They seem to be making an assumption of 1.67 * 10^11 hashes per second. Based on decade-old ASIC processes, this is $100 worth of silicon if you're using MD5 as a key derivation function (using SHA1 or SHA256 or SHA512 would be no more than 2-3 times larger).
On the other hand, if you're using MD5 CRYPT, they're assuming $100,000 worth of ASICs. If you're using PBKDF2-SHA256 with standard "login credentials" parameters (100 ms of CPU time), it's $14,000,000 worth of ASICs. bcrypt, $100,000,000. scrypt, $4,000,000,000. And if you're using scrypt with typical file-encryption parameters (5 s of CPU time), $15,000,000,000,000 worth of ASICs.
Moral of the story: Whether your password is strong enough depends as much on how it's stored as it does on the password itself.
Well there's another way to look at it too: the strength of any password-based credential system relies upon the user refusing to give the password to unauthorized parties. The unfortunate consequence of this is that the user must authenticate the system (and verify the security of the connection between) before entering their password.
But the strength estimates they give are far too high: What is the strength of a password which a user is willing to type into a non-https website or computer on the street?
I entered two password modeled after my password, and it said the first was rated at 22 seconds, and the second -- swapping out special characters for other special characters, etc. -- was rated at two weeks.
The algorithm they're using first replaces all "top passwords" in yours with a single lowercase character ('a'). Then, it counts the number of lowercase (/[a-z]/), uppercase (/[A-Z]/), numbers (/[0-9]/) and special (/[^a-zA-Z0-9]/) characters. It assigns lowercase and uppercase characters 26 possibilities, numbers 10, and special characters 32, and multiplies to get the number of possible passwords. This is divided by a "standard computing power" to get the number of hours it would take to crack.
This is about as rough as an approximation as you can get. For example, if your password contains dictionary words that aren't in their top passwords, it drastically overestimates the the difficulty of cracking it.
Type `"".hackability` in the console to see the code.
Thanks for the overview. It'd be nice if they could make a password strength checker that got the exact strength instead of an estimate, that would be cool (because actually building a hypercomputer is impressive).
> Step 3: Diversify your social passwords for added security
> "My 1st Password!: Twitr"
> "My 1st Password!: Fb"
> "My 1st Password!: Redd"
This is a terrible technique, because it's only marginally better than using the exact same password everywhere. It shares the same weakness in that as soon as your password is compromised in one place, it's as good as compromised everywhere else.
Then paste whatever ends up in the clipboard as your password.
pbcopy is MacOS X specific I think, but IIRC there was similar way to shove stuff into clipboard on linux. Else you end up with (1) password on the screen (2) immense pain typing 40 senseless hex chars :-)
If someone attacks a group that includes you, breaks one of your passwords, and posts a dump on the internet, yes.
But if someone gets some password database, bruteforces all the passwords under 20 characters, and now has a username-to-password map with a million entries.... you're probably safe from that attacker using your username/password on other services. So I'd say that it's better than "marginal".
So it depends on what attack scenario you're defending against. Which is true for all safety judgements.
Yes, lets teach users to type their passwords into "checking" tools. Great.
edit: on the plus side, "CONGRATULATIONS!
It would take about 2546476408336 years to crack your password."
(I typed in a password that was roughly equivalent to a very secure and memorable one I memorised but have never found a use for. It's a correcthorsebatterystaple style password.)
Their advice for diversifying your passwords is not very good. If you are using the same password stem with a suffix determined by the site name, as
"m1p.5AsGs9LXo_HN" for HackerNews
"m1p.5AsGs9LXo_RandomForum" for some random forum
"m1p.5AsGs9LXo_WF" for Wells Fargo
and the random forum's database gets popped, how secure do you think your Wells Fargo password "m1p.5AsGs9LXo_WF" is? Less than 12486848 years. That goes from the realm of password cracking to some guy typing out all the abbreviations he can think of for Reddit or Twitter.
In case you're wondering, Wells Fargo will not accept "m1p.5AsGs9LXo_WF" as a password - too long!
That's the one thing which always leaves me speechless: what is the purpose of having an upper bound on password length?
To me, it always feels like they're putting up a humongous, blinking sign proclaiming "Proudly storing your passwords in plaintext since 1991!" (Most notable offender, last time I checked: Skype)
I'm still against using passwords at all. In today's society it's completely unavoidable but instead of expecting people to go through the trouble of maintaining a different password for every site we should be trying to move websites in the direction of using tools like public key authentication and two-factor authentication. The future of internet security will be better if we make life easier for the end user.
And while public key authentication may seem difficult to implement server-side by doing such a thing you will never risk a database password leak again.
"Step 3: Diversify your social passwords for added security" Newsflash: appending a three-character string " Fb" to your use-everywhere password flies directly against Steps 1 and 2 ("Increasing password length is more about strength than it is [sic!] complexity", "Use multiple passwords").
Also, "Password" as a part of an example password? "Append a special character"? What is this, 1995?
I used to do this, but there are still so many annoying websites that require certain characters or maximum length, or other patterns, to your password. I would use a PwdHash for some websites and not for other websites, and then have to remember which sites I used PwdHash and which I didn't.
I finally settled on 1Password for the iPhone. I don't remember any of my passwords. I unlock 1Password, find and reveal the password, and type it in. This allows me to have really complex and long passwords. I always have my phone on me, as I use 2-step authentication for every service that provides it. In the rare event I forget a password, I still have email fallback recovery.
That's because 123456 is a common password, as is abcdefg, so they're assuming that they will be in dictionaries and rainbow files, so they count them as a single letter.
Your first password, they interpret as aa!
Your second, a!a
Your third, a1!23456
Your fourth, a!bcdefga
[+] [-] cperciva|13 years ago|reply
On the other hand, if you're using MD5 CRYPT, they're assuming $100,000 worth of ASICs. If you're using PBKDF2-SHA256 with standard "login credentials" parameters (100 ms of CPU time), it's $14,000,000 worth of ASICs. bcrypt, $100,000,000. scrypt, $4,000,000,000. And if you're using scrypt with typical file-encryption parameters (5 s of CPU time), $15,000,000,000,000 worth of ASICs.
Moral of the story: Whether your password is strong enough depends as much on how it's stored as it does on the password itself.
[+] [-] marshray|13 years ago|reply
Intel has brilliantly demonstrated a social engineering/phishing attack here. "A street game" on New Yorkers, of all people! http://www.intel.com/content/www/us/en/security/passwordwin-...
But the strength estimates they give are far too high: What is the strength of a password which a user is willing to type into a non-https website or computer on the street?
Very low.
[+] [-] DanielStraight|13 years ago|reply
"bacon giraffe coffee paper head": 2 weeks
"coffee banana tourist nose": 15368 years
Or even worse:
"i like salt": 18 years
"i like pepper": 9 hours
[+] [-] user24|13 years ago|reply
> "i like pepper": 9 hours
Well that's clearly because salted passwords are more secure.
[+] [-] unknown|13 years ago|reply
[deleted]
[+] [-] recycleme|13 years ago|reply
"salt tastes ok": 324658 years
"intel password sweepstakes": 8441109 years
"dictionary attack": 390 years
[+] [-] robbyking|13 years ago|reply
[+] [-] joelg236|13 years ago|reply
[+] [-] thedufer|13 years ago|reply
This is about as rough as an approximation as you can get. For example, if your password contains dictionary words that aren't in their top passwords, it drastically overestimates the the difficulty of cracking it.
Type `"".hackability` in the console to see the code.
[+] [-] khafra|13 years ago|reply
[+] [-] mentat|13 years ago|reply
[+] [-] Zikes|13 years ago|reply
[+] [-] ay|13 years ago|reply
stty -echo; echo `read | sha1sum` LittleBitOfSalt | sha1sum | cut -c 1-40 | pbcopy; stty echo
Then paste whatever ends up in the clipboard as your password.
pbcopy is MacOS X specific I think, but IIRC there was similar way to shove stuff into clipboard on linux. Else you end up with (1) password on the screen (2) immense pain typing 40 senseless hex chars :-)
Both Intel's contest and the test at http://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.htm... mentioned elsewhere in this thread seem to be relatively happy with the result..
The fully random passwords with the password manager are probably better though...
[+] [-] jholman|13 years ago|reply
If someone is attacking you personally, yes.
If someone attacks a group that includes you, breaks one of your passwords, and posts a dump on the internet, yes.
But if someone gets some password database, bruteforces all the passwords under 20 characters, and now has a username-to-password map with a million entries.... you're probably safe from that attacker using your username/password on other services. So I'd say that it's better than "marginal".
So it depends on what attack scenario you're defending against. Which is true for all safety judgements.
[+] [-] user24|13 years ago|reply
edit: on the plus side, "CONGRATULATIONS! It would take about 2546476408336 years to crack your password."
(I typed in a password that was roughly equivalent to a very secure and memorable one I memorised but have never found a use for. It's a correcthorsebatterystaple style password.)
[+] [-] dllthomas|13 years ago|reply
In general, including the spaces is a better idea, because collisions.
[+] [-] tetrad|13 years ago|reply
"m1p.5AsGs9LXo_HN" for HackerNews "m1p.5AsGs9LXo_RandomForum" for some random forum "m1p.5AsGs9LXo_WF" for Wells Fargo
and the random forum's database gets popped, how secure do you think your Wells Fargo password "m1p.5AsGs9LXo_WF" is? Less than 12486848 years. That goes from the realm of password cracking to some guy typing out all the abbreviations he can think of for Reddit or Twitter.
In case you're wondering, Wells Fargo will not accept "m1p.5AsGs9LXo_WF" as a password - too long!
[+] [-] Piskvorrr|13 years ago|reply
To me, it always feels like they're putting up a humongous, blinking sign proclaiming "Proudly storing your passwords in plaintext since 1991!" (Most notable offender, last time I checked: Skype)
[+] [-] hazz|13 years ago|reply
[+] [-] marshray|13 years ago|reply
EDIT: This video explains it: 10 hidden cameras. http://www.intel.com/content/www/us/en/security/passwordwin-...
[+] [-] brianobush|13 years ago|reply
[+] [-] PaperclipTaken|13 years ago|reply
And while public key authentication may seem difficult to implement server-side by doing such a thing you will never risk a database password leak again.
[+] [-] jspaur|13 years ago|reply
interesting toppasswords string. wasn't there a post a few weeks ago about how someone owns a patent on telling you your password is common?
edit: indeed there was: https://news.ycombinator.com/item?id=5543393
[+] [-] Piskvorrr|13 years ago|reply
Also, "Password" as a part of an example password? "Append a special character"? What is this, 1995?
Nice idea with the entropy checker, though.
[+] [-] unreal37|13 years ago|reply
password1 = 0 seconds
password12 = 0.0002 seconds
password123 = 0.0027 seconds
password1234 = 0.0272 seconds
Conclusion - password1234 is 100 times safer than password12. Thanks Intel! Changing my passwords now!
[+] [-] xntrk|13 years ago|reply
[+] [-] sengstrom|13 years ago|reply
[+] [-] Bjoern|13 years ago|reply
"realistic password strength estimation" https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-s...
[+] [-] jstalin|13 years ago|reply
Bueno.
[+] [-] marcosdumay|13 years ago|reply
[+] [-] cypherpunks01|13 years ago|reply
I think it's a solid scheme for using unique passwords on every site, based on just having to remember at minimum one input password.
http://pwdhash.com
[+] [-] JoeKM|13 years ago|reply
I finally settled on 1Password for the iPhone. I don't remember any of my passwords. I unlock 1Password, find and reveal the password, and type it in. This allows me to have really complex and long passwords. I always have my phone on me, as I use 2-step authentication for every service that provides it. In the rare event I forget a password, I still have email fallback recovery.
[+] [-] 6d0debc071|13 years ago|reply
[+] [-] briholt|13 years ago|reply
abcdefg123456! < 1 second
abcdefg!123456 < 1 second
abcdefg1!23456 = 5 seconds
a!bcdefg123456 = 1 week
Moving the ! supposedly increases the difficulty several orders of magnitude.
[+] [-] aetherson|13 years ago|reply
Your first password, they interpret as aa! Your second, a!a Your third, a1!23456 Your fourth, a!bcdefga
[+] [-] benjamincburns|13 years ago|reply
(No, that's not a phishing page)
[+] [-] warmwaffles|13 years ago|reply
[+] [-] jspaur|13 years ago|reply
[+] [-] unknown|13 years ago|reply
[deleted]