Conversation

Notices

1. Embed this notice
   Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 26-Sep-2024 03:51:25 JST Royce Williams

   (To be clear, we're talking about truly "must be memorized" secrets: the "initial" passwords to your password manager, your AD / VPN login, etc.)

   These NIST principles:

   • "length is more important that complexity"

   • "forced rotation is bad"

   ... are a start, but they are all outdated proxies for the only true password principle:

   • "uniqueness is more important than anything"

   This uniqueness s not terribly hard. A five-word random passphrase from a 20K+ dictionary, with no other requirements:

   • is globally unique for most practical purposes
   • is longer than every platform's minimum
   • is infeasible to crack for most threat models¹
   • can be memorized without a ton of effort

   And if you're dealing with a system that enforces other complexity, just apply the same complexity every time. This is safe because the strength of the password comes from the number of combinations. Capitalizing the first word, and appending 1 and an underscore is what I do to meet naive complexity. And I'm totally fine sharing that with the world because that's not what makes my passwords strong.

   And if the platform has a length maximum, it's usually not one that requires memorization, and the password can just be set to random 15 ASCII chars and stored in your password manager.

   tl;dr Give your users a password manager, and teach them to make random passphrases for their must-be-memorized secrets. Anything else is wasting time, teaching them things that are already outdated.

   ¹This is 3x1021 combinations. Worried about nation states or aliens? Use a bigger wordlist ... or just add one more word. Instantly makes it 20K+ times harder to crack (6x1025).

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 26-Sep-2024 03:51:24 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     @tychotithonus Pet peeve activated.

     I have a pretty strongly held opinion that for random passphrases the dictionary should be approximately 1024 to 2048 words.

     The average native English speaker probably knows about 30,000 words, but the list of words that almost everyone knows is much smaller. Then you need to consider ergonomics. Remove words that are too long, too short, too close to other words, too offensive, or would be problematic if used with negative words.

     The classic diceware wordlist did some serious gymnastics just to hit 7776.

     If the words are not chosen by a tool, you of course get a majorly skewed distribution of word choices.

     I personally prefer the EFFs short wordlist that's constructed so words have unique three letter prefixes, which has 6*6*6*6 entries.

   • Embed this notice
     Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 26-Sep-2024 03:54:09 JST Royce Williams

     in reply to

     • Ryan Castellucci :nonbinary_flag:

     @ryanc I see your point - though personally, I'd rather ask them to learn a couple of new words, than ask them to remember 7 words to approach equivalent keyspace.

   • Embed this notice
     Royce Williams (tychotithonus@infosec.exchange)'s status on Thursday, 26-Sep-2024 04:57:58 JST Royce Williams

     in reply to

     • lapo
     • Ryan Castellucci :nonbinary_flag:

     @lapo @ryanc Very reasonable for the what3words use case ... but may get tricky as the target keyspace gets larger. Short wordlist for something like passwords turns into 7 or more words to get enough keyspace. And the "humans can keep 5 to 9 things in short-term memory" means that rehearsal of 5 things to try to commit it from short-term to long-term keeps memorization manageable for a greater number of users.

   • Embed this notice
     Ryan Castellucci :nonbinary_flag: (ryanc@infosec.exchange)'s status on Thursday, 26-Sep-2024 04:57:58 JST Ryan Castellucci :nonbinary_flag:

     in reply to

     • lapo

     @tychotithonus @lapo there's no actual usability research on this, and it makes me kinda mad

   • Embed this notice
     lapo (lapo@f.lapo.it)'s status on Thursday, 26-Sep-2024 04:58:10 JST lapo

     in reply to

     • Ryan Castellucci :nonbinary_flag:
     @ryanc @tychotithonus Same reasoning I did regarding bad choices regarding what3words… I'd rather stick to 4 words out of 2048 than 3 out of 65536.