1

According to this article DropBox recommends using four random common words as a password. I think that it is good if only I do it. If everyone does it, the attackers will always make dictionary attack (real dictionary), and it will be very easy to crack (number of common words ^ 4).

So, is it secure or not? When the attacker knows that this is what you are doing?

Anders
  • 64,406
  • 24
  • 178
  • 215
Aminadav Glickshtein
  • 285
  • 2
  • 13
  • 4
    That is literally the most-upvoted question on Sec.SE. – Arminius Jan 03 '17 at 01:52
  • 2
    even if there were only 1,000 words in existence, 4 in a row would yield 1,000,000,000,000 combinations. Using 1 uncommon (GRE-esqe), and 1 non-dictionary (proper noun, leet, made-up, nickname, acronym, etc) among the 4, is probably really safe at this point in time. consider using "7" instead of " " between words, or no padding... – dandavis Jan 03 '17 at 06:56
  • I have edited the question to focus on that if it is secure when the attacker knows this. If the attacker do not, it will make very long passwords. But when the attackers knows my method, maybe the answer is different. – Aminadav Glickshtein Jan 03 '17 at 10:25
  • 1
    @Aminadav Plenty of answers to that question address that issue. The entropy calculation in the XKCD comic itself asumes that the attacker knows that this method is being used. – Anders Jan 03 '17 at 11:28
  • You right that there are answers. I just think that the question is dulicate not duplicated. (What happened if the whole world use this method) – Aminadav Glickshtein Jan 03 '17 at 12:07

1 Answers1

-1

I work on password research and I have reviewed extensively zxcvbn related papers and those of other researchers in the field.

Yes, the answer referenced by @Arminius is correct in summarizing why this approach aims to improve security without compromising memorability. Please take a look at it.

The core of your question is whether it would be easy to make a dictionary that cracks those passwords with 4 different dictionary words.

It is true that the main argument of the above approaches only addresses the "Bruteforce" threat model, thus calculating the entropy without any consideration for an attacker who has access to the initial dictionary.

Their approach seems to suggest that all that matters is the password "strength" with no regards to how actual attacks are carried out.

Bruce Schneier made an interesting summary of previous commentaries on this. It becomes more so if, as your premise goes, "everyone is using that scheme" and the attacker knows that.

Community
  • 1
NA AE
  • 188
  • 3
  • 1
    Actually some of the answers (see Thomas Pornin's) provided in the other question do take into consideration how attacks would actually be carried out and base their entropy/bit strength calculations on that approach. An attacker does benefit from knowing what password generation scheme is used, but by design the Diceware/XKCD random word approach remains strong enough to resist attack despite an attacker's knowledge. – PwdRsch Jan 03 '17 at 16:41
  • This answer is completely wrong. The "main argument" in the linked answer does *not* rely on a "bruteforce" without knowing the dictionary. It relies on a dictionary guessing attack with the assumption that the attacker *does* know the exact dictionary used. Did you even read the answer or just skim and make incorrect assumptions when you saw it talking about entropy and bits? The strength of the "four random words" method is the same whether a lot of people use it or not. – Ben Jan 05 '17 at 13:54