Diceware & Passwords - Computerphile
Вставка
- Опубліковано 9 лют 2025
- How do you pick a secure password that's memorable but truly random? Dr Mike Pound explains Diceware
The Diceware website: bit.ly/c_diceware
(Diceware is a trademark of A G Reinhold)
Another great thing to do with dice is play games :) -Sean
Password Cracking: • Password Cracking - Co...
How to Choose a Password: • How to Choose a Passwo...
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottsco...
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
Here's an idea. We should change the word "password" to "passphrase" to subconsciously discourage people from using a single word.
Iwentotheparkto_day.
iwenttotheparktodie
I agree. I've changed my password to "passphrase" in solidarity.
Came here from Edward Snowden s recommendations?
"Passcode" would probably be even better then.
"I'm just looking at your collection of cubes"
"All solved. That's how I roll"
Hahaha
Knew this comment would be here to like, I just had to look for it :D
I'm going to glue all your dice to the table, just so you _can't_ roll. Mwaaaaaaa ha ha ha ha ha!
@@PeteMcDonald You stunningly subtle sophisticated psychologist, you!
??
"We're talking nation-state level security - you can choose to protect against them, but they might just visit you instead." Haha this is the logical step that's been missing in so many conversations I've had with cybersecurity enthusiasts - they seem to think the FBI is reading their emails but pay no mind to physical security. True story, I had one friend who insisted on 20-character randomly generated passwords, but wouldn't even bother lock his front door when he left the house because we were going "just up the street."
That is not the point. The problem is nation states and criminal organizations. They both have access to cloud computing services. Also bitcoin farms and hacking farms can use the same technology. The same equipment a government uses a civilian can buy unless the equipment is classified.
You think there is a difference in terms of capacity? You are wrong. We're not talking petty theft. We are talking about criminal organizations who make a fortune off of your stolen data.
@@jamesedwards3923 I don't know, I think you're the one missing the point here. A high-entropy password is great, but you are vulnerable against a $5 wrench attack and if your adversary is willing and able to use that method, your secure password stops mattering.
@@xXx_Regulus_xXx In most states in the United States. Getting a 'legal' gun is easy. If a criminal organization comes with a $5 wrench. I can unload on them. Got to love the Castle Doctrine :) !
Although in my state and city in particular. Has stricter gun laws. Thinking they are going to stop criminals. Yet in a bunch of videos and articles I have read. Obviously not. The excessive gun laws in my state; city in particular. Are designed to keep lawful citizens from defending themselves.
Bet you know which state I am talking about. Even the city.
@@jamesedwards3923 wrench attack is just a catchy name. Believe it or not it would be possible for your attacker to be armed and a quicker draw than you. I won't be arguing semantics or investing how quick of a shot you claim to be. The point is someone who is better at violence than you might sidestep the password security issue entirely. Do you understand what I'm saying to you?
I know 🤣😄😄
The 12.9 bits he mentions comes from the fact that log2(7776) = 12.9.
I was wondering that, thanks!
My twinkle
Thank you!
But none of my dice have a 6 on them! They have a 9 instead! What should I do?
@@__Brandon__ Excuse me... my eleven-sided die has two number 9 s. Where is the missing number 6 ?
"They may just visit you instead." Ha ha, great capper.
I cracked, lol
??
I have stumbled on to this channel a few months ago, and find them quite fascinating. I found maths really challenging at school, but as I get older understand more and find maths is used in EVEN more places and things than I ever considered. Thank you for creating these short shows with great explanations.
I made a program back in secondary school, where you type in random numbers, and it tallies them up. It really shows how not random you really are.
I can't begin to imagine which random symbol Mike Pound uses.
@@abdulwahabjag #obvious
£ or #?
@@jasoncox5263 Not so obvious. A # isn't called a pound in Britain, it's called a hash.
@@abdulwahabjag TIL that Americans call a hash a pound sign... interesting!
...and for those who deal in slightly illicit substances which you smoke.... perhaps they don't like the hash sign.
I love that they knew that the Rand was our currency,that got me excited a lil bit.Great video as always.
I'm really diggin' the series. An episode about password managers would be great!
It's the man, the legend, Dr. Mike Pound!!
I love that after the great talk on the finer details of password security he alludes to the possibility of a wrench attack.
I think web developers need to be more educated in this. I hate it when I'm forced to come up with all sorts of crazy passwords with this symbol and that case and this number in that position. I mean, popsiclegoldfishigloobulgaria is a far stronger password than g41@9S. Guess which one my bank does and does not accept?
On the other hand. I've seen a website just on the last week which allowed me to use only letters and number in the password. I cannot say which one is more rediculous out of these two.
What if we combine the strengths of those two to have
Password: $7N7e@6MwoB/,@*
Its much stronger than those both.
Although, right now Im on mobile, so it takes some time to switch between symbols and letters. Thats why you can see an altering symbol/letter and uppercase/lowercase pattern. On Desktop this shouldn't be a problem.
I've seen a site that only allows 6 to 8 character passwords, and THEY ARE NOT CASE SENSITIVE.
Mostly because these developers are too lazy do write sophisticated software. But they still need to comply with standard security tests. And these tests will include "are secure passwords enforced" and the devs will say "yeah we check them before accepting". Point done. And then it comes to stuff like you can't use spaces, you can't use ; or ' or " and other characters, that could be used for command injection (no, and santinizing escaping the characters is way too much effort to implement for the lazy devs), you need uppercase, lowercase, numbers... And so people will chose something like "BankName" as passwords, which is among the weakest password you could chose.
Or even better: "Your password must be between 8 and 20 characters" - "But mine has 45..." - "meep! computer says no!"
I even have seen a service that turncates your password if you wrote more than 12 letters... m(
Pointing the blame at web developers is generally wrongheaded. Your bank's developers didn't decide the password restrictions. Management handed them a set of requirements, and they implemented them. For all you know, the developers did push back, because even if they did, it almost certainly wouldn't have made any difference.
The last video on the subject had lots of comments about KeePass, so I started using it. I absolutely love it. Now every website gets its own password, and I have no idea what they are! The only password I know is the one for KeePass, which is five words that spell another word as an acronym, with a symbol and spaces.
I enjoyed the little addition at the end that unless you are being directly targeted a simple password (4 words in this example) is good enough, and if you are being directly targeted there are more physical methods than brute forcing a password.
Yup, there's a great comic about this somewhere. If they're going to brute-force your password, they are going to *brute-force* your password, if you get what I'm saying. How many fingers can they break/cut off before you decide maybe the data isn't worth protecting *that* much.
I hate when my tapir gets corrupted and I didn't make a backup
It gets currupted because it's rw. Maybe it's time to "chmod -w tapir"
Does your tapir often receive bribes ?
Alexander Robohm
Who corrupted it? Some guy from Libya?
ok?
I personally dislike Tapir backups, Iguana-based backups are just way more reliable.
I like chalupacabra
Wait... that's not right...
@@QBelly i like chawawaa
ok?
my problem is that at my work i have literally 17 different passwords (i just counted). They all have different requirements of min/max length (lots are 20 chars max), upper/lower case, special characters, numbers etc. and they expire every month or 3 months or never. If i get one wrong 3 times it gets locked out. In one system it took me 2 months to get a new username set up because the password was locked and there was no other way to resolve this and in another system if i lock my password (or don't use it for 3 months) i have to go on a half day course (every time) about basic use of that software in order to get a new password. All this means everyone uses the same short passwords for everything and so security is made worse because of the measures introduced to increase security.
sounds like you need a password manager.
Some systems have strange and specific requirements, like the first character has to be an uppercase letter and the last character has to be a number, or stuff like that. Why? That requirement is public information, so it makes passwords _less_ secure. And the systems that force you to regularly change your password are very annoying.
@@perimiter I do.
It's best to use an offline password manager with completely random characters of at least 15 characters, and not trying to remember them. Offline is essential since often hashed password files are stolen from cloud servers. Personally I use a simple text file for all my longins, encrypted with a 64 character pseudo-random password by 7Zip AES-256 method. Let's just say, it's pretty darn secure. ;)
@@BillAnt 15 to 20 characters is the statistical average for password length. Bad idea for any important password. Where you control the length and complexity limit.
The videos with Mike Pound are always good and funny. xD
After watching the other password videos you made, I made a new password. When you mentioned that 5-6 words is nation state level of security, I realized that my new password is very secure and I shouldn't need to change it for a long time.
Mike's videos are always informative. More of him please...
I learn a lot a watching this channel. Thank you guys, keep up the good work.
When you have to create an account on a website that requires a password between 8 and 12 characters long, have at least one lower case letter, upper case letter, number and other character in order to be accepted, this video helps so much! :P
There are so many ways to do it, it is insane.
Unfortunately, yes there are so many services. That have not even attempted to update their security. Would not surprise me if sites using such character limits are using MD5.
My passwords requires you to solve riddles and travel all across the globe writing algorithms and finding patterns in scattered around notes, take 16 randomly chosen characters encrypted with a custom encryption scheme appended to a salted hash of my favorite dog race bitwise xored with the name of the cat of the neighbors 20 years ago and 64 digits of pi randomly selected in sequence either forward or backward prepended with 5 words with substitutions from a chinese character set based on the pseudo random number generator built in my nintendo 3ds.
Bravo :) >Sean
Luckily my trusted sidekick can make you talk, Agent M!
Watch out! He's, shall I say, rather bitey!
Travel across a ball? I don't understand, you cannot stand on a ball!
Hey, that’s the same way like I do . 🤔😨
@@santoshpss you must be using translation software. He said globe, as in a map that is projected onto a sphere. Not a ball, as in the round thing that children play with.
And then some random website enforces a character limit of max 10 symbols, no spaces, a special character, a capital letter and a number
Tiavor Kuroma In those sites you can use password "secretlol" and don't use/put anything valuable to those accounts. Use your spam email etc.
Do you mean the email that I use for getting spam or the one for sending it? Oops...
That's why you should have a tiered password schemes, and Diceware should probably be reserved for the highest level, like a password manager or encrypted hard drive/OS. Lower level passwords can rely on your password manager.
"They may just visit you instead." Wow, what a great ending! XD
I had a password so secure, I literally can't remember it unless I have a keyboard in front of me.
I know what you mean. It's just muscle memory for us when we go and type it.
Same! I once tried logging into my PC remotely from my tablet and couldn't do it, because the keyboard layout is slightly different. My password is a pattern that's muscle memory now - I don't even know what the actual characters are anymore.
Yep! I know that pain, I can't log into anything from my phone x) I don't remember my passwords... I can just type them...
Is it "1234567890-=qwertyuiop[]asdfghjkl;'#zxcvbnm,./" ?
@highks Same :/
I love this content! Speaking of password security, could you make a video on key stretching, i.e. CPU and possibly memory hard password hashing functions. Legacy schemes include MD5Crypt, bcrypt (which were and to some extent still are widely used on UNIX) and PBKDF2, then there are more modern ones like scrypt and Argon2. CPU hard hashing is also built into the SCRAM protocol. Speaking of which, I'd also love to see a video on challenge response authentication. :-D
Either way I'll be recommending your videos to my (IT) coworkers since security is important and your videos are really accessible.
"all solved, that's how I roll" - Dr Mike Pound
Buy 5 dice next time! Then it's one roll (of 5 dice) for each word!
clearly you have not seen the prices on proper, unstamped casino dice.
It's a fun way to generate a password so why not do it number by number...
Is your hand big enough to hold five dice at once? ;)
How do you decide which dice to take for which digit?
It can be biased. It's more random to roll a single dice 5 times.
The first time I used diceware I didn't have ANY dice, so I flipped about 20 coins together a bunch of times...
The real benefit of diceware is that it's easy to remember while still being hard to crack if done well
Seems like setting operating systems, web sites, etc., with a default delay (10 minute, 30 minute, whatever) after 5 password misses on login would solve a lot of password guessing problems. I doubt most people use such settings/tools available to them. Of course there are many places where passwords are used other than operating systems and web sites, but it would be a great start. Thanks for the video. Great topic!
You can only impose retry limits on authentication systems, but not on encryption systems.
Great point.
If you own the system, you can key stretch to a silly amount though. Try brute forcing when each iteration of your KDF takes up megabytes of memory.
I like the mention of rubber-hose cryptoanalysis at the end
One other great use for something like this would be if you need a secure password for telephone access to sensitive accounts. The fact that they are words makes would make them very easy to express orally over the telephone while still being secure (provided you don't go blabbing them in earshot and such).
You could also choose a synonym for each word after you roled the dice. "True Thoroughbred Accu Principal" in the XKCD case.
This guy is an absolute BOSS.
If you would like that way to make a password more secure you just need to translate of or two of your word I to in other language. Most people understands two languages. For me I can translate all or some of them to Swedish and suddenly I have doubled the word list. 😊
Doubling the word list increases entropy by only one bit per word. It doesn't hurt, but the benefit is negligible.
Yeah. But the wordlist dubbles and but you don't know what language I have used. In my case you know but you need to translate that list to every language to brute force it. Just adding swedish dubbles the list. Adding all of Europe languages... that's about 25. And so on. And that's my point. Not that everyone take a Swedish word.
Hope you hanging on. My phone got in to this discussion and messing with my text... xD
Bra plan synd bara att Tapir = Tapir
Diceware word lists are available in multiple languages (they contain different words) so you could roll the dice one more time to choose your word list.
"Most people understand two languages"
Spoken like someone who has never left Sweden.
One of the easiest yet secure passwords I once had (before yahoo forced me to change it) was a 6 character password when the minimum was 8 characters
I use the first letters of the words of the second verse of an obscure poems. Easy to remember or to reconstruct from a hint, if you forget.
Look up "The Subway Piranhas" by Edwin Morgan. It's a short and slightly startling poem.
awesome. I have been using your scheme for all my passwords ever since you suggested it. love the explanation.
Can you do a video on vulnerabilities on PGP/GPG protocol? It's in the news right now.
At first i thought well this is still terrible but its actually a lot better than it seems at first glance.
If you run 80bil (educated) guesses p/s you will on average crack a password every 1 hour. And if i remember correctly you had an 8bil guesses p/s in your last video. So even for much stronger computers this is challenging. Not considering the fact that there are other password types you might want to dedicste processing power to as well. Great job. Really nice video explaining this :)
I know this is a bit of an older video, but I have learned a lot watching this series from computerphile, some of my passwords are trash (despite me knowing how important security is) but really some of the sites I log into, I really do not care if someone gets into it, but if I do care about it, I do attempt to make it a more secure password, usually involving an uppercase/special character, and number in it, but aye I am realizing how insecure that is. I have always tried to keep my social media posting to a minium because I never wanted anyone to be able to social engineer my more precious passwords. (Yes I will admit that my most secure passwords belong to my games, and anywhere my private info is stored in one way or another... i.e banking, etc.)
-
One thing I wonder after watching these, and something I have suggested/thought of in the past is just using shorthand to make a password more secure, and I wonder how secure it would actually be, I know they could still brute force it due to a small number of possible inputs, but at least it wouldn't be a common word used in the dictionary.
So for example:
My password is not password 54
would be this:
Mpwinpw54
----
It should be fairly easy to remember and should be a bit harder for someone to just outright brute force their way in.
Your mistake was.Posting your ruleset. Now hackers will add it to their attack models.
I love how he uses an asterisk as a multiply symbol.
Such a likeable character Mike Pound
I learned from XKCD that Correct Horse Battery Staple is a really secure password so I use that everywhere.
Absolutely great video. Had an amazing time learning this new concept. Thanks.
When I decided to update my important passwords, I used a method very similar to this.
I just found an online dictionary of English words and uploaded them into a spreadsheet, then wrote a small bit of code that would select 5 random words from that list of 10s of thousands and concatenate them together. This ensures the words I chose were random.
However, they weren't totally random, because I did this several different times until I got a password that I found easy enough to remember.
I assume what you mean buy "important passwords" means stuff you have to remember. Most people make the mistake of keeping all their passwords in their heads.
@@jamesedwards3923 Important passwords, like for email or a password manager. The sort of thing you need to remember, but also that could be devastating if someone nefarious got access to it.
There are some less important passwords I really don't care too much about, because they're for inconsequential websites or something that nobody else could really benefit from hacking into.
Everything else can be a string of 16+ random characters, and memorized by a password manager. That keeps everything pretty secure.
@@sk8rdman At least you had the common sense to do it. So many I meet and talk to. Do not care until they get hacked. Or spoofed. You would be surprised how lazy people are with cyber security. How could you 'understand' the situation? Yet not take basic efforts to deal with it?
For anyone curious, Let's compare this 5 word password to a more traditional 10 character password pulling from a pool of 74 random characters. 74^10 = 5E18 possibilities. Compared to the example shown in the video, 7776^5 = 3E19. So this method is slightly better than 10 purely random characters (which is very hard to remember)
10 purely random characters are not that hard to remember. And they are faster to type.
Anyway, I don't get why people aren't using password managers and still try to remember all their passwords. My passwords are all at least 16 random characters (letters, numbers, special) which is way more secure than what is shown in this video. I don't know any of them by heart but then again I don't need to - i copy and paste them directly from my password manager (which makes me immune to keyloggers as well).
@@teeds88 doesn't make you immune to clipboard sniffers
LOL, that is the point is it not. Diceware or Leetspeak - Taking something easy to remember for you. However for a computer it is insanely complicated.
Some people put down leetspeak. I logically disagree.
As we all know, the longer and more complicated your password. The harder it is for a 'computer' to figure it out. Also, if a person can not figure out. If a human and a computer can not figure out what you did. That makes it all the better as a password.
@@jamesedwards3923 I build password cracking dictionaries. And leet speak is easy to crack. Actually combining words some with leet speak and some with out. While sharing vowels is best. "!l1kEtHr3epeoPLE" is hard to crack
To save people the effort of using wolfram alpha, there are 6^5 words (7'776), 7776P5 is 2.839E19 combinations from that list - which is about as secure as a 10(.85) digit password that contains A-Za-z0-9 (62 different characters).
I have one interesting question regarding this video.
When users apply this scheme they sometimes will be "cherry picking" the "random" words.
For example, if I don’t like one word, i could roll that word or the whole phrase out again.
In my opinion that could become dangerous because it lowers the security by making words pseudorandom again.
An attacker could try to find out the most liked words and do some kind of dictionary attack with the statistically most liked words.
My argument is that many users would prefer "sunny car day love" over "wrong cold roach stink" and roll again in the second case.
What is your opinion regarding my apprehensions?
you aren't wrong. I've been using diceware passwords for about 6 years and noticed that I am more likely to rotate passwords that are hard to type after 3 months than I am for passwords that are easy to type which I will sometimes keep as long as 6 months. I think that you could probably build a probabilistic distribution of diceware passphrases that is a slight improvement on the advertised value against users who misuse the list. However, it is unlikely that will strongly affect any users who use the list correctly.
@Brendan Hart-Nutter
First thanks for your reply. Yes if you use the list right that doesn't matter. The point is that I believe many maybe even most user don't use it correctly and non of the systems addresses this topic by saying don't roll multiple times.
neumde neuer The Diceware website actually addressed this problem, emphasizing that you should accept every word generated in order.
Chenfeng Bao thanks for your input
Instead of using words to create passwords, I determined that it would be really hard to crack a password where each letter made a name but each individual character is stepped forwards or backwards on the alphabet (so if you have Johns, it would turn into Knimr as each letter is moved in a specific way forwards or backwards) as well as using underscores instead of spaces (because I’m a geek with an affinity with secrecy) or you could just generate a password with the computer automatically remembering it. Dashlane fills in passwords for you so you don’t have to remember them, so that is how I’d improve on that.
But just where can you get sweaters like Dr Mike?
“I’m just looking at your collection of cubes up there”
“All solved, that’s how I roll”
one way for pw is use someone's phone number>transfer it to a symbol number mix>put it in b/w a word >repeat the same process
that give u at lease 16+ pw with upper/lower case character mixed with nonsense
but at the same time easy to remember
Don't know whether I'm watching because of the content or Mike anymore...
I just came up with an even better method:
Take any dictionary.
P = page count
C = column count per page
N = max words per column
R1 = Rand[1, P]
R2 = Rand[1, C]
R3 = Rand[1, N]
For each word needed:
* Generate random numbers using any trusted source of true or cryptographically secure random data
* Go to page R1
* Look in column R2
* Go to word R3 (if there are fewer than R3 words on this column, continue on to the next column or loop around, your choice)
Entropy is MUCH higher as there are a lot more words to choose from. (The dictionary I used says "over 70,000 definitions" on the cover.)
EDIT: If you can remember 8 words, and use a 70,000 word dictionary, that's a full 128 bits of entropy, but even at 5 words it's 80 bits. You can get 64 bits with only 4 words.
Hon much more secure would it be you added an extra dice roll(1-6) after each word?
you can start with four/five words, then when you're sure you remember them change the password to contain another word, and just keep on like that until you're satisfied with the strength
It's like having a 5 letter password but from an alphabet of 7776 letters!
I love that thumb position ABS shine on your spacebar :)
I feel like often increasing the difficulty of breaking passwords is proportional to the ease of use of the password. A complete sentence, or several is much easier to type and remember, and much harder to crack than a few random words. It could be social engineered, but if we are being honest any password you can remember can be social engineered. Additionally this entire comment is my password. Too bad so many places only allow around 10 characters, they are insecure by design.
No extra bit. I live for the extra bit. I'd also love a book shelf pass for all the guess you have. It's where I find new books the read. lol
You can use a dice with a dictionary. 3 rolls for page, and word number then choose the closest 4 or 5 letter word. Certainly seems more random than that list, but still a nice scheme until next year when computers are 10 times faster. :)
A variation of this theme is used in BIP39, a bitcoin/blockchain standard, where everyone uses a published list of 2048 words with some special characteristics. Since it's a smaller list, you choose more of them to be a passphrase, sometimes 12 or 18 or 24 of them, to avoid brute forcing. Its purpose is a sort of passphrase which (1) gets used exceedingly rarely, and (2) should be statistically guaranteed to be globally unique for all time like a GUID.
That last sentance translates as:
"My associate here will now begin to hack your password. He is going to hack your kneecap with this tire iron until the password comes out of your mouth."
i use diceware for every account that doesn't have 2 factor authentication available. I have about 4 i use daily, all six words, and it's surprisingly easy to remember and distinguish them.
He missed the added complexity of using a random number of words. This take the total combinations from 7776^5 (all 5 word combinations) all the way up to 7776^5 + 7776^4 + 7776^3 + 7776^2 + 7776 (all 5 word option + all 4 word option + ... + 1 word options). That's the point of the words being so varied in length.
Which password generator app you are using for generating ur password? In some video ou mentioned the name of the application
what about choosing 4 words, each containing a random symbol, but each word is in a randomly chosen language... anyone can learn one word of 4 languages so it would be easy to remember. That seems pretty solid compared to limiting yourself to just one language.
That is something you would have to commit. In A great deal of the world. Learning another language is a requirement. You can social engineer that. Via country, age, and education level.
However you are not wrong.
Out of curiosity, if the attacker knew you were using Diceware, and also knew how long your password was (maybe they heard you type it once?), how does that change the probability of breaking it? It seems like even with 7776 words, there are going to be limited ways to generate a string of X characters.
Even if the attacker knows the word list, how many words you use and even the separator character, it won't change anything. The number of combinations is finite, but is huge! It's ~ 20 billion billion possibilities for 6 words.
Instead of words, you could try using emoji. It won't work all the time, but the dictionary is pretty large too and way easier to remember, probably easy enough to make a whole story worth of emoji.
One simple way to defeat the average dictionary attack is to use an accented character where there is none, an incorrectly accented character or one without an accent where there should be, e.g. venêrable.
what's the reason behind maximum password lengths? is it just for space/storage or is it related to hashing?
Great video. I have a question on how entropy was calculated. Where did the 12.9 bits come from?
2^12.9 = 7643.40626667 which is approx the 7776 word choices in the list
3:42 That a Panasonic Lumix DMC-lx100? I have one of those, neat little 4k cameras
Yeah, it's amazing :) >Sean
"All solved that's how I roll" was better than Mike's "it does" Bob and Alice analogy from E2EE video
How was the 12.9 calculated?
How many bits you need to store the number 7776, which is log2(7776).
Pampersrocker cool, thanks!
A niffy method when you have a password with no length maximum is to set your password as an excerpt from a ebook. Then copy and paste the password when you need to use it. That way you can have a password that is a paragraph or even a page long. Of course you can put a symbol in the middle of a key word and that would make it more difficult.
you could also take a dictionairy and then roll in which sixth your word is. repeat around 7 or 8 times for the oed and you get any word
And here I was just using my Windows license code. It's 29 characters long (with hyphens) and close enough to random for most purposes - and while it's printed on the side of my computer if I ever forget it, it's something that hardly anyone would think of, unless I told them.
D'oh!
Bad idea. They can be brute forced. They can be extracted from your box.
@@jamesedwards3923 Theyd need to know to try it. Even if they extract the key (which they couldn't, actually, since the one on the side of the system is actually different from what's installed) or brute force it - how many people would think to try it for the password.
I'm probably just doing some statistical fallacy but, could you semi-eliminate possibilities based on the fact that your odds of rolling a specific number several times in a row are low? For whatever reason dice tend not to fall that way, though if it's truly random the odds of getting 1,1,1,1,1 should be the same as getting, say, 3,2,1,5,3. I feel like if an attacker assumed no number appeared more than 3 times consecutively, they'd eliminate a significant portion of the possibilities and they'd almost always be correct.
Yes, it's a fallacy, though an interesting one. The odds of 11111 is the same as any other 5-digit number. It's 1/7776. The reason 11111 seems to have a lower probability of appearing than, say, 32153 is this: 11111 is a memorable number, so we notice how infrequently it occurs. 32153 is not particularly memorable, so we don't notice how infrequently this exact number appears.
There's another way to think about it. What's the probability of five rolls all of the same digits? There are six such numbers (11111, 22222, etc.). So probability is 6/7776. What's the probability of five rolls each with a different digit? 7770/7776. This creates a false perception that repeating numbers are less likely than non-repeating numbers, because we forget that we're not comparing the same thing.
That's an interesting idea. I generally just look at all the labels on anything on my desk and use the first letter from each label until I think it's decently long scramble a number in with it that is familiar to me but doesn't have anything to do with me jumble in a couple symbols and upper case and call it a day. Then I clean off my desk.
Edit: Maybe I'll continue to do that and bookend the one I generate in that way with a couple random words from the OED selected this way.
the way is was tought to choose passwords is pick a obscure phrase you really like, so something you will remember, take the first charactere of each word (i sometimes add the last ones as well if the phrase is to short) swap out a few charecteres for capital numbers or special charecter.
Question... sorry if it was already answered, I need to watch the video again.
But regarding entropy and passwords made out of random words, would a dictionary attack significantly lower the entropy of it?
I imagine it'd be hard figuring out the correct length of the password, and then you'd need a whole lot of word combinations and recombinations to the to the correct length.
I'm currently using just random alphanumeric with a password manager, but in the future I'd like to switch to an offline password manager and combinations of words in different languages, significant numbers and symbols thrown around.... that I imagine would be plenty. xD Still relatively memorable at least for the most used stuff, and the rest would have to be recovered using the offline password manager.
The entropy calculation is *assuming* the attacker is using a dictionary attack *and* knows what dictionary to use. It would be more accurate to say that if the attacker doesn't do a dictionary attack, the entropy would greatly increase.
His books:
Anderson - Security Engineering Second Edition
Ferguson Schneier Kohno - Cryptography Engineering
Erickson - Hacking The Art of Exploitation
Yoshua Bengio and Aaron - Deep Learning
If the attacker is spying on you enough to know what words you saw on the side of a bus, wouldn't they see you typing the password?
I think the idea is that most easy words people think of are also easy for an attacker to find out, like your kids' names, your birthday, your maiden name, your first school, the kind of stuff that's often used for "security questions".
I think this video didn't do the best job explaining why "choosing random words from your head" is a bad strategy. It's not so much that someone could be spying on you, but rather that the words that are most at hand when you try to think of a "random" word come from a more limited "dictionary" than you would probably think.
Humans don't have random number generators in our brains. What we have instead is a fantastic ability to recall concepts that we associate with other concepts. So if you ask someone to name a "random word" out of their head, what they will tend to do is play word association with the word "random". So they'll say "potato" or "haberdashery", because those are the words that come to mind when they think of randomness. If they know to avoid this bias, they'll try to search around for some other word in their vocabulary, but they have _no_ control over the distribution, and no effective way to "break out" of the set of words that happen to be mentally close at hand at the time.
So it's not that someone can figure out your "dictionary" by watching you. It's that someone could study the passwords that people tend to mentally generate, and build up an effective process for limiting their search space. And because you didn't use a truly random password, you have no idea how susceptible your password would be to that process.
+chaumas Human memory is also subject to the availability and recency effects that bias human recall especially when asked to select a random item from some class, the availability effect biases them towards members of that class they remember seeing more often and the recency effect biases them towards members of the class they have seen most recently. Of course the word frequency distribution of the users language significantly affects both of these more frequent words are both seen more often and statistically are far more likely to be among the words you have seen or heard most recently too.
That can of course be used to prioritise the order in which words from the dictionary are used too just sort them by the word frequency of the language first. This could even be made worse if you have any additional information about the target like level of education or profession, for example the word frequency list will deviate from the average among the general population if you were to use word frequency data from the writings of university educated engineers for example.
They don't need to spy on you, just identify some patterns generally used by humans. Assume the attacker has a huge database of previously leaked passwords. He can start with the most common words combined with the most common obfuscation strategies and gradually move towards the least common ones. He can try an enormous number of combinations and surely will crack a lot of passwords this way which depended on some human bias. The farther you gone from common patterns the more chance you can get away with it, but you cant be sure. Or you can use some simple methods which does not introduce such bias and can create passwords with high entropy such as diceware. It is very straightforward, and you can determine the password strength in number of bits. You dont need to outsmart anyone or think too much to generate your passwords, just follow some simple instructions. You can do it even if you are tired, have hangover etc. yet your passwords will be as safe as ever because the process gets entropy outside your brain, like from dice rolls. It is somewhat scaleable, because you can add more words for higher entropy, but it becomes harder to remember and longer to type in. Maybe you can practice with 5-6 words per password and go to 7 if you need very high security, but this is just my understanding of the subject, I am not an expert on the topic.
@@seraphina985 Your stated that perfectly sir.
Sounds cool, but wouldn't words at the start of the list be less secure than ones at the end of the list? Assuming all the words are spread out through the list, sure, it would be fairly secure, but if you got unlucky and had a bunch of words, say, on the first page, then wouldn't those be easier to crack with a brute force attack?
There is a smart way to protect yourself against someone forcing you to tell your password for encrypted files.
You have a big file with some random data, some public data and some secret data mixed together and potentially multiple passwords.
If someone threatens you, you can give them a password that only unencrypts the uncritical data. If he asks you why the result has so few bytes, you tell him that the whole rest of the file is random data.
Truecrypt has that feature. A duress partition for them and a hidden partition for you.
will someone that smart rob you?
Lol they must visit you instead. That cracked me.
07:53
12.9*5=64.5 log2(6 sides per dice^5 dice)*5 words
Shouldn't the size of the word list be anywhere in there? If the word list has only 100 words, shouldn't that affect the entropy?
the number of words in the list is exactly equal to 6^5
The creator of the diceware now recommends a 10 word pass phrase to be secure.
Ten words is 129 bits, that is quantum resistant level. Arnold Reinhold actually recommends six words at this time.
No way. 10 words is the same strength of the key itself. He has comments on this fact, but does not recommend it. Six is what he recommends.
Excellent video.
7:26 "[spaces] add nothing because they know what spaces are"
You have to add spaces to get exact the calculated security, otherwise two different dice throws could yield the same password, e.g. "player rand" would equal "play errand"
Correct.
He pretty much explained it at 8:40
Would it be more secure to remove the spaces between the words? Or would having the spaces be "less" secure because an attacker then would know the size of each word? My Passphrase has ( 4 ) words but no spaces should I add the spaces to make it more secure or does it matter?
It could help increase security if they don't know spaces are in your password, but if they know you are using diceware it's the same either way. It also elevates your character count and character set. As Mike said, you can make those spaces anything you want to make it more difficult for bruteforce and diceware attackers.
Would love to see a follow up to this where he uses his Dictionary Searcher (on the GPUs) to show how long this example password would take to locate in the 7776^5 search space.
Robin Hilton Really long. So long that he probably don't have the resource to actually locate this at all.
With a fast hash, like SHA 256, and dedicated equipment, a 60 bit password can be cracked in one or two weeks. Obviously, that's an example of how *not* to do things.
On the other hand, assuming proper storage on a server with many users, the hash should complete one iteration on the millisecond scale, in which case the password will be cracked in around 40 million years, less on dedicated cracking hardware. Same on home hardware, for which you can key stretch up to a few seconds, but is also much weaker than dedicated cracking hardware.
actually those square casino dice, are only for casino games such as craps. you need the rounded corners dice for regular dice throwing to get more randomness. You can get dice with rounded corners that are also completely unbiased to any side.
If I ever make a social network or a website with accounts, it would support ALL Unicode characters (even control chars), to give people the freedom to use a password in their native language, or a gibberish one. The only requirement is that it must be longer than 3 codepoints, this is because some codepoints need more than 1 byte to be encoded. Of course, I would add a non-intrusive dialogue suggesting how to choose a password or passphrase depending on the user's needs
Random wikipedia articles, take the first word of the title for four or five articles. Wikipedia has 5,567,762 articles. I just created a password "Grape seaboard fishkill whip".
But the "random page" link doesn't use true randomness ^^
there is a wordlist of every word in every language on wikipedia circa 2013ish. it’s got like 200 million words or something. filtering for length and typability you’d still have millions. 6 of this at random would be incredibly unbreakable at today’s compute power
The wordlist mentioned in the video is made so that there's no huge length password. So better sticky with that wordlist... MY OPINION
Yes, as Alex P said.
Even if you had every single standard word in a dictionary file, brute forcing trivial couple word passwords is already a painfully agonising task.
Attacking a 5-20 word password is essentially going to take longer than several universes.
You misspell some of those words and you break the dictionary.
Think of it this way:
Standard English characters allowed in most password fields is in the hundreds.
Common English _words_ is in the 10 thousands.
It's far easier to remember a chain of words than a chain of letters.
And it is also considerably harder to attack even WITH a dictionary.
A person trying to crack your password gets zero feedback from cracking your password (unless the encryption system is flawed)
They can't assume a single thing. Even if they know you used common English words, no life will exist to get the password. (probably)
I don't think it is possible to arrange every quanta of energy in the entirety of existence for the entirety of its possible lifetime to brute force every single iteration of unicode-based language. The numbers are insane.
Luckily there is an easier method: kneecap, meet baseball.
Wouldn't it be easier to hit the knee with a bat instead?
I would like to know your view on password managers like 1password. Combined with a hardware password or security token.