Last month I posted a naive piece: Simple Secure Passwords.

Then I found a great article on Passphrases.

Now, Michael Giagnocavo has written me a piece I can post here which is part primer, part tutorial and all good stuff on passwords, passphrases and why Guatemala rocks.

What is a password? A password is a token that allows someone to positively identify themselves. Combined with a username, you get Authentication: Alice is who she says she is, because she has something only Alice has. A password is only good as long as it’s something only Alice knows. If Bob knows Alice’s password, it really doesn’t authenticate Alice anymore. Our goal in choosing a password is to make sure that only Alice will know it.

One term for “how secret a password is” is “entropy”. This is usually expressed in 2 raised to a certain number, i.e., how many “bits” it has. For instance, a random number between 0-15 would have 4 bits of entropy, a strength of 2^^4. A single Roman letter, a-z (no case differences) has 4.7 bits of entropy if chosen randomly (Log2(26)). Now we have a base on how to measure a completely random password. We use this same base to determine the strength we need for a password. In other words, we need to set the strength of our attacker.

Right away, many people are probably thinking “128-bits, just like everything else”. However, in reality, most of these systems are not “128-bits”, but closer to 64-bits. If you think you actually need this much security, you should be using a smartcard in addition to a password.

In most situations (“Bob in Accounting”), a 56-bit password is more than sufficient (as it’s probably not the weakest link). And thus our problem arises. Even with this “low” number, human minds aren’t very good at storing random data. Yet, we absolutely NEED to have random data in our passwords.

What to do?

Well, we know people CAN store a lot of data. But passwords like “X`!?a33m” just don’t work. However, people do memorize phone numbers. They memorize lines from a plays, movies, and perhaps entire songs. So obviously our minds CAN hold the data.

This is the premise that is used with passphrases. You pick some phrase (such as “If at first you don’t succeed, try again.”), and that becomes your password. Well, there are a few problems.

First, people’s phrase choice will probably be less than random. I’ve seen no studies on it, but I’d guess certain people would be more prone to quote specific things (say, a song or a play they enjoy). Someone could take an educated guess, or brute force common phrases (pretty much an “extended” dictionary attack). Remember that a password should be random! If a previous password is disclosed, it should give zero information out about future passwords. Picking a phrase gives too much insight.

Second, the entropy of English is around 1.1 bits per character. So, in just some random writing, you’d need a 51 character password. Ouch. Also, the user has to memorize how they handle punctuation, capitalization, etc. The annoyance factor is too high, IMO, to make this feasible.

To fix this, some people say that you should use “wACkY caSIng AND! bAAd speling wIT Poor? Gram.er.” Well, to me, that’s like having a password like above, except it’s more typing with more possibility for errors. So I throw that idea out as well.

Instead, I think the easiest way is to simply pick a few random words and throw them together. English has a lot of words, 200,000 to over a million, depending on who you ask. Let’s take a small subset, say, 10,000 words. Pick common, easy-to-memorize-and-type words. 10,000 possibilities comes out to approximately 13.3 bits per word. Now pick 3 or 4 words, and end up with a ~40- or ~53-bit password. Examples: “orange ball frying pan”, “elephant cake polka”, “carrot olga donor”.

What are the benefits?

Easier to memorize. A few times I’ve gone into panic mode because my I couldn’t get Windows to take my 30 character passphrase. Was I off on a word or punctuation? Not fun. Since DPAPI protected secrets (stored passwords, certificates) are protected with your password, resetting a password means losing data. By tuning the word list, you can get some very good output.

Less typing. Depending on how you skew the words picked, you could get a shorter word average. This is a huge benefit for acceptance and usability. No special characters, no punctuation (except a separator, such as a space).

Easy to standardize on. A company can write a program to generate passwords (although there’s a few pitfalls to avoid in that program) very simply. It’s commonly known how punctuation and capitalization is, so that’s one less thing for the user to memorize. Just memorize a few words.

Transparent. This method is completely open. There are no shared secrets (such as “all passwords must be prefixed with your telephone extension”). You’re basically picking a few random numbers, and then assigning an easy-to-remember name to them. A password cracking system that knows how this is done doesn’t gain extra advantage: it still must try all the combinations.

Overall, this should provide a very easy-to-implement, and easy-to-use way to get relatively strong passwords. For stronger, use something in addition to a password, such as smartcards and biometrics.

P.S.:
This site uses the same concept to encode binary data: http://www.tothink.com/mnemonic/ Along with a pretty good word list (of 1626 words, 10.6 bits per word): http://www.tothink.com/mnemonic/wordlist.txt

[ full credit for this piece goes to Michael Giagnocavo at Atrevido.net ]

Again, supplementary reading is available at the passphrases post by Robert Hensing.

Additional information (including loads of math) is available here.