One day you will decide to change your password. When you do it is likely that you will be tempted to choose a word that means something to you. This might be the name of your cat or the street you live on. If you succumb to this temptation then it will be very easy for your password to be guessed by friends or family. Your password isn’t random enough.
To fix this you might try a random set of letters and numbers with some symbols thrown in there. There are a lot of random password generators out there, and many of them give you a truly random set of letters and numbers that no human could ever memorize. You will probably build a very secure password, but then you won’t remember it the next time you need it. Passwords need to be memorable. This is where the idea of a passphrase enters in. A passphrase is a string of words that together make up your password.
Computers cannot make anything random themselves. They can simulate it and follow a set of instructions to create a jumble of characters that appear to be random, but they aren’t. This is because computers are deterministic. When a given input is run through a given set of instructions, the output will always be the same. In order to get around this problem some random number generators will use the current time as an input. This doesn’t help for security purposes, because it is not necessarily hard to determine the time at which a password was generated. To create a truly random number, a random number algorithm might take a physical measurement and use that as the input. Is it important that your computer is not generating a truly random password? No, most of us can get by just fine with a seemingly random password. But on the other hand, what if you could have a better password with very little additional effort? I say go for it.
Diceware is a system for creating passphrases that are truly random. The randomness comes from the use of real physical dice to decide which words will be a part of the passphrase.
So you decide to try a Diceware passphrase. To generate the passphrase you roll the dice 6 times and write down the result. This number maps to a word in the Diceware word list. So you roll 6 times to get the first word and then you decide to roll 6 more times to get a second word. Let’s assume this gives you a nice secure 12 letter password. With 12 lowercase letters there are over 95 quintillion possible combinations. Is this secure? According to “How Secure is my Password”, this 12 character all lowercase password will take just 9 hours for a desktop computer to crack. But that isn’t the worst of it.
The real problem with Diceware that you need to understand is that each word only provides 7,776 possible combinations. Why? Because there are only 7,776 possible combinations when rolling 6 dice, and so the Diceware word list only contains 7,776 words. This means that any computer with a copy of the Diceware word list can take guesses from there first and reach your password quickly. I wrote a PHP script to try this out. A single word Diceware password takes my laptop .1 seconds to crack if encryption is not taken into account. If I use the PHP built-in crypt() function it gets a little bit better at 11 seconds. A one word Diceware passphrase provides only 7,776 possible combinations, but a two-word passphrase provides 60,466,176 combinations. Without using encryption my laptop can try about 80,000 passwords per second so the two-word passphrase takes about 12 minutes to crack. With encryption the situation is better again. My computer can make about 700 guesses per second with encryption, so a two-word passphrase can be guessed in just about 24 hours. That’s a long time, but not nearly secure. Surely three words then is enough? No, with three words there are 470,184,984,576 possible combinations. Without encryption this takes 68 days, and with encryption this would take 21 years. At this point you might be thinking that 21 years is secure enough. It is a long time, but remember that we are working with my laptop, which is not very fast.
There are systems out there that can make hundreds of billions of guesses per second. Let’s try it with 1 trillion guesses per second. Now our secure three word passphrase is broken in less than one half of a second. See the chart below for a good overview of how many words it takes to get a secure Diceware passphrase.
Time to Guess | ||||
Words in Passphrase | Entropy | NSA Supercomputer | My Laptop | My Laptop vs Encryption |
1 | 12.92 bits | less than 1 second | less than 1 second | 11 seconds |
2 | 25.85 bits | less than 1 second | 12 minutes | 24 hours |
3 | 38.77 bits | less than 1 second | 68 days | 21 years |
4 | 51.70 bits | 1 hour | 1449 years | 165 thousand years |
5 | 64.62 bits | 11 months | 11 million years | 1 billion years |
6 | 77.55 bits | 7000 years | 87 billion years | 10 trillion years |
7 | 90.47 bits | 54 million years | 681 trillion years | 77 quadrillion years |
8 | 103.40 bits | 423 billion years | 5 quintillion years | 605 quintillion years |
As you can see, things start to get pretty secure once you reach 6 words. It’s not too hard to remember 6 words, and if you want a password that nobody can guess this may be your best option. If you really want a password that won’t ever be guessed then you need to go all the way up to 7 or 8 words. 7000 years seems like a long time, but it doesn’t factor in technological advances. What if the next big technological breakthrough speeds up computers in an exponential way? If it becomes possible to try passwords at 1 quadrillion guesses per second, then that 6 word passphrase can be cracked in just 7 years.
Entropy
No discussion of password strength is complete without covering the entropy that a given password provides. Entropy is generally understood to be the measure of how random a password is. However, measuring entropy takes password length into account as well. In fact, a long password can have more entropy than a slightly shorter, but very random password. There is a great example of this here. To put it simply a password with 1 bit of entropy can be guessed in two tries. Every bit of entropy added from there doubles the number of guesses required. So a password with an entropy of 10 bits would require 2^10, or 1,024 guesses.
Conclusion
The Diceware passphrase is a great method to create a memorable secure password. There are risks if you use it incorrectly and the password ends up being on the long end.
A good password is both easy to remember, and difficult to guess. Next week I will introduce an idea for a passphrase that has some strengths over Diceware, but retains some of the randomness.
Very interesting and informative- I can see how a longer password is a much more secure choice – I’m wondering now about password use repetition.