Re: [security flaw] Ubuntu is a plain text offender

Steve Flynn wrote:
Acorss 54 sites, my average password length is 20.1 bytes (I try to
generate 32 byte passwords by default but some sites restrict me down
to say 12).

Be warned that sometimes passwords are silently truncated to just a few bytes, accepting long passwords, but ignoring all the good entropy.

Also, I count my passwords in bits of entropy, not bytes of ASCII. That is, I don't generate passwords by thinking up something that *seems* random and measure the output, rather I use a real random source to chose the content and measure the input. For example, if you had a list of 64-words, you could use 6-coin tosses to select on word from the list. (2^6=64), so one word so chosen has 6-bits of entropy. If you use a longer word list and repeat, it is possible to come up with a easy to remember passphrase that is pretty good.

For example: "beauty-alias-citizen" or "budget-sunset-radio" each have 32-bits of entropy. (I have a program that does that.)

Take 32-bits and turn it into hex and you might get 94997b2e, again this password is worth 32-bits of entropy (but hard to remember). In both cases the best brute-force attack would take over 4-billion (2^32) guesses to try all the combinations. 32-bits of entropy is plenty for a password (where the rate of guessing should be limited) but far too little for an encryption key (where parallel computers can all work on parts of the problem at once).

The strength of a passphrase should be set according to how it is used, and that strength is fundamentally the number of random bits that went into it. "May the force be with you." Might be longer than the examples above, but it is a terrible password because too few bits went into selecting it.

-kb


P.S. Running a program like mine over and over again until you get a sequence you like is cheating and reduces the quality of the result. Passwords should be chosen at random, not pawed over by a human. Run the password generator once and use the first result, and there won't be any human decisions that can be second guessed. Assume that running a program like mine twice and choosing the one you like best shaves off a whole bit of entropy, leaving you with only a 31-bit password.


--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Relevant Pages

  • RE: [fw-wiz] strong passwords (was Radius/MS ISA stuff)
    ... When they see that you can find passwords so easily, they will start demanding better passwords. ... difficult to convince them to go much further past 6 characters. ... entropy per ... bits than DES) but not a home computer assuming MD5 is not harder than ...
    (Firewall-Wizards)
  • Re: MD5 for passwords
    ... lessen the entropy present? ... would not be such as to make the hash less secure than than passwords. ... amount of entropy. ...
    (sci.crypt)
  • Re: MD5 for passwords
    ... the hashes are publicly available. ... MD5 ten thousand times) to make dictionary search as expensive as ... lessen the entropy present? ... would not be such as to make the hash less secure than than passwords. ...
    (sci.crypt)
  • Re: ssh gives "Permission denied, please try again"
    ... possibly have enough entropy to be secure. ... as secure as those Debian generated keys... ... If you always pick passwords whose first four letters are 'A' you're ... I've seen a lot of dictionary attacks, ...
    (uk.comp.os.linux)
  • RE: [fw-wiz] strong passwords (was Radius/MS ISA stuff)
    ... A byte is 2 hex digits so a purely random hex password has 8 bits of entropy. ... This improves passwords a little. ... So, we need 16 random hex characters, or 10 random typeables. ...
    (Firewall-Wizards)