undefined | Better HN

0 pointsErrantX14y ago0 comments

> Start with: You don't know the dictionary I used, but have to use one that seems 'good enough' (i.e. a superset of mine, if possible).

People are likely to use a standard English dictionary. In my experience (which is exactly within this field) people use a fairly tight subset of the English vocabulary.

So I would be quite happy to test for a dictionary of, say, 100,000 words and be hopeful of a good hit rate (note that XKCD says common words, which is easily missed)

Our software has a test (which runs about third in its list of tests) which does dictionary combinations up to three words (two words is quite a commonly used password based on our statistics) with a dictionary size of <s>175,000</s>17,500. (Edit: sorry, apparently it is an order of magnitude smaller, I checked with one of the engineers :)) This includes English words plus a few commonly used foreign/slang terms. The hit rate on this is fairly high.

(we crack document/windows passwords mainly)

You could of course choose deliberately obscure words to invalidate this - but they aren't so easy to remember (so people will tend not to).

If someone is going out of their way to secure a password, sure, you're going to hit a brick wall. But what every password scheme tends to forget is the "human factor" whereby people not concentrating on being secure will introduce attack vectors.

0 comments

9 comments · 4 top-level

demallien14y ago· 2 in thread

If the dictionary really has 100 000 words, you're looking down the barrel of 52 bits of entropy for a three word phrase

In a more likely dictionary of the 5000 most commonly used words in the English language, you still get a three word pass phrase of about 40bits of entropy. Make that a four word passphrase, and you're back up around 52 bits.

xkcdentropy14y ago

This is simply incorrect. If you assume you really do have 100 000 "characters" in your alphabet this is correct. However, your alphabet follows a certain pattern: It's English text.

At that point its easier to brute force the individual characters. English text has about 1 to 2 bits of entropy per character. Lets assume 1.5 bits per character on average. That means that to really get 52 bits of entropy for a 3 word phrase you need to have at least 35 characters in your 3 word phrase, or about 12 per word.

Your password is only as strong as the weakest link. In this case English is easier to brute force than your 100 000 character alphabet.

It's simply false to assume that "yes no one three" has 44 bits of entropy because it got randomly selected out of a 2048 word dictionary.

demallien14y ago

Yeah, no. If I have a dictionary of 100000 words, then each word represents about 17 bits of entropy. If I have three words, that makes 3 x 17 = 51 bits of entropy.

1 more reply

bnegreve14y ago· 2 in thread

You can't test 175000^4 = 937890625000000000000 passwords.

ErrantXOP14y ago

Ahem. This is why I should check my numbers, I'm told it is a 17,500 word dictionary (and we check 3 re-combinations). Sorry about that :S

bnegreve14y ago

Ah ! Now, I agree that if everyone follow this advice, it's going to be fairly easy to crack every password based on a small set of simple words.

darklajid14y ago· 1 in thread

I actually didn't ignore the 'common' limitation (and didn't downvote you - I'm actually interested how you come up with that).

Follow-up questions:

- What are the first tests, before this 3rd that tests for words? I assume tests for passwords of the first/left variety in the comic? Aren't they cheaper?

- 'Up to three words' is reducing the exponent of possible combinations by one. Length/number of words is relevant

Edit: Another issue. You say 'people forget the human factor', while you, yourself, propose something like '4 times Hack News with substitutions' as better. How is that including the 'human factor'?

ErrantXOP14y ago

You know what; it's been so long since I played around with this stuff (it's even a separate company now, that we just consult for) that I'm way out of touch with my thought process :)

You're right; there is nothing particularly wrong with the suggestion that makes it intrinsically very weak for most uses.

I'd best stop commenting before I make a total mess :)

Sorry.

d0mine14y ago

100,000 words x 4 words per password ~ 66 bits of entropy

XKCD suggests 2048 words x 4 words per password ~ 44 bits of entropy

It could be good enough depending on a use case.

j / k navigate · click thread line to collapse

0 comments

9 comments · 4 top-level

demallien14y ago· 2 in thread

If the dictionary really has 100 000 words, you're looking down the barrel of 52 bits of entropy for a three word phrase

xkcdentropy14y ago

This is simply incorrect. If you assume you really do have 100 000 "characters" in your alphabet this is correct. However, your alphabet follows a certain pattern: It's English text.

Your password is only as strong as the weakest link. In this case English is easier to brute force than your 100 000 character alphabet.

It's simply false to assume that "yes no one three" has 44 bits of entropy because it got randomly selected out of a 2048 word dictionary.

demallien14y ago

Yeah, no. If I have a dictionary of 100000 words, then each word represents about 17 bits of entropy. If I have three words, that makes 3 x 17 = 51 bits of entropy.

1 more reply

bnegreve14y ago· 2 in thread

You can't test 175000^4 = 937890625000000000000 passwords.

ErrantXOP14y ago

Ahem. This is why I should check my numbers, I'm told it is a 17,500 word dictionary (and we check 3 re-combinations). Sorry about that :S

bnegreve14y ago

Ah ! Now, I agree that if everyone follow this advice, it's going to be fairly easy to crack every password based on a small set of simple words.

darklajid14y ago· 1 in thread

I actually didn't ignore the 'common' limitation (and didn't downvote you - I'm actually interested how you come up with that).

Follow-up questions:

- What are the first tests, before this 3rd that tests for words? I assume tests for passwords of the first/left variety in the comic? Aren't they cheaper?

- 'Up to three words' is reducing the exponent of possible combinations by one. Length/number of words is relevant

Edit: Another issue. You say 'people forget the human factor', while you, yourself, propose something like '4 times Hack News with substitutions' as better. How is that including the 'human factor'?

ErrantXOP14y ago

You know what; it's been so long since I played around with this stuff (it's even a separate company now, that we just consult for) that I'm way out of touch with my thought process :)

You're right; there is nothing particularly wrong with the suggestion that makes it intrinsically very weak for most uses.

I'd best stop commenting before I make a total mess :)

Sorry.

d0mine14y ago

100,000 words x 4 words per password ~ 66 bits of entropy

XKCD suggests 2048 words x 4 words per password ~ 44 bits of entropy

It could be good enough depending on a use case.

j / k navigate · click thread line to collapse