While this comic is good for people that do the former or have very short passwords, it often misleads from the fact that humans simply shouldn’t try to remember more than one really good password (for a password manager) and apply proper supplementary techniques like 2FA. One fully random password of enough length will do better than both of these, and it’s not even close. It will take like a week or so of typing it to properly memorize it, but once you do, everything beyond that will all be fully random too, and will be remembered by the password manager.
Words are the least secure way to generate a password of a given length because you are limiting your character set to 26, and character N gives you information about the character at position N+1
The most secure way to generate a password is to uniformly pick bytes from the entire character set using a suitable form of entropy
Edit: for the dozens of people still feeling the need to reply to me: RSA keys are fixed length, and you don’t need to memorize them. Using a dictionary of words to create your own RSA key is intentionally kneecapping the security of the key.
so you are saying 44 bits of entropy is not enough. the whole point of the comic is, that 4 words out of a list of 2000 is more secure then some shorter password with leetcode and a number and punctuation at the end. which feels rather intuitive given that 4 words are way easier to remember
That’s only really true if you’re going to be storing the password in a secure vault after randomly generating it; otherwise, it’s terrible because 1) nobody will be able to remember it so they’ll be writing it down, and 2) it’ll be such a pain to type that people will find ways to circumvent it at every possible turn
Pass phrases, even when taken with the idea that it’s a limited character set that follows a semi predictable flow, if you look at it in terms of the number of words possible it actually is decently secure, especially if the words used are random and not meaningful to the user. Even limiting yourself to the 1000 most common words in the English language and using 4 words, that’s one trillion possible combinations without even accounting for modifying capitalisation, adding a symbol or three, including a short number at the end…
And even with that base set, even if a computer could theoretically try all trillion possibilities quickly, it’ll make a ton of noise, get throttled, and likely lock the account out long before it has a chance to try even the tiniest fraction of them
Your way is theoretically more secure, but practically only works for machines or with secure password storage. If it’s something a human needs to remember and type themselves, phrases of random words is much more viable and much more likely to be used in a secure fashion.
And even with that base set, even if a computer could theoretically try all trillion possibilities quickly, it’ll make a ton of noise, get throttled, and likely lock the account out long before it has a chance to try even the tiniest fraction of them
One small correction - this just isn’t how the vast majority of password cracking happens. You’ll most likely get throttled before you try 5 password and banned before you get to try 50. And it’s extremely traceable what you’re trying to do. Most cracking happens after a data breach, where the cracker has unrestricted local access to (hopefully) encrypted and salted password hashes.
People just often re-use their password or even forget to change it after a breach. That’s where these leaked passwords get their value if you can decrypt them. So really, this is a non-factor. But the rest stands.
It’s still a rather large pool to crack through even without adding more than the 1000 most common words, extra digits, minimal character substitution, capitalization tweaks, etc
this assumes a dictionary is used. Otherwise the entropy would be 117 bits or more. The only problem is some people may fail to use actually uniformly random words drawn from a large enough set of words (okay, and you should also use a password manager for the most part)
see, you didn’t get the whole comic. 4 words out of a dicitionary with 2000 words has more combinations then a single uncommon non gibberish baseword with numeral and puction at the end. as long as the attacker knows your method.
a dicitonary attack will not lower the entropy of 44 bits, thats what the comic is trying to say
The part where this falls flat is that using dictionary words is one of the first step in finding unsecured password. Starting with a character by character brute force might land you on a secure password eventually, but going by dictionary and common string is sure to land you on an unsecured password fast.
Even if an attacker knew that your password was exactly four words from a specific list of only 2048 common words, that password would still be more secure than something like Tr0ub4dor&3
That’s true but in practice it wouldn’t take 60^11 tries to break the password. Troubador is not a random string and all of the substitutions are common ( o -> 0, a ->4, etc. ). You could crack this password a lot easier with a basic dictionary + substitution brute force method.
I’m saying this because I had an assignment that showed this in an college cybersecurity class. Part of our lesson on password strength was doing a brute force attack on passwords like the one in the top of the xkcd meme to prove they aren’t secure. Any modern laptop with an i5 or higher can probably brute force this password using something like hashcat if you left it on overnight.
Granted, I probably wouldn’t use the xkcd one either. I’d either want another word or two or maybe a number/symbol in between each word with alternating caps or something like that. Either way it wouldn’t be much harder to remember.
except it is not troubador. it is troubador, ampersand, digit.
if you know there are exactly two additional characters and you know they are at the end of the string, the first number is really slightly bigger (like 11 times)
once the random appendix is 3 characters or more, the second number wins
and moral of the story is: don’t use xkcd comic, however funny it is, as your guidance to computer security. yes, the comic suggestions are better than having the password on a post-it on your monitor, but this is 21st century ffs, use password wallet.
if you know there are exactly two additional characters
this is pretty much irrelevant, as the amount of passwords with n+1 random characters is going to be exponentially higher than ones with n random characters. Any decent password cracker is going to try the 30x smaller set before doing the bigger set
and you know they are at the end of the string
that knowledge is worth like 2 bits at most, unless the characters are in the middle of a word which is probably even harder to remember
if you know there are exactly two additional characters and you know they are at the end of the string, the first number is really slightly bigger (like 11 times)
even if you assume the random characters are chosen from a large set, say 256 characters, you’d still get the 4-word one as over 50 times more. Far more likely is that it’s a regular human following one of those “you must have x numbers and y special characters” rules which would reduce it to something like 1234567890!?<^>@$%&±() which is going to be less than 30 characters
and even if they end up roughly equal in quessing difficulty, it is still far easier to remember the 4 random words
It’s assymetric crypto. You’d need to find a matching public key. Or it’s just some useless characters. I suppose that’s impossible, or what we call that… Like take a few billion years to compute. But I’m not an expert on RSA.
I’m pretty sure the cryptographic parameters to generate a public key are included in the private key file. So while you can generate the other file from that file, it’s not only the private part in it but also some extra information and you can’t really change the characters in the private key part. Also not an expert here. I’m fairly certain that it can’t happen the other way round, or you could impersonate someone and do all kinds of MITM attacks… In this case I’ve tried it this way, changed characters and openssh-keygen complains and can’t generate anything anymore.
I wonder if you string together enough words can it be a valid key?
I would hope so, sentences and words are some of the most secure passwords/phrases you can use
While this comic is good for people that do the former or have very short passwords, it often misleads from the fact that humans simply shouldn’t try to remember more than one really good password (for a password manager) and apply proper supplementary techniques like 2FA. One fully random password of enough length will do better than both of these, and it’s not even close. It will take like a week or so of typing it to properly memorize it, but once you do, everything beyond that will all be fully random too, and will be remembered by the password manager.
Words are the least secure way to generate a password of a given length because you are limiting your character set to 26, and character N gives you information about the character at position N+1
The most secure way to generate a password is to uniformly pick bytes from the entire character set using a suitable form of entropy
Edit: for the dozens of people still feeling the need to reply to me: RSA keys are fixed length, and you don’t need to memorize them. Using a dictionary of words to create your own RSA key is intentionally kneecapping the security of the key.
so you are saying 44 bits of entropy is not enough. the whole point of the comic is, that 4 words out of a list of 2000 is more secure then some shorter password with leetcode and a number and punctuation at the end. which feels rather intuitive given that 4 words are way easier to remember
No im saying if your password size is limited to a fixed number of characters, as is the case with RSA keys, words are substantially less secure
Not if you’re considering security gained versus difficulty of remembering.
You don’t memorize RSA keys
That’s only really true if you’re going to be storing the password in a secure vault after randomly generating it; otherwise, it’s terrible because 1) nobody will be able to remember it so they’ll be writing it down, and 2) it’ll be such a pain to type that people will find ways to circumvent it at every possible turn
Pass phrases, even when taken with the idea that it’s a limited character set that follows a semi predictable flow, if you look at it in terms of the number of words possible it actually is decently secure, especially if the words used are random and not meaningful to the user. Even limiting yourself to the 1000 most common words in the English language and using 4 words, that’s one trillion possible combinations without even accounting for modifying capitalisation, adding a symbol or three, including a short number at the end…
And even with that base set, even if a computer could theoretically try all trillion possibilities quickly, it’ll make a ton of noise, get throttled, and likely lock the account out long before it has a chance to try even the tiniest fraction of them
Your way is theoretically more secure, but practically only works for machines or with secure password storage. If it’s something a human needs to remember and type themselves, phrases of random words is much more viable and much more likely to be used in a secure fashion.
One small correction - this just isn’t how the vast majority of password cracking happens. You’ll most likely get throttled before you try 5 password and banned before you get to try 50. And it’s extremely traceable what you’re trying to do. Most cracking happens after a data breach, where the cracker has unrestricted local access to (hopefully) encrypted and salted password hashes.
People just often re-use their password or even forget to change it after a breach. That’s where these leaked passwords get their value if you can decrypt them. So really, this is a non-factor. But the rest stands.
That’s fair
It’s still a rather large pool to crack through even without adding more than the 1000 most common words, extra digits, minimal character substitution, capitalization tweaks, etc
then someone uses a dictionary attack and your password gets cracked within minutes
this assumes a dictionary is used. Otherwise the entropy would be 117 bits or more. The only problem is some people may fail to use actually uniformly random words drawn from a large enough set of words (okay, and you should also use a password manager for the most part)
see, you didn’t get the whole comic. 4 words out of a dicitionary with 2000 words has more combinations then a single uncommon non gibberish baseword with numeral and puction at the end. as long as the attacker knows your method.
a dicitonary attack will not lower the entropy of 44 bits, thats what the comic is trying to say
The part where this falls flat is that using dictionary words is one of the first step in finding unsecured password. Starting with a character by character brute force might land you on a secure password eventually, but going by dictionary and common string is sure to land you on an unsecured password fast.
Even if an attacker knew that your password was exactly four words from a specific list of only 2048 common words, that password would still be more secure than something like
Tr0ub4dor&3
https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
If the attacker search for your password specifically then xkcd themself posted the reason why it wouldn’t really matter
https://www.explainxkcd.com/wiki/index.php/538:_Security
If you’re doing blind attemps on a large set of users you’ll aim for the least secured password first, dictionary words and known strings.
No, it would not. 2048 to the power of 4 is significantly less than 60 to the power of 11.
https://www.wolframalpha.com/input?i2d=true&i=Power[2048%2C4]—Power[60%2C11]
That’s true but in practice it wouldn’t take 60^11 tries to break the password. Troubador is not a random string and all of the substitutions are common ( o -> 0, a ->4, etc. ). You could crack this password a lot easier with a basic dictionary + substitution brute force method.
I’m saying this because I had an assignment that showed this in an college cybersecurity class. Part of our lesson on password strength was doing a brute force attack on passwords like the one in the top of the xkcd meme to prove they aren’t secure. Any modern laptop with an i5 or higher can probably brute force this password using something like hashcat if you left it on overnight.
Granted, I probably wouldn’t use the xkcd one either. I’d either want another word or two or maybe a number/symbol in between each word with alternating caps or something like that. Either way it wouldn’t be much harder to remember.
except it is not troubador. it is troubador, ampersand, digit.
if you know there are exactly two additional characters and you know they are at the end of the string, the first number is really slightly bigger (like 11 times)
once the random appendix is 3 characters or more, the second number wins
https://www.wolframalpha.com/input?i2d=true&i=Divide[Power[2048%2C4]%2CPower[256%2C3]*Power[2%2C4]*4*500000]
and moral of the story is: don’t use xkcd comic, however funny it is, as your guidance to computer security. yes, the comic suggestions are better than having the password on a post-it on your monitor, but this is 21st century ffs, use password wallet.
this is pretty much irrelevant, as the amount of passwords with n+1 random characters is going to be exponentially higher than ones with n random characters. Any decent password cracker is going to try the 30x smaller set before doing the bigger set
that knowledge is worth like 2 bits at most, unless the characters are in the middle of a word which is probably even harder to remember
even if you assume the random characters are chosen from a large set, say 256 characters, you’d still get the 4-word one as over 50 times more. Far more likely is that it’s a regular human following one of those “you must have x numbers and y special characters” rules which would reduce it to something like 1234567890!?<^>@$%&±() which is going to be less than 30 characters
and even if they end up roughly equal in quessing difficulty, it is still far easier to remember the 4 random words
It the length not the content for the most part. Some keys have syntax such as leading or trailing characters.
It’s assymetric crypto. You’d need to find a matching public key. Or it’s just some useless characters. I suppose that’s impossible, or what we call that… Like take a few billion years to compute. But I’m not an expert on RSA.
Public keys are derived from the private key. The asymmetric part is for communication not generation. Afaik
I’m pretty sure the cryptographic parameters to generate a public key are included in the private key file. So while you can generate the other file from that file, it’s not only the private part in it but also some extra information and you can’t really change the characters in the private key part. Also not an expert here. I’m fairly certain that it can’t happen the other way round, or you could impersonate someone and do all kinds of MITM attacks… In this case I’ve tried it this way, changed characters and openssh-keygen complains and can’t generate anything anymore.