[Cryptography] Passwords (Smallest feasible work factor today?)

Jerry Leichter leichter at lrw.com
Fri Sep 16 16:15:48 EDT 2022 

 
> For a competently implemented online service (that, for example, does rate
> limiting), it stands to reason that you'd need far less than that. On
> https://michael.kjorling.se/password-tips/ I suggest 15 characters
> alphanumeric (^[a-z0-9]{15}$) passwords or six-word standard-Diceware
> (6^5 each) passphrases, which both happen to work out to an about 2^77
> work factor; that's intended to provide a reasonable security margin
> while still working with systems that impose arbitrary length
> limitations. (If someone has constructive feedback on what I've
> written there, I'd be only happy to hear about it.)
Apple's keychain manager used to have a mode for generating "memorable" passwords which had the pattern <word><digits><special character><word>.  These tended to be pretty easy to memorize - and they're accepted by most services that ask for passwords.  Unfortunately, with the increase in password cracking capabilities, they decided a couple of years back that this mechanism was no longer secure enough and retired it.

I always liked that approach, so I created a replacement for myself.  Mine uses a much larger dictionary, randomly capitalizes either or both (or neither) of the words, uses up to 4 digits (vs. 2), and randomly puts the special character either before or after the digits.  It has a work factor of somewhere around 60 bits - attackable by someone who really wants to go after me, but I don't have that kind of enemy.  Unfortunately, you tend to get long, obscure words so it's not nearly as easy to remember as the old ones, but them's the breaks.  I could easily add another word or alternatively, I could use three words with a smaller dictionary of more reasonable words.  In a few cases where I do think the password is really important, I'll generate two of them and glue part of one to the other.

The big advantage of these for me is not the long-term memorability as the ability to type the damn things on those occasions that I'm forced to - infrequent, but it does happen.  Much, much easier than typing a fully random string.
                                                        -- Jerry

More information about the cryptography mailing list