[Cryptography] Recommendations in lieu of short AES passphrases

Fri Sep 16 16:27:58 EDT 2016

On 09/16/2016 08:42 AM, ıuoʎ wrote:

> I think the main reason for selecting short passwords was that they could
> be easily shared/written and that might be a requirement of the software.

Passwords should never be shared.  See below for details.  If sharing
the password is a requirement of the software, you need to get better
software, right now.

As for the length:  A short password is like having a weak lock on
your door.  As such, lawyers might consider it better than nothing,
insofar as there is a distinction between:
 a) trespassing (if you leave your door completely unlocked), and
 b) breaking-and-entering (if you have "some" kind of lock that
  the bad guys must defeat).

Therefore a trivial password, in conjunction with vigorous policing,
might deter some casual attackers ... but you shouldn't count on it.

In contrast, if somebody is the least bit serious about attacking
your system, a short password confers virtually no protection, and
no amount of recoding and/or hashing is going to change this.

> The current implementation using a 6 chars from BASE 36

Human-factors research has shown that a short random password is hard
for the good guys to remember, and easy for the bad guys to guess.  A
long passphrase is easier to remember and more secure.
  https://xkcd.com/936/

==========

Passwords should never be shared.

Draw a matrix, with a row for each person and a column for each site
or function.  There should be a separate passphrase for each cell in
the matrix.  No sharing vertically (two people using the same password)
and no sharing horizontally (one person using the same password for
multiple sites).

		hrw.org		mod.gov.sy
		-------		----------
    Alice  :	sesame		swordfish
    Bob    : 	00000000	Buddy
    Carol  :	asdf		12345

It imposes a burden on the users to have a separate passphrase for each
site, but this is necessary for security.

It helps to have a /password manager/ program to handle the details.
Then the user only needs to remember a single master passphrase.
You need to make sure the password manager is not broken, but that
is better than the alternative.  If you don't give users a password
manager program, either they will forget one or more passphrases,
or they will invent their own ad-hoc password manager, perhaps an
index card in their wallet (which puts them at risk from muggers at
pickpockets), or they will use short and/or recycled passwords.

We really ought not be sending passwords to online sites at all.
Once you accept the idea that a password manager is needed, it ought
to be doing /zero knowledge authentication/.  That way no password
is ever sent over the wire.  The password manager proves to the
site that you know the master password, but the site never sees
anything resembling a password.