13

Some forms of attacks on passwords use dictionaries. It is safer to use nonsense passwords like YunSUanLin, Artibichoke, etc., which do not seem to pertain to any dictionary?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Albert
  • 131
  • 1
  • 4
  • 14
    If you use a passphrase made up of 10 randomly chosen dictionary words that is going to be **way safer** than a 10-random characters password... so it depends. – Giacomo Alzetta Aug 21 '19 at 07:14
  • 13
    `YunSuanLin` looks like a valid Chinese name and probably pertains to Chinese 3-Pinyin dictionaries, which is a reason random generators are preferred to inventing nonsense words. – jingyu9575 Aug 21 '19 at 08:04
  • Big subject. Salt is probably the easiest way thwart dictionary attacks, but there are other vectors like [known password lists](https://github.com/noloader/SecLists). Attackers will certainly try all the weak/wounded/compromised passwords on the list. –  Aug 21 '19 at 09:22
  • 5
    @jww A salt does absolutely nothing to protect against dictionary attacks. –  Aug 21 '19 at 13:23
  • 1
    @MechMK1 - Salt nullifies the precomputed tables. Also see [OWASP Threat Model for Secure Password Storage](https://www.owasp.org/images/1/12/Secure_Password_Storage.pdf). –  Aug 21 '19 at 13:40
  • 8
    @jww Yes, but dictionary attacks have nothing to do with pre-computed tables. A dictionary attack is an attack where your password candidates are picked from a list of *likely* candidates, not any possible within a keyspace (i.e. brute force). –  Aug 21 '19 at 13:56
  • @MechMK1 - Where do you think the precomputed tables are compiled from? –  Aug 21 '19 at 13:58
  • 5
    @jww Yes, you generate pre-computed tables from dictionaries, but if you use a table to search if a hash has already been calculated before, then you don't conduct a dictionary attack, you use a lookup attack. These are not the same thing, they are not interchangable. –  Aug 21 '19 at 14:00
  • 1
    Obligatory XKCD: https://xkcd.com/936/ – mackycheese21 Aug 21 '19 at 17:17
  • @MechMK1 - [Dictionary attack](https://en.wikipedia.org/wiki/Dictionary_attack). I'm not sure a "lookup attack" is mainstream. It has always been called a dictionary attack since I can remember. I'm not citing wikipedia as the authoritative reference. I'm only using wikipedia and owasp as examples that most folks call it a dictionary attack. (Or most folks I know). –  Aug 23 '19 at 10:17
  • @jww Can we discuss this in [the Chat](https://chat.stackexchange.com/rooms/151/the-dmz) please? I don't want to clutter up the comments more than I already did –  Aug 23 '19 at 10:18
  • @MechMK1 - It is probably best to leave the conversation here. If you are unclear on the terminology, then others may be too. –  Aug 23 '19 at 10:42
  • @jww I still believe that we have a fundamental disagreement on what a "dictionary attack" consists of, and I would like to use the DMZ to clarify my standpoint more clearly and to gather your standpoint. Because in principle, you're not wrong, but generalized statements like "Salts protect against dictionary attacks" are wrong. –  Aug 23 '19 at 10:44
  • @jww Also, if you look at the OWASP example you cited, on P. 10 you see "Dictionary Attack", "Brute Force Attack" and "(Pre-Computed) Rainbow Table Attack", showing that there is a difference between the two. –  Aug 23 '19 at 11:16
  • @MechMK1 - Yeah, I tried to avoid Rainbow Table Attack. That applies to MD5 and the hash chains due to the design of MD5's compression function. Pre-computing from a dictionary has been around a long time. It is more like a property of the attack. You can precompute the hashes, or you can use the uncooked word and perform the transform on the fly. –  Aug 23 '19 at 11:32
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/97768/discussion-between-mechmk1-and-jww). –  Aug 23 '19 at 11:37

5 Answers5

47

Attackers often don't just use dictionaries, but also rules which permute the words in dictionaries.

For instance, a rule could be to substitute certain letters for numbers, which look the same. This would turn Password into P455w0rd.

A rule, which could apply in this case, would be to remove single letters from a word. That means just permutating the password by removing one letter or deliberately misspelling it will give you better chances, but it's not guaranteed.

To specifically answer your question: Yes, it is safer to use non-sense words than to use words in a dictionary.

However, it's not as safe as you can get. An offline password manager can generate truly random passwords for you, and will store them in an encrypted manner. This means that you never have to type in your password, except the master password to unlock the password manager.

To demonstrate this, ask yourself which password you consider safer: YunSuanLin0 or [D@,7##M]enMd*)j5fxG~KQ~?r\<DdV^?

  • Comments are not for extended discussion; this conversation has been [moved to chat](https://chat.stackexchange.com/rooms/97898/discussion-on-answer-by-mechmk1-defense-against-attacks-using-dictionaries). – Rory Alsop Aug 26 '19 at 19:10
16

This might seem like a question that has an obvious answer, but is not that trivial.

Words that do not appear in dictionaries have more randomness ('entropy') and are thus harder to guess for computers.

But they're also harder to remember for humans. And that leads to password re-use. That's very bad.

If you do not use a password manager (and you should!) using a sentence of random dictionary words is usually safer than random non-words. Learn more about this here: What password should I use? (which has a very accurate and easy to understand visual explanation)

Learn more about password managers here.

Jenessa
  • 1,086
  • 1
  • 8
  • 13
1

"Safer" is a relative term. Safer than what, under which conditions?

Under purely theoretical conditions, assuming a brute-force attack of some kind, yes nonsense words are "safer" in the sense that it is highly likely the attacker will try a dictionary attack before an exhaustive search.

In real-life conditions, dictionary attacks happen under two circumstances: a) brute-forcing your way into some system and b) breaking passwords on a leaked database of password hashes.

The solution for a) is to not use broken software. If your software doesn't lock out the attacker after 10 or 100 or some other number of failed attempts, your software is broken.

For b) it is likely that the attacker will stop after breaking the usual simple passwords that many users will be using. He will likely let it run a bit more, but it would be unusual that he keeps the cracker running until he got all the passwords - he probably has several more leaked databases with easy targets that his time and resources are better spent on.

For b), having a password that's not in the dictionary and not a simple permutation (crackers do know about the usual "replace O with zero" substitutions and much more) dramatically improves your chances of not being on haveibeenpwned.com

Tom
  • 10,124
  • 18
  • 51
  • You'll still end up on _haveibeenpwned_ as if the database gets put online (even with the passwords uncracked) there is the chance it'll be cracked, so all the addresses get added to the list. – Baldrickk Aug 21 '19 at 15:15
0

As far the dictionaries are concerned, they contain a list of most commonly used passwords, and that could be nonsense phrases and words as well. For instance, x+word+123 or x+monkey are some of the most commonly used passwords along with qwerty that don’t really make sense. So, you can use nonsense passwords, but make sure that they are unpredictable and not so common. And if you are looking to add strength in your passwords, you can combine the initial 2 or 3 words of multiple phrases. Moreover, if you can add special characters in your password, you’d much safer.

Michael Haephrati
  • 172
  • 11
  • 6
    special characters are actually **not** safer. I'm not aware of a single piece of empirical evidence that proves they improve security. On the contrary, they make passwords harder to remember (which makes them more likely to be written down) and more difficult to type (which makes shouldersurfing easier). – Tom Aug 21 '19 at 09:36
  • 1
    I agree with Tom's concern but upvoted anyway for pointing out that a "dictionary" for passwords contains way more than actual literal words from an English dictionary. Too many people have this weird idea that if they pick something not in the old edition of Merriam-Webster on their shelf, that they'll be safe. – Ben Aug 21 '19 at 13:06
  • I would argue that there is no difference between regular characters and special characters, the weight the same, but when you use ALSO special characters the number of combinations per each character is larger so it is best to use any possible value from the ASCII table and not only digits and alphabetical values. That is true when you brute force a password. It will take more time to brute force a password that contains special characters. – Michael Haephrati Aug 21 '19 at 14:04
0

TL;DR: The safest way to generate a password is by generally using a password manager

Someone who cracks hashes or bruteforces login attempts has several tools at hand to find possible passwords (or password hashes respectively) in question. Dictionaries or wordlists are only one of these. So to limit your defensive techniques against dictionaries only is not enough.

As others have stated, when an attacker is using tools like hashcat or John the Ripper, rules are defined to sometimes "enhance" the words that are found in wordlists. These rules can be defined with relative ease. But how do the attackers know these rules? And where do these dictionaries come from?

The second question can be answered easily: Like the infamous rockyou.txt a lot of other dictionaries are published after data breaches of major (or minor) companies.

Now you got your wordlist. Where do you get your ruleset?

Let's go back to those dictionaries. IIRC rockyou.txt has ~14 million passwords in it. Millions of user passwords in one place that give you a giant data set which passwords are used most commonly, which letters people capitalize and where they typically put numbers and special characters.

Wordlists have changed a bit over the years because we have taught people to build different passwords than "iloveyou", "password" or "baseball". But the change is slow, because a) a lot of older folks and b) people from emerging countries where password literacy is not widespread get access to digital services.

The gist is: people want to type their passwords easily and they want to remember them easily.

Easy typing is important when it comes to numbers and special characters. In theory there are around 200 special characters that you can just type with ALT+Numpad combinations. But in reality most people use one or two of these characters (depending on keyboard layout): !@#}|) (US), !"§*#= (DE).
You probably see a pattern here, because the same goes for numbers: 1209 are most commonly used afair.

So to come back to your question.
What exactly are you trying to achieve?
You do not want to generate passwords like every other user. You do not want to use a word from a dictionary. So use password manager, right? But you cannot always do that. If you log into your system you do not have access to your password manager yet.

Sometimes you have to remember a password and then you want to have a password that is easily rememberable and also very strong. My suggestion: Try something like diceware, or let a password manager generate a password for you and remember it afterwards. Use weird words and conjugate them. Use special characters that are a bit harder to type than "!". Don't just use one special character or one number.

If you think to yourself, that you thought of a clever rule, be sure, there are a million other people who do the same thing and that attackers will know about this rule as well.

Most importantly: 1. Use really long passwords. 2. Don't use passwords that are built like everybody else's. Because these are the passwords with building rules that every attacker knows. That's how to defend against a dictionary attack.

What you get out of a strong password is time. Time that is useful for changing your password after an account is compromised. The length of your password and the way you create passwords buys you that strength and that time.

Tom K.
  • 7,913
  • 3
  • 30
  • 53
  • 1
    `"2. Don't use passwords that are bulit [sic] like everybody else's. Because these are the passwords with building rules that every attacker knows."` Or better: "2'. Assume the attacker knows the building rules. Only use building rules such that they can't guess your password even with that knowledge." You *do* recommend diceware in the previous paragraph, after all. – Ray Aug 23 '19 at 04:42
  • I can't even remember how many people believe that `oKmJuHbGtFcDe` is a safe password. It looks fine, doesn't it? Until you try typing it out on your keyboard. –  Aug 23 '19 at 08:31
  • Most likely people without a qwerty keyboard, MechMK1 ;) – P-L Aug 23 '19 at 12:53
  • 1
    @P-L The thing is, they believe they are being "smart" and that "no hacker could ever figure that out". Therefore I say "If you think you gamed the system, the system just gamed you". –  Aug 23 '19 at 14:41