#}}' and repeat it 3 times together with the word 'c4T'. –  Dec 03 '14 at 23:08
  • @Iszi So back to the question: If I do not reveal my 'magic' padding pattern, how secure my passwords are? And if I told you my passwords contains a common word and is padded by a series of characters, would I really break Kerckhoff's principle? –  Dec 03 '14 at 23:09
  • 2
    @iszi Note that Kerchoff's principle is talking about everything known _except the key_, which in this case is the password, so it doesn't really apply here. – Mark Burnett Dec 04 '14 at 00:49
  • @MarkBurnett I can see your argument, but I think the principle still applies. Consider that applying the principle properly effectively equates the "security of the system" to the "secrecy of the key". A key is most secure when it is entirely unknown. Once anything is known about the key, it becomes much easier to break - exponentially so, in fact, for any amount of characters or patterns of characters the attacker can rule out. – Iszi Dec 04 '14 at 01:14
  • @Iszi True, if your passwords follow a specific pattern – Mark Burnett Dec 04 '14 at 01:22
  • @MarkBurnett Really, if your passwords are known to follow any repeating pattern at all. Knowing that the first or last characters of a password will be a repeating pattern of length *n* still dramatically reduces the search space even if you don't know the pattern or how many times it repeats. To be fair, injecting the pattern into the *middle* of the password could make things a bit more tricky. – Iszi Dec 04 '14 at 01:47
  • 1
    I'll provide my usual Steve Gibson reference: http://attrition.org/errata/charlatan/steve_gibson/ – Polynomial Dec 04 '14 at 10:28

1 Answers1

5

Of course entropy theoretically makes a password stronger but from the perspective of a password cracker the first password likely would take much longer to crack. This is because of the length of the password--this argument would probably not be valid with a short password. It is something I have written about before myself

Consider how password cracking software attacks a password:

  1. Try all words from a massive dictionary of words including common passwords.
  2. Try common permutations (password1, password123, p@assw0rd, drowssap, etc) of each dictionary word.
  3. Brute force every password trying every possible letter combination.

As long as a password doesn't fall under the first two categories and the software must perform a full brute force, the first password is strongest because it is one character longer and yet utilizes the same keyspace (upper, lower, numbers, and symbols) as the second password. The first password is 24 characters long and therefore potentially has 95^24 (291,989,024,338,773,000,000,000,000,000,000,000,000,000,000,000) possible permutations. The second password has 95^23 (3,073,568,677,250,240,000,000,000,000,000,000,000,000,000,000) permutations. As you see, that 24th character makes a huge difference.

In practice, if the password was ....g..................... it would likely take much, much longer to crack than the other two because even though it just uses two a lower case letter and a symbol, the password cracking software would still attempt using uppercase letters and numbers and it is two characters longer. Keep in mind, however, that if a bunch of people started following the concept of padding then it wouldn't be difficult to build password cracking rules to try padding all passwords. You are better off mixing the padding throughout the password, alternating multiple characters, or simply adding a couple more semi-words to your password.

When it comes to passwords, lack of entropy and lack of character sets can always be made up for by increasing the length of a password.

Nevertheless, having said all this, you still need to be smart and not reuse the same password or even the same pattern on multiple systems and you really should only rely on stuff like this in cases where you have to memorize a password. Using a password manager with a random password generator is still the best practice to follow.

Mark Burnett
  • 2,810
  • 13
  • 16
  • 1
    +1 for password managers, and for only using human-memorable passwords where necessary. – Iszi Dec 04 '14 at 01:16