3

I typed the following password in howsecureismypassword.net:

yummy candy yummy

It said it would take 100 billion years for a personal computer to crack. Is this accurate? Even though it has English words (that are related moreover) it is more secure than a random string of length 14?

If this is true everyone should be making passwords like this.

gloo
  • 173
  • 6
  • 1
    @paj28 This is not a duplicate of [XKCD #936: Short complex password, or long dictionary passphrase?](http://security.stackexchange.com/q/6095), which is about randomly-generated words, and doesn't address password strength checkers. – Gilles 'SO- stop being evil' Nov 21 '14 at 23:38
  • @Gilles If I go off the question title, rather than the quirks of _howsecureismypassword.net_ then this question can be answered by the 21 answers of the XKCD question. Besides, _howsecureismypassword.net_ does reflect the behaviour of non-dictionary brute force algorithms. You only need one word that [isn't on](http://phrontistery.info/clw1.html) a crack dictionary stolen from a spellchecker, for a brute-force engine to collapse back to raw characters unless it's very [intelligent](http://en.wikipedia.org/wiki/Corpus_linguistics) (and quite slow). – LateralFractal Nov 23 '14 at 00:01

4 Answers4

5

A little test at the site you mentioned suggests they're considering length, alphabet, and brute force attacks only. The password you posted does indeed return an answer of 100 billion years. Changing it to "yummy candy yum" returns 'only' 49 million years. An eight character word, with or without numbers, returns eleven minutes. Adding one symbol changes the answer to three hours. So, probably a relatively unsophisticated algorithm. Everything happens in JavaScript, but it is minified and I didn't slog through it.

Sadly for users for passwords, which is almost everyone, crackers of passwords have a surprisingly large number of heuristics and they've learned to harness GPUs to parallelize guesses. Ars Technica did a series of articles on this in 2013. Rather than post a half-dozen links, try this: https://www.google.com/search?q=password+cracking+site%3Aarstechnica.com

So, your question breaks down into two parts: How many bits of entropy in a password, and how long does it take to crack a password with n bits of entropy? You can get a good example of "bits of entropy" in the XKCD comic mentioned by others.

People have four vocabularies: the vocabulary of words they use in speech, the vocabulary of words they understand in speech, the vocabulary of words they use in writing, and the vocabulary of words they understand in writing. (The separation of spoken understanding and written understanding may be a little controversial but it really doesn't matter for the purpose of this discussion; I'm going to argue that speaking and reading vocabularies are the important ones.)

I have long suspected that the average American's speaking English vocabulary is about a thousand words. I just spent some time looking for evidence or research and came up empty. However, Mark Burnett found that 91% of all passwords come from a list of just 1,000 items. (https://xato.net/passwords/more-top-worst-passwords/) That supports my conjecture as well as a fair amount of research might do.

So, if I asked an "average American" to pick a random word, that's probably about ten bits of entropy. Randall Munroe (XKCD author) suggests using a list of 2,000 random words to generate pass phrases, so each word is about eleven bits of entropy because log2(2048) is 11.

Note that the password selection has to be random. Password crackers take human biases into account in their heuristics. One way to pick random words from a list is with Diceware.

We can think about entropy of characters instead of words. There are 95 printable ASCII characters, and so, about that many one could type into a password. Log2(95) is about 6.6, so, if characters are chosen randomly, an eight character password gives about 53 bits of entropy. However, as Munroe points out in the comic, we rarely choose characters randomly; we pick a pattern, and that cuts entropy drastically. (I do note that password manager programs can choose randomly from an alphabet, or at least pseudo-randomly.)

Given a way to estimate the number of bits of entropy in a password, how long to crack n bits? If we've done the entropy estimate accurately, that accounts for the heuristics used by the crackers, and we can simplify to brute force cracking.

For fast hashes and no salting, this Ars Technica article estimates up to eight billion guesses per second. Eight billion is 233. So, 33 bits of entropy will take one second, 34 bits, two seconds, and so on. A pass phrase with 44 bits of entropy will take 211 seconds, or about half an hour. If you get to 66 bits of entropy, six words from Munroe's hypothetical list or about ten random characters, that's 48 days 272 years.

It is important to note that the eight billion guesses/second is based on the passwords having been stored unsalted and using a fast hash like SHA-1. If passwords are stored properly, using a random salt* and a key-stretching algorithm, then the brute force attack is reduced to thousands of guesses per second instead of billions. There are details at Crackstation. Sadly, we cannot depend upon people who run systems to store passwords "right," and so it is very important not to re-use passwords.

So, to (finally!) get to the question that was asked, "yummy candy yummy" probably has about 30 bits of entropy. A random 14-character string has about 6.6 * 14 = 92.4 bits of entropy, more than 262 or a quintillion times more secure.

* A salt (see the Crackstation article) doesn't make it harder to crack a single password; it's purpose is to prevent precomputation attacks, where one set of computations cracks all or most passwords in a sample.

Bob Brown
  • 5,283
  • 1
  • 19
  • 28
1

TL;DR:

  • Rather write down strong passwords than remember weak ones.
  • Always use unique passwords!
  • Passwords for offline use should be stronger than for online use.
  • You can use a password made of words if long enough, or take a long sentence and use all first letters as your password.

For a password of a given length, a "random" string consisting of alphanumeric and special characters is the most secure, beyond any doubt. These passwords have the disadvantage of being difficult to remember.

Although many advise against writing down passwords, writing down passwords and storing them in a relatively secure location (e.g. your wallet, a safe, behind a painting) enables you to use a larger variety of strong passwords you otherwise might forget. It is unlikely that a hacker on the Internet, trying to break your e-mail password, or a thief that has stolen your laptop and is trying to access your encrypted partition, has access to your written notes. Just do not leave them on your desk.

If you are unwilling to use random passwords because you are reluctant to write them down or remember them, it is feasible to make strong passwords using words if you include enough of them. You may also consider taking a long sentence (e.g. thirty words) from a book, and using the first letters of the words as your passwords. You can then remember the book and the page where you found the sentence, so you can reconstruct your password if you forget it, without writing it down.

Bear in mind that the requirements for passwords depend on the application you use them for. While it may be true that in an offline attack with the intention of decrypting files billions of passwords can be guessed per second, in an attack on a website the number of guesses is limited by the bandwidth and the fact that many sites require you to fill in a Captcha or block your account temporarily after a number of wrong guesses. Therefore, while a offline encryption password should be able to withstand perhaps up to 2^30 guesses, an offline password may only need to withstand a couple of billions of guesses. On the web, it is more important to use unique passwords rather than a single strong one, since not all sites take their security as seriously as others, and you do not want your e-mail or bank accounts to be compromised when someone breaks in the site of your local grocery.

Anonymous
  • 11
  • 1
0

I am not sure how the website you posted exactly works; but this is my intuition; When you say the password is solely made of english letters; this might not be correct from the 'creator of the website' point of view. You used spaces in between the words; as you can see, these were also treated part of your password, it can be that the algorithm that assures security of your password may be considering more letters, numbers and symbols. You see where i am trying to go here.

My point is, probably the algorithm in the hindsight believes from a space of letters including CAPS, numbers, symbols; a password of the given length is highly secure, as for at-least a bruteforce attack, the number of subset from the given space are too many to crack in the given time.

Psypher
  • 1
0

You cannot ever trust a third party to verify password strength. Because what's important isn't the output of your password but your input.

You can't assume that a password cracker it taking a purely brute force approach.

The dictionary of common words is around 2000. 2000 ^ 3 is 8 billion, which could probably cracked in a negligible amount of time.

If I were to take the world 'password' and gzip it, it would look like T+H,..Ï/Jáâ[Ä. Looks secure, but really isn't.

Sobrique
  • 186
  • 6