Tag Archives: cryptography

More on Passwords

In my previous entry about passwords, I didn’t say how hard it would be to crack my passwords. Beats me. I didn’t even say how many bits of entropy they represent, which is apparently what all the cool crypto cats do.

(The first number I cited, 3 × 1 million3, has 62 bits(!) of entropy. That’s a tough nut to crack. My least-secure option I said was from a pool of 425 million passwords. That’s only 29 bits, which is still about twice as secure as the passwords people suggest you use, things like Tr0ub4dor&3.)

The reason I didn’t cite bits of entropy is (first, that I don’t know math, but secondly) because I’m more interested in the size of the password pool. That is, if you knew the set of common words I’m using (you don’t, but you could start here), how many different separators I use, and the rules for combining them, there are that many possible outcomes.

My pool-size numbers are conservative, because a cracker doesn’t know (for sure) if I’m using only legal words, much less common ones. For all the would-be cracker knows, my dictionary could be full of gibberish like you get from pwgen(1):

iquifeer  nosubiek  iungeime
eighaeka  aqueejas  oaxepohb
aequahsa  raingaej  azeefeep
johphaec  fahtieda  aihaimif
aduyoowe  airahbop  iedeibae

I might even be using pwgen’s “hard” settings:

jjfidv7B  8ZbBAEMP  9zR5PBPn
8f45kjMB  bWZiOF6j  3P7t4FLY
Y1iZKeYA  z8k0nv1T  WD3yQcW8
nDyVSe5o  k42muCy2  F7W43IFD
u2pGNV8F  fQ0CvvT7  k7awERR1

I wouldn’t do that, because those passwords would be hard for me to remember. But how does the cracker know that?

Easy Secure Passwords

In the spirit of the XKCD cartoon, I’ve written a tool to help me think of really secure, really memorable passwords.

For example, here is a set of 5 such passwords chosen at random from a pool of 3 million million million passwords:

starkly.scoop.drawer.gifted.become
stack.epilogue.surprise.print.ancillary
beast.incentive.cloud.country.magical
practiced.original.sinusitis.low-wage.widowed
snarl.ritual.trouble.power.shoreline

But that’s a lot of typing. If you’re willing to be less secure, here are 5 sample passwords chosen at random from a much smaller set of just 625 million million passwords:

likely.crippling.digital.distrust
clogged.gaiety.earth.bring
ragged.online.house.suppose
wordplay.golden.humbling.adviser
untimely.plenty.all-pro.cancer

Still too much typing? How about these 5 super-easy passwords chosen at random from a set of just 425 million passwords:

brawl@social
surrender;newsman
parallel&thwarted
comedic*effort
flooring>brutal