23 May, 2011

Passwords, part two of two

We have established why you really do not want to use the same password in more than one place. I have a really old text document in my backups which has a list of all passwords I used ten years ago. I believe it has more than one hundred entries. Online games, discussion forums, redundant companies (amazon.de, amazon.co.uk and amazon.com require their own logins) and generally useful services sum up faster than you think. The issue is:

You cannot ever remember a different password for every service.

It is just impossible to remember hundreds of expressions such as "agclue.jf312kd". Most people use a priority system: Crappy password "plork" for services they do not care about much. Medium password: "Naftalin23" for  their Flickrs, Twitter and Gawker. Safe and unique password for e-mail, eBay and Amazon. That leaves you with a dozen passwords or so. It is workable, but for obvious reasons not a good solution. Is there a better one? I present:

The One-Way-Function. ("hashing")

It works like this: You think of a function that only works in one direction efficiently. A typical example is "I see something and it is black." It is very easy for you to decide whether something is black. It is very hard for everyone else to figure out what exactly you are talking about. While I didn't invent the principle, there seem to be miserably few people who create their passwords with this technique. Let me give you a simple example:

Use the first two letters and the last two letters, then write "qelgf.15" behind it.

Google: "goleqelgf.15"
Twitter: "twerqelgf.15"
eBay: "ebayqelgf.15"
Facebook: "faokqelgf.15"

While already very strong, you could easily add capitalized letters to the static expression, that is "qelgf.15", making it "qElgF.15", for example. You might be disppointed that eBay can be recognized. That's an artifact created by our slightly less-than-ideal hash function, but it actually does not matter that much, because it is still incredibly hard to detect without human eyes taking a look at the passwords. And when you are a criminal and out to steal passwords, you don't want to waste hours to guess such functions, when there are thousands of people using "password" or "12345" instead. In conclusion: Just pick any function which you can do quickly in your head which will result in a few letters from a service url, and append something in front or after (or both).

And if you want insane security, you could even do something like writing your full name with birth year (note that this would be one of the least safe things otherwise), and interjecting one letter from the service name backwards. Assume your name is Michael Kennedy, and you're born in 83. Whenever you type your password, you first type out "Michael83Kennedy", then put the cursor at the beginning and move it right once, then type a letter, repeat.

Google: Meilcghoaoegl83Kennedy
Twitter: Mriecthtaweilt83Kennedy
eBay: Myiacbheael83Kennedy
Facebook: Mkiocohbaeecla8f3Kennedy

It isn't very fast, but leads to passwords that couldn't be safer, and it is impossible (and not just unlikely) to have the same password twice, because two services are always named differently to begin with. And before you point it out: For mathematical reasons, the last names looking identical is completely irrelevant. Do me a favour and adopt such a system.

8 comments:

  1. I've seen this practice proposed many times before but there are several fundamental difficulties with applying it consistently. I've just responded to a very similar proposal just here: http://www.troyhunt.com/2011/07/science-of-password-selection.html#comment-256763402

    ReplyDelete
  2. I have explicitly addressed the issues pointed out in a follow-up post.

    ReplyDelete
  3. Hm. So it basically has to be long and look random, even though you have a system behind it?

    And of course new for every service.

    ReplyDelete
  4. Exactly, though length and uniqueness are a lot more important than randomness (see part 3). To a computer, it does not really matter whether a password is "aaakkkeeeggg33" or "akegeae3gagg3a", but the former is a lot easier to remember. I would go with a sentence like:
    "There will be no chocolate sauce on my plorkitork" and append the last three letters of the service to it (facebook becomes "plorkitorkook"). It's long, easy to remember, unique per service, reasonably hard to reverse-engineer and immune to dictionary attacks.

    The only feasible way to break it involves a hammer and your kneecaps.

    ReplyDelete
  5. @Kdansky "To a computer, it does not really matter whether a password is "aaakkkeeeggg33" or "akegeae3gagg3a""

    Whilst you are correct in that both can be random that is not to say that both are as secure. Eight zeroes consecutively is a completely valid outcome from a mixed caps alpha-numeric set of characters. I would not wish to use it as a password however.

    A good password-finding algorithm will never just use pure brute-force (where your two strings are equally secure as they are equally expected outcomes) but will use patterns and anything else that is known to be correlated with human-generated quasi-random passwords.

    If the generated password is truly random (not possible given current technology) then at worst an algorithm that uses correlations and other modifiers and weightings to guide its testing will be as efficient as a brute-force algorithm (that is to say: not very efficient at all!)
    ____
    Anyway, I use a method similar to you: I have 3 8 character strings mixed case alphanumeric. (I have accumulated the strings over the years after being forced to remember them: two are institutional logins (now expired) that I wasn;t allowed to change, and the third is the licence plate number of my first car. I then, according to the tier of the site concatenate the strings and intersperse with website-name based chars.

    ReplyDelete
  6. I have used a similar kind of manual hashing approach, but (despite your final assertion) there are definitely safer ways than manual hashing. A single password in isolation would not make it easy for a bad guy to figure out your system (although I can imagine a clever person figuring out with a bit of trial and error), but 2 password samples would make it pretty trivial to crack this kind of system. There are various ways a bad guy might acquire more than one of your passwords.

    So random passwords with no systemic relation are stronger. But that requires some password manager with obvious disadvantages.

    Or do a programmatic cryptographically strong password hashing system, e.g. supergenpass or passwordmaker, which gives a similar effect (acquiring multiple passwords still give no clue what others might be because they are effectively random, generated from bcrypt or some such good slow hash) but doesn't require a password manager/database.

    ReplyDelete
  7. I am currently on the fence about password manager tools. On one hand, it's practical and the passwords are absolutely unbreakable, while you only need to remember a single password (I'd suggest something ridiculously long like: "A hundred horses make for a funny password with more than 20 letters!"). On the other hand, it introduces a new weak point: If someone manages to break into that tool, you suffer the worst possible consequence. It's a bit of a "all your eggs in one basket" approach, with a very strong basket. Can I guarantee that my password store is safe? Can I share it without accidentally exposing it to attackers?

    And of course, never use an online service: Lastpass.com was hacked recently.

    ReplyDelete
  8. Agreed, I'm also quite leery of online services like lastpass.

    The "eggs in a basket" argument is more or less true of a manual (or automated) hash system too, though. Especially a manual hash system. Once someone figures out the (relatively simple, since it's manual) system, they know all your passwords as well.

    Sigh, none of the solutions is ideal. :/

    I just installed keepass today to try it out. I'm tempted. For one thing, I like that it lets you store whatever password you like for each site, so they really are truly independent, unlike with hash systems, and more importantly, you can use as long a password as a site lets you instead of settling some safe lowest common denominator, and likewise you can use special characters at the sites that allow it.

    The thing that worried me is "what if I'm at someone else's computer that doesn't have keepass installed?"

    A solution: I can export my passwords from keepass to a text file and encrypt that with a javascript (so it's run locally, nothing sent over the web) crypto library like http://bitwiseshiftleft.github.com/sjcl/demo/ and save that in my webmail account (whose password I'd remember as a special case) and then, if need be, I can get at my passwords from any computer with web access.

    And I realize that IN PRACTICE I only use my only computers these days. :) Of course that's not true for many people: password strategy definitely depends on the specific person and their needs.

    Pondering, pondering... :)

    ReplyDelete