[Discuss] password strength

[kentborg at borg.org (Kent Borg)]

On 07/28/2013 11:41 PM, Tom Metro wrote:
> Kent Borg wrote:
>> For example, "8e53-arrow-spell-genetic" is pretty easy to type and
>> remember, yet it has 48-bits of entropy in it.  Not enough entropy for
>> en encryption key, but plenty for a password.  Entropy doesn't have to
>> be hard to type and impossible to remember.
> Entropy calculations can be very misleading, as the things that make a
> password easy to remember also make it much easier to guess.

"easier to guess" has everything to do with how the password was generated.

My 48-bit value is not an estimation.  It is a concrete measurement 
based on how the password was generated.  I took 48-bits from 
/dev/urandom and used them to chose a password via a simple and 
reversible coding scheme.  Being reversible is key, it means no entropy 
was lost.

Passwords do not need to be ugly to have entropy.

The fact that there are dictionary words in my example scares people, 
but it is not a problem:

(1) get some random data,
(2) use it to select words in a dictionary,
(3) send those words,
(4) use the words to generate the original random data.

The fact there was a memorable stage doesn't magically make the original 
random data not random.  (Otherwise we could crack any password just by 
using it to look up human words!)

Transcoding (losslessly) the random data as human words changes the 
entropy no more than coding the random data as binary vs. hex vs. 
base-3.  But human language words have the advantage that they are 
easier for humans to type and remember.

As for password meters, indeed, they cannot know what the entropy of a 
password is without knowing how it was generated.  What is the 
difference between a sequence of randomly chosen words and a well known 
pop culture catch-phrase?  Enormous, yet the simple password meter can't 
easily know.

-kb