In a blog entry that got quite a lot of attention, a Microsoft Developer talks about passwords and security.

His claim basically is that by using Passphrases instead of Passwords you would increase security a lot.

This is bullshit.

If you force users to use long passphrases, they will pick some sentence they

  • can type in fast
  • can remember easily
  • do not make mistakes all the time when typing (i.e. if they locked themselves out, they WILL change it to a simpler one!)

His claim basically is that a 42 character passphrase is a lot more secure than a 10-char random password.

First of all, he completely ignored the fact of hash collisions. No idea if Microsoft is so stupid to store plain text passwords, but I assume not. So they probably store a MD5 hash or so. That is 128 bits maximum entropy. So even if you choose a magically long passphrase, it might still happen that a short password generates the same hash!

You might also want to remember what antique unix crypt() does (there are crypt versions where this is not true, and modern linux systems use md5 or sha-1) - it only uses 8 characters!

So you might think “ah, I’m smart, I use a long passphrase nobody will guess. lets see, I’m going to take ‘password that nobody ever will be able to crack’”

  • Gee. This has the same crypt() value as ‘password’!

Also I’d never use non-ascii characters, even if my system would support unicode: You never know if you will be able to enter them… and entering special characters is a lot more difficult and more easy to spy by looking over your shoulder (which also applies to pass phrases, since humans can quite easily guess missing characters)

Then some numbers: My spell checking dictionary for english here has 96000 words. That includes lot of variants, so I will not have to care for go/going/gone/went etc. - these are all already included. The average word length is 8.5 characters.

Lets assume the first letter may or may not be uppercase, and there may or not be punctuation following. This makes the strength of a word about 13 bits.

So his 42 character passphrase is approximately 5 words long, each worth 14 bits. That makes about 70 bits for a dictionary attack; i.e. I need to calculate 2^70 hashes to do a rewerse lookup. This does not include such estimations that for example “the” is a quite common word, “the dog” is more likely to be in there than “fly dog”, etc. So I expect this to be immensely overestimated. Especially the uppercase/lowercase thing and punctuation. Leaving these away (only 2 uppercase, 2 punctuation total) and assuming you only use half of the dictionary and its down to about 55 bits.

Now lets look at a random character hash. Lets assume it is composed of all 26 letters, in both lower and upper case, 10 digits, 18 easy-to-reach special characters I can enter anywhere. That is 80 different characters in total. To get above strength of 70 bits (which is a high estimate) one would need 16 of these characters. Using a 10 character random-char passphrase - which I can learn to remember with a little bit of effort - gives you already 43 bit. The password we use to protect the important servers is 14 characters. That is 61 bits of strength. And that one is really easy to remember, it is derived from a passphrase (but makes use of digits etc.) of 11 german words (note: my german dictionary here is 300k words) or 62 characters. Even with this information published here (contains digits etc.), strength is probably far over 40 bits. (and I do not allow root logins with password anyway, so this is only to do “su” if you broke the first line of defense!)

My bottom line is: Forcing users to use passphrases will not increase security over forcing them to use secure passwords.

They will do the same they did when you forced them to use strong passwords: They will use easy ones such as “ncc-1701”. Now you might claim that that probably is a secure password. It is not. It is contained in every better brute-force list. Because it is a well known character sequence from “Star Trek”, and probably one of the most often used passwords when you enforce digits and special chars.

If you force them to use passphrases, all the hackers will have to do is collect a dictionary of the favourite passphrases. There will probably be a lot of stuff like “I hate my sysadmin!” in there, or “I love my dog.”. And that is not really much more secure.

In my opinion the way to go is “cracklib”, if you want really secure passwords. Of course this means that you will have to reset passwords for your users all the time, because they cannot remember secure passwords…

On a related note: Do not impose to strong limitations to the passwords, or you will decrease the search space too much. I’ve seen limitations such as: 8 characters, only 5 of which may be letters, 1 must be special char, 2 must be numbers and 3 must be letters… or maybe it was even more restrictive. That way, you can really get this down to an amount of passwords that can be stored on a DVD and just looked up. At least a TB-class storage will do.