How safe are my passwords?
August 18, 2010 5:44 AM Subscribe
How safe are my passwords?
I decided to get serious and stop using the same flimsy password everywhere. So today I installed KeePass and used it to generate a different password for each of my log-ins. The KeePass database is stored in a public Dropbox folder where it can be accessed by the MyKeePass app I put on my iPhone.
The KeePass database is encrypted in 256-bit AES/Rijndael. Each of the passwords it generated has at least 128 bits of entropy. However, my master password has only 75 bits. [Since I'll frequently have to enter it on the tiny iPhone keyboard, I wanted it to consist only of letters.] It's a pair of nonsense words I made up in high school - so it ought to be resistant to dictionary attacks. But I'd be happier if it was at least 128-bit strong as well.
Or would that be overkill? I've considered using Diceware to make a stronger all-letters master password. But it would require a 10-word phrase to pass the 128-bit threshhold. And the FAQ says "... if you are worried about an organization that can break a seven word passphrase in order to read your e-mail, there are a number of other issues you should be concerned with -- such as how well you pay the team of armed guards that are protecting your computer 24 hours a day." [But the FAQ copyright notice begins in 1996. So he could be talking about the Pentium 166 era of cracking power.]
Assuming the worst case scenario that a malefactor has already found the KeePass database in the public Dropbox folder and is already at work on it, how long might I hope for the current 75-bit master password to hold out?
I decided to get serious and stop using the same flimsy password everywhere. So today I installed KeePass and used it to generate a different password for each of my log-ins. The KeePass database is stored in a public Dropbox folder where it can be accessed by the MyKeePass app I put on my iPhone.
The KeePass database is encrypted in 256-bit AES/Rijndael. Each of the passwords it generated has at least 128 bits of entropy. However, my master password has only 75 bits. [Since I'll frequently have to enter it on the tiny iPhone keyboard, I wanted it to consist only of letters.] It's a pair of nonsense words I made up in high school - so it ought to be resistant to dictionary attacks. But I'd be happier if it was at least 128-bit strong as well.
Or would that be overkill? I've considered using Diceware to make a stronger all-letters master password. But it would require a 10-word phrase to pass the 128-bit threshhold. And the FAQ says "... if you are worried about an organization that can break a seven word passphrase in order to read your e-mail, there are a number of other issues you should be concerned with -- such as how well you pay the team of armed guards that are protecting your computer 24 hours a day." [But the FAQ copyright notice begins in 1996. So he could be talking about the Pentium 166 era of cracking power.]
Assuming the worst case scenario that a malefactor has already found the KeePass database in the public Dropbox folder and is already at work on it, how long might I hope for the current 75-bit master password to hold out?
I know this doesn't exactly address your question, but after listening to a Security Now podcast episode which analyzes Last Pass, I've decided to put all my passwords under their system. It's worked out great.
posted by jaimev at 5:54 AM on August 18, 2010 [1 favorite]
posted by jaimev at 5:54 AM on August 18, 2010 [1 favorite]
Best answer: How safe are my passwords?
There is no unit of password safeness, it's a judgement call. Assuming you aren't using any obviously simple to dictionary crack password and there's no known exploits in the encryption schemes used I'd say it sounds fairly safe, although…
how long might I hope for the current 75-bit master password to hold out?
I assume you don't mind if someone cracks your password long after you are dead? So 2 generates, 200 years target date to be safe… That would require you to be able to test 2^74 passwords (remember ye olde birthday paradox) at ~3 TeraPasswords/s.
That's not actually entirely unfeasible on current hardware for under $50k I think. Of course in 18 months you'll be able to buy twice as much compute power for your money…
So yeah, not that long a time really. If you move up to say 88-bits of entropy in your master password you'll need more like 25 PetaPasswords/s to break it in the same time. Which is probably going to be out of the range of your average hacker for a couple of decades at least.
posted by public at 6:04 AM on August 18, 2010 [1 favorite]
There is no unit of password safeness, it's a judgement call. Assuming you aren't using any obviously simple to dictionary crack password and there's no known exploits in the encryption schemes used I'd say it sounds fairly safe, although…
how long might I hope for the current 75-bit master password to hold out?
I assume you don't mind if someone cracks your password long after you are dead? So 2 generates, 200 years target date to be safe… That would require you to be able to test 2^74 passwords (remember ye olde birthday paradox) at ~3 TeraPasswords/s.
That's not actually entirely unfeasible on current hardware for under $50k I think. Of course in 18 months you'll be able to buy twice as much compute power for your money…
So yeah, not that long a time really. If you move up to say 88-bits of entropy in your master password you'll need more like 25 PetaPasswords/s to break it in the same time. Which is probably going to be out of the range of your average hacker for a couple of decades at least.
posted by public at 6:04 AM on August 18, 2010 [1 favorite]
Jaimev, thanks for linking that Last Pass podcast, I'm listening to it right now. There is actually a video of the podcast if you guys would prefer to watch rather than listen.
posted by Sufi at 6:24 AM on August 18, 2010
posted by Sufi at 6:24 AM on August 18, 2010
I also use LastPass. Today a bug showed up in Chrome's Dev channel that is keeping LastPass from working. So, if you try lastpass and you use Chrome dev, give it a couple of days to start working correctly. This is the first time (in the nine months I've used it) that LastPass has given my any problems. It is Chrome's fault tho, not LastPass'.
posted by tayknight at 6:41 AM on August 18, 2010
posted by tayknight at 6:41 AM on August 18, 2010
Keepass is popular today, but it won't always be. What happens when they stop maintaining the program? Will there always be a way to open a Keepass database? A lot of people have their eggs in this basket.
posted by futility closet at 6:45 AM on August 18, 2010
posted by futility closet at 6:45 AM on August 18, 2010
Response by poster: Keepass is popular today, but it won't always be. What happens when they stop maintaining the program? Will there always be a way to open a Keepass database? A lot of people have their eggs in this basket.
It's open source. So any of those many users can take over.
posted by Joe Beese at 6:52 AM on August 18, 2010
It's open source. So any of those many users can take over.
posted by Joe Beese at 6:52 AM on August 18, 2010
You must add at least one digit or symbol to your master password. Really -- dictionary attacks are first, then letter jumbles, and only then are numbers and symbols added to the test space.
It's also worth noting that using KeePass or some other system like it is absolutely critical if you have any consideration at all for your next of kin.
posted by seanmpuckett at 7:53 AM on August 18, 2010
It's also worth noting that using KeePass or some other system like it is absolutely critical if you have any consideration at all for your next of kin.
posted by seanmpuckett at 7:53 AM on August 18, 2010
Best answer: An excellent way to avoid dictionary attacks without having to remember anything much extra is just to use the keys to the left (or right) of each letter of your password when you type it. But for extra points, throw a couple of symbols in there (maybe between the two now-obfuscated words) and capitalise letters in a memorable pattern.
So 'trousersnake' becomes 'ytpidrT<>dmslR', and that's a much better password.
posted by le morte de bea arthur at 8:04 AM on August 18, 2010 [2 favorites]
So 'trousersnake' becomes 'ytpidrT<>dmslR', and that's a much better password.
posted by le morte de bea arthur at 8:04 AM on August 18, 2010 [2 favorites]
It's also worth noting that using KeePass or some other system like it is absolutely critical if you have any consideration at all for your next of kin.
Not an answer, but you can't just let this kind of complete and utter bullshit slide in AskMe. This is like Think of the children! on steroids. The only way you could be more wrong is if you somehow incorporated Hitler into it.
posted by Civil_Disobedient at 9:10 AM on August 18, 2010
Not an answer, but you can't just let this kind of complete and utter bullshit slide in AskMe. This is like Think of the children! on steroids. The only way you could be more wrong is if you somehow incorporated Hitler into it.
posted by Civil_Disobedient at 9:10 AM on August 18, 2010
An excellent way to avoid dictionary attacks without having to remember anything much extra is just to use the keys to the left (or right) of each letter of your password when you type it.
"dictionary" doesn't mean "dictionary of English words". You can assume for any easy translation that there's a dictionary file that attacks it.
(Of course, the subsequent question here is "WHO will attack it" -- and if someone's after your passwords, are you sure they'll try to obtain and crack the file, and not just threaten you directly, read it from a keylogger, or something like that? If you don't know what threat you're up against you can't tell if you're properly defending against it.)
posted by mendel at 9:30 AM on August 18, 2010 [1 favorite]
"dictionary" doesn't mean "dictionary of English words". You can assume for any easy translation that there's a dictionary file that attacks it.
(Of course, the subsequent question here is "WHO will attack it" -- and if someone's after your passwords, are you sure they'll try to obtain and crack the file, and not just threaten you directly, read it from a keylogger, or something like that? If you don't know what threat you're up against you can't tell if you're properly defending against it.)
posted by mendel at 9:30 AM on August 18, 2010 [1 favorite]
It's also worth noting that using KeePass or some other system like it is absolutely critical if you have any consideration at all for your next of kin.
Or you could, you know, write the passwords down on a piece of paper. That's what I do. Put them in a safe deposit box if you worry about someone breaking into your house. Put the first half of the passwords on one piece of paper and the second half on another piece and put them in separate safe deposit boxes if your paranoia reaches Idi Amin levels.
I actually have most of my passwords with me in my wallet. I'm not a complete doofus, however, the passwords that are written down are not the actual passwords. It is simple to convert them to the real passwords if you know the trick. Which I do and you don't.
If you want to improve the security of your main passphrase, you can convert some of the letters to numbers (o becomes 0, i or l becomes 1, etc) and then capitalize every letter written with straight lines only and then you should have a nice jumble.
Please note that I am not a security expert or even a security neophyte. Bruce Schneier, however, is a security expert and he says: I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.
posted by It's Never Lurgi at 10:57 AM on August 18, 2010
Or you could, you know, write the passwords down on a piece of paper. That's what I do. Put them in a safe deposit box if you worry about someone breaking into your house. Put the first half of the passwords on one piece of paper and the second half on another piece and put them in separate safe deposit boxes if your paranoia reaches Idi Amin levels.
I actually have most of my passwords with me in my wallet. I'm not a complete doofus, however, the passwords that are written down are not the actual passwords. It is simple to convert them to the real passwords if you know the trick. Which I do and you don't.
If you want to improve the security of your main passphrase, you can convert some of the letters to numbers (o becomes 0, i or l becomes 1, etc) and then capitalize every letter written with straight lines only and then you should have a nice jumble.
Please note that I am not a security expert or even a security neophyte. Bruce Schneier, however, is a security expert and he says: I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.
posted by It's Never Lurgi at 10:57 AM on August 18, 2010
Response by poster: are you sure they'll try to obtain and crack the file, and not just threaten you directly, read it from a keylogger, or something like that?
Keyloggers are a threat, of course - as is snooping on a wireless connection. But that falls outside the scope of the question.
Tonight I'm going to spike the password with numbers and symbols - and use bea arthur's adjacent-key trick to thwart pronounceable-syllable searches. If I have my figures right, it will then be in the 180-bit range. Thanks for all the helpful answers.
posted by Joe Beese at 11:15 AM on August 18, 2010
Keyloggers are a threat, of course - as is snooping on a wireless connection. But that falls outside the scope of the question.
Tonight I'm going to spike the password with numbers and symbols - and use bea arthur's adjacent-key trick to thwart pronounceable-syllable searches. If I have my figures right, it will then be in the 180-bit range. Thanks for all the helpful answers.
posted by Joe Beese at 11:15 AM on August 18, 2010
One thing I used to do, before I got lazy, was take the site base url plus some simple secret password you can remember and then hash that combination with MD5. Then you have giant passwords that are quite secure. This way you don't have to use a central password database or anything like that. You can always figure out your own password for each site.
posted by chunking express at 8:07 AM on August 19, 2010
posted by chunking express at 8:07 AM on August 19, 2010
le morte de bea arthur!!! WTF??!?!? How did you know my password is trousersnake?!?!
Seriously though... another idea is to add some sort of system to your passwords, such as: the last two letters of the domain name turned into phone keypad numbers. Example: Metafilter would be "er". Look on your phone and you'll see that E is a 3 and r is a 7. After doing this a few times, you'll quickly learn the letters without even looking at your phone.
posted by 2oh1 at 11:17 PM on August 19, 2010
Seriously though... another idea is to add some sort of system to your passwords, such as: the last two letters of the domain name turned into phone keypad numbers. Example: Metafilter would be "er". Look on your phone and you'll see that E is a 3 and r is a 7. After doing this a few times, you'll quickly learn the letters without even looking at your phone.
posted by 2oh1 at 11:17 PM on August 19, 2010
This thread is closed to new comments.
http://www.lockdown.co.uk/?pg=combi
posted by Sufi at 5:52 AM on August 18, 2010