The problem with random passwords is that they are NOT easy to remember (see thread subject). People don’t need uncrackable passwords everywhere. There are a few places where the password needs to be really strong, like for email and financial sites. So come up with a unique random password for each important site using the correcthorsebatterystaple with random words. Then maybe you have to memorize 4-5 uncrackable passwords for important sites. But for other sites, it’s reasonable to use a password generated from your personal algorithm.
For example, my bank password might be intersectionmedicalattentionaffect. But my password on the SDMB could be s1d2m3b4. Yes, the SDMB one is easily crackable, but so what? That’s only a problem if the hackers steal the password database. And even if they get it, it’s not going to cause me any great inconvenience.
By having a few uncrackable passwords for important sites and other passwords generated by a simple method, I can easily remember my passwords across hundreds of sites. The important sites have unique, hard passwords, but the inconsequential sites have easily generated (to me) passwords.
No. I understand it. However I have suggested a modification.
To choose “at random” as you say presupposes an existent word list. Not great if that word list becomes common knowledge. Now, I concede that if the word list was say 2000 common words, then 2000^4 combinations is a pretty big task for a hacker. But these guys are generally smarter than me and who knows how long before some kind of short-cut or workaround is devised if the correcthorsebatterystaple method becomes commonplace.
Therefore I propose some modifications to (a) help my poor brain and (b) not diminish security. Let’s face it, if I have to change my password regularly (and some places require password changes almost as regular as my visits) then four words chosen by dice will not always be that memorable. So my proposals are
Use your own word list which includes some of your own special words and phrases. “Horse” just isn’t part of my life.
Add something to extend the character set. It is easy and doesn’t hurt.
Having some kind of mnemonic device involving parts of speech and/or an acronym may help memorability
Don’t get me wrong Chronos, I love your dice roll methodology and think it is valid. It just doesn’t fill the requirements of the OP, which is memorability.
The whole point of correcthorsebatterystaple method is that, even with truly random words, it is actually memorable. We’re all referring to it by name without looking it up, aren’t we?
No, it’s just fine if that word list is common knowledge. The method assumes right from the start that the list is common knowledge. That’s built in.
The only kinds of short-cuts or workarounds that could be used against correcthorsebatterystaple are those that attack the hashing routine directly, and if that happens, no password generation technique will be good enough. That is, those are the only short-cuts or workarounds that work against the method when it’s correctly applied.
Your proposed modifications diminish security by approximately eight orders of magnitude.
Um no. Maybe it’s just my brain that works like that. I first encountered the cartoon months ago but couldn’t remember it more recently when I tried to look it up. Sure I have it memorised now. But if it was a password for one of those annoying sites that require you to change password monthly… I can see myself messing that one up.
I don’t see how using my own word list decreases security. I can include unusual words if I like. And yes, I could be rigorous and use a dice method to select them, but if I typed it out for you, you couldn’t tell. If I manage to arrange it so there is less overlap between my word list and one a hacker would use, that certainly does not decrease my security in any way.
I hope you are right. And if you had asked me a decade ago I would have told you that a 16 character password composed of a five digit number and two nonsense words with “$” replacing “s” would never be cracked. I think the rules of the game dictate that you throw out assumptions. I can envisage someone compiling a mega dictionary from pairs or triples of common words and employing arrays of sophisticated hardware in parallel using clever optimisation routines that I can’t even begin to comprehend. If it is profitable enough, then it is a matter of time before the correcthorse gets shot.
I have included some suggested mnemonic devices in the example I gave. And your implied criticism is perhaps justified. Mnemonic devices do decrease the entropy of the password. Perhaps I shouldn’t have suggested it. But before I wear the criticism I should point out the following:
The OP was about memorable passwords which suggests mnemonics of some sort.
Everything I have read about passphrases warns against phrases that are syntactically correct. If I was rolling a dice and happened to arrive at the phrase, “horseeatssorangebattery”, I would roll again. To hell with randomisation. There is scope for adopting a personal strategy such as verb noun adjective adverb noun if you wish. (Ooh! five words! But I think I’ll leave it like that.) I seriously doubt such a pattern would be observed in a hurry. I mean, how would such an attack look? Someone would need to have cracked several of my passwords to even observe the pattern. Now I reserve the right to change my mind here, but I think that such an approach is not likely to present a serious security concern for a decade or so.
Ditto for using an acronym within the password. Actually, not something that I do personally, but the OP is about making it memorable. It was an idea. And if I read you right, this is where your chief criticism is directed. Let’s consider how an attack on that might work – first a hacker would be attempting common word combinations (presumably four words) in an attempt to find correcthorse type passwords. They would then be attempting to refine that by filtering for acronyms. And in my example, they would then be expanding the dictionary again by checking for inserts of non-alpha-numerics. Personally, I think that there are lower fruit on the tree.
I’d love to see that calculation. Actually, probably not needed. ÷100[sup]4[/sup]: Hundredfold hit for every time I deliberately targeted a particular initial letter and part of speech combo.
Like any probability calculation it carries with it certain assumptions that may not be borne out in reality. There is a significant difference between the set of passwords that I may elect to choose from, and the set pf passwords that a hacker needs to attempt to be reasonably sure of mounting a successful attack.
Let’s suppose I use the chronos dice method where two dice and a coin are used to choose a random key on the keyboard and determine whether the shift key should be used. I make for you a list of some 2000 passwords of 25 characters to last you for the rest of your life. Your dictionary is now just 2000. A hacker’s dictionary would need to be 72[sup]25[/sup]. Your security is not compromised unless the hacker derives some information about your password restriction. So, you can say that I am compromised by a factor of 100000000, but it won’t be borne out in reality unless my mnemonic device becomes part of a hacker’s repertoire. If, as is the aim of the OP, one wishes to have something memorable, then that may be an acceptable risk – a risk that is mitigated by such features as length and character set.
In any case, I think the real security of correcthorse lies in its length. It will yield to a certain logic of attack with rather long odds. My modification hasn’t changed that scenario much. And at this point I am inclined to agree with Musicat that the bigger concern at this stage is the unreasonable password limitations placed on users of certain sites. For that, I have to say that the chronos dice method is as good as you are going to get.
Sorry for being so long-winded. Love chatting with you Chronos.
I realized last night that there’s a fundamental misunderstanding here. It’s a good thing for a password to be hard to figure out, and it’s a good thing for a password to be easy to remember. But it’s very important to note that figuring out something and remembering it are two different things. Most of what people are suggesting as means of making a password easier to remember, aren’t actually that. What they really are is ways of making it easier to figure out.
If you’re going “Wait, what did my password start with, again? Let’s see… It started with S, and it was an adverb… Oh, right, it was ‘slightly’”, then you’re mostly not actually remembering your password; you’re figuring it out. You can do this, because you designed the password to be easy to figure out. But “easy to figure out” is exactly what you don’t want from a password.
The real security lies in the fact that it reliably and transparently provides a certain amount of entropy. Of course that amount depends of the length chosen in any particular case.
The problem with all the mind games about what an attacker might expect is that they may all be in vain. They do not add anything you can rely on. On the other hand they can make it much harder to get a good idea of the true entropy of your password, especially if you add subjective choices.
So the first half of the “correct horse” approach is not to bother with things that may not count. Instead you keep it simple: as much randomness as you feel you need (44 bit in the example) in a straightforward and faithful representation.
Of course there are many potential representations to choose from. You could choose digits, alphanumeric characters, plausible syllables, common words, obscure words… If all you care about is how hard it is to break the password, then it doesn’t really matter much. Of course in practice usability is a concern and you want something that is easy to remember. The second half of the approach is choosing simple common words because they allow you to remember relatively big chunks of information as a single item.
The downside is that there is a lot of typing involved. So if you type a password very often, then you may decide that easy remembering is not really the greatest concern and go with two case-sensitive alphanumeric characters instead of each word. As far as vulnerability is concerned the result is essentially the same.
It is possible to come up with arbitrarily complex rigorous schemes that guarantee certain levels of entropy just as well. Whether their properties are worth the added complexity and opportunity to mess up is a matter of taste.
For the number of accounts the average person has, even this is not a feasible strategy. You either start reusing passwords or using very weak ones. The only feasible solution is to create, say, three strong and memorable passwords a la “correcthorsebatterystaple” (system login, email account, password manager) and use the password manager to randomly generate long passwords for everything else.
This is wrong. Passwords are not encrypted, they are hashed. Hashing functions are by design one-way. Solving one hashed password does not allow the others to somehow be unhashed. If this were the case, the hacker would only need to create an account of his own to unlock the DB, because he would know his own PW.
One other feature of hashing is that it is many-to-one. It is possible for two or more different passwords to have the same hashed value, so a hacker who “solves” for the password may not have the actual password, but it will still work on the site where the hash was stolen. It will not work on other sites where the “real” password was the same, but a different hash routine, or different salt was used.
This is why using dictionary words is really bad. If the hacker solves the hash using a dictionary attack, then he almost certainly has the real PW. Random strings will most likely require brute forcing, which is slower and much more likely to find a false solution, but even if there is a dictionary word that hashes to the same value, it won’t work on other sites.
Having the hashed password files allows them to be attacked via dictionary or brute force offline, thus negating time-out/try-out safeguards…the hackers never try to log-in until they know the PW.
KeePass is free and open source. It is the one I use. There are also commercial password managers, but, personally, I trust open source more when it comes to security and cryptography.