[Cryptography] Passwords (Smallest feasible work factor today?)

Fri Sep 16 05:35:48 EDT 2022

On 15 Sep 2022 08:28 -0700, from ron at flownet.com (Ron Garret):
> Multiple strong passwords are impossible to memorize (at least for me).

That's where Diceware comes in useful. Diceware passphrases are
quantifiably secure, yet eminently memorable. I have memorized a few
that I use often.

Here's an about 2^90 work factor passphrase: kerchief refold coastline karma keenly luminance rickety

Or: antihero twiddling unloader theme ladle exodus answering

(Or they would be 2^90 if I hadn't posted them to a publicly archived
mailing list. Both were generated using the EFF standard Diceware word
list.)

I imagine that most people could memorize those without having to put
unreasonable effort into the task, especially if they are used
regularly (computer login password, password manager master password,
...). Something like a piece of paper in one's wallet (which doesn't
say anything about what it's for) could serve as a backup.

2^90 is probably overkill for most people and most uses. It's what one
might perhaps use for a locally hosted password manager master
passphrase, where fast offline attacks is a real threat. For a
competently implemented online service (that, for example, does rate
limiting), it stands to reason that you'd need far less than that. On
https://michael.kjorling.se/password-tips/ I suggest 15 characters
alphanumeric (^[a-z0-9]{15}$) passwords or six-word standard-Diceware
(6^5 each) passphrases, which both happen to work out to an about 2^77
work factor; that's intended to provide a reasonable security margin
while still working with systems that impose arbitrary length
limitations. (If someone has constructive feedback on what I've
written there, I'd be only happy to hear about it.)

> Shoulder surfing is *always* a risk even without my particular
> password management scheme.

It can be mitigated, though. An obvious example that I introduced to a
relative of mine (without the need to protect particularly high-value
secrets, but who did travel a fair bit with their laptop) is to get
something like a Yubikey, configure it in static password mode, and
use that together with a typed-in prefix, suffix, or both. That way,
even someone who records video of you entering the password won't have
the full picture. The fact that (in my example) the Yubikey is an
actual physical item can help people make the mental leap to it being
a "key" to their computer, and should be protected like they would a
key to, say, their house or apartment.

A slightly more inconvenient way to do it is that exemplified by
Edward Snowden: covering yourself and the keyboard with some kind of
opaque blanket while you type in the password. That's probably more
than most people are willing to do, but if you are a high-value
target, it's a low-tech solution that provides a good deal of extra
security at very low cost...

-- 
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
 “Remember when, on the Internet, nobody cared that you were a dog?”