How not to break the brain about passwords like eLkdC, lk # jB

Normal persistent password FIG FIG. Almost axiom. Also, the security guards happily throw firewood at this fire of horror, forcing once a month to learn monstrous stuffing from a mix of symbols. Paranoid security measures in the best traditions of the "Hacker in the dining room" lead only to the fact that users carefully scratch passwords on the monitor or put under the keyboard. No, seriously, well, who among ordinary users in their right mind will comply with the requirements for a password in the spirit of:

1. Longer than 8 characters
2. Contains uppercase, lowercase letters, numbers and special characters,
3. Do not repeat any of the previous ones
4. Changes monthly.

Let's remember the classic story about the clips, the battery, the correct horses and at the same time look at a couple of cool offline generators of human readable passwords. At one time it made my life much easier.

Entropy

Classic passwords are becoming more difficult for a person to memorize and increasingly easy to select for a machine. This is regrettable. On the next very important and secretive website with culinary recipes you are required to have a ten-digit password in all registers and with numbers? There may be three reasons.
')

1. The admin of the site is a crypto-paranoid stub that opens the door to the toilet with an RFID-implanted tag.
2. The admin worries a little about the fact that the current iron very quickly grinds leaked bases, and it would be nice to protect yourself a little from this. You can even salt hashes.
3. The admin has completed three-month courses for advanced users, raised the default Wordpress and has no idea what his requirements are.

The two main areas of attack are brute force dictionary or brute force hoping for low length and password entropy. Passwords like iloveyou and password are deliberately flawed, passwords with low entropy are vulnerable to simple brute force.

Password complexity in the computer industry is usually evaluated in terms of information entropy (a concept from information theory), measured in bits. Instead of the number of attempts that must be made to guess a password, the logarithm of base 2 from this number is calculated, and the resulting number is called the number of “entropy bits” in the password. A password with, say, a 42-bit complexity calculated in this way will correspond to a randomly generated password of 42 bits in length. In other words, in order to find a password with 42-bit complexity using the brute force method, you need to create 2 ⁴² passwords and try to use them; one of 2 ⁴² passwords will be correct. According to the formula, if the password length is increased by one bit, the number of possible passwords will double, which will make the attacker's task twice as difficult. On average, an attacker will have to check half of all possible passwords before finding the correct one.
Wikipedia

You can estimate the amount of entropy per symbol in the table below.

Character set	Number of characters, N	Entropy for one character, H, bits
Arabic numerals (0-9)	ten	3.3219
Hexadecimal digits (0-9, AF)	sixteen	4.0000
Latin alphabet lowercase letters (az)	26	4,7004
Arabic numerals and lowercase letters of the Latin alphabet (az, 0-9)	36	5.1699
Lowercase and uppercase letters of the Latin alphabet (az, AZ)	52	5,7004
Arabic numerals, lowercase and capital letters of the Latin alphabet (az, AZ, 0-9)	62	5.9542
All printable ASCII characters	95	6.5699

Staples in horses

One gets the strong feeling that the ideal password should contain all the possible set of characters, including Sanskrit and a smiling pile of poo . Six and a half bits per character all the same! But here we are faced with the problem of applicability. It is very sad to try to reach your server, if on the old phone somewhere on a business trip there is no possibility to enter Arabic characters or hieroglyphs. Ok, we think we are moving to a simpler line - az, AZ, 0-9. Almost 6 bits per character. But the trouble is, remembering minced meat in the spirit of Vh8GkCnbqbQDRv is extremely difficult. Especially if one considers the undesirability of using the same key in different places. Yes, gZsa <(Dw} a + * 5p) passwords can be and should be used for an account in Digital Ocean or at a domain registrar. But such keys need to be stored in a synchronized encrypted database like KeePassX, otherwise the brain can flow on the 20th such key.



In such cases, classic comics with a horse and paper clips come to the rescue, which clearly demonstrates the advantage of long passwords with relatively low entropy per character.

The @Vy [o8! B password can be quite easily forgotten, although it contains 8 * 6.5699 = 52 bits of entropy. A more compromise eastrightcloudexplore is much more robust with ease of memorization: 21 * 4.7004 = 99 bits of entropy.

There is even a resource for generating passwords using this algorithm with the speaker's name correcthorsebatterystaple.net . Although, of course, online password generators are a very bad idea. Immediately I recall the old parable:

The sysadmin wanted to pick up a strong password for centralized authorization through a radius server. He sought advice from Yin Fu Wo.

- What do you think, Teacher, is the password "史達林格勒 戰役" strong?
No, - answered Master Yin, - this is a vocabulary password.
“But there is no such word in the dictionaries ...”
- “Vocabulary” means that this combination of characters is in wordlists, that is, brute force dictionaries that are connected to cryptanalysis programs. These dictionaries are made up of all combinations of characters that have ever been found on the web.
- And the password "Pft, bcm" is suitable?
- Hardly. He is also a vocabulary.
- But how? Same…
- Enter this combination in Google - and you will see.
The sysadmin clicked the keys.
- Oh yeah. You are right, Master.
After a while, the Sysadmin exclaimed:
- Teacher, I picked up a good password, which can not be in the dictionaries.
Yin Fu Wo nodded.
“I typed it in Google,” continued the Sysadmin, “and made sure that there is no such combination on the Web.
- Now it is.

Offline Password Generators

You can use some option like KeePass, but the result will be a terrible mess that is difficult to remember. Therefore, a very attractive option are programs that create spoken keys that are easy to remember. Yes, we sacrifice a little entropy, imposing restrictions on combinations of vowels and consonant symbols, but we greatly benefit from human readability.

xkcdpass

For a start, you can pay attention to xkcdpass, which works on the principle already voiced above. The installation for Debian-based distributions is quite familiar:

sudo apt-get install xkcdpass 

You can also pull out the python sources on Github: github.com/redacted/XKCD-password-generator . You can also use pip install. Even ports on iOS come across:


The main feature of this generator is the creation of mnemonic acronym sequences. To do this, use the key --acrostic.

 meklon@meklon-desktop:~$ xkcdpass --count=5 --acrostic='habr' --delimiter='|' --min=9 --max=9 --valid_chars='[az]' holograph|archetype|brutishly|refutable hemstitch|allotropy|balalaika|revivable hardboard|ampleness|boundless|refurnish hypertext|adiabatic|backwards|replicate halfpence|arrowhead|blackbird|recommend 

The option with balalaika especially pleased me) The main drawback of this method is ugly services with restrictions on the length of the password. I never understood what it was they who saved. Moreover, it’s all the same to keep them just a salty hash of the user's key.

pwgen

The classic option. It can generate both easy-to-remember keys and truly random sequences. Installation:

 sudo apt-get install pwgen 

The syntax is simple - pwgen [keys] [password_length] [password_number]. Keys can both complicate and simplify the resulting passwords. By default, numbers and uppercase / lowercase letters are used.

 meklon@RegenLab-LinuxDesktop-1:~$ pwgen 8 4 eesohy9E Ohqu3che Mo7aijeu ieb1Quie 

You can slightly reduce the entropy and improve readability by throwing out numbers. At the same time, let's extend up to 12 characters to compensate for this (12 * 5.7004 = 68 bits of entropy).

 meklon@meklon-desktop:~$ pwgen 12 4 --no-numerals Eipohliemiwi WoLooJeemeir laishaisaTho oquaibahYori 

Adding the --secure option makes passwords unreadable, but completely random:

 meklon@meklon-desktop:~$ pwgen 12 4 --secure YFSb5lqAfSLV nMa5GKJhMmw2 VczwRho2xuwG PPAc6SByedfh 

gpw

Another great generator. When building passwords, he uses the principle of combining the most common trigrams. The result is extremely pleasant keys for pronunciation:

 meklon@meklon-desktop:~$ gpw 4 12 oventryllyna slytersiderm raboalsollic testrisheocu 

APG

Advanced Password Generator. A bunch of options and features. In the default version it is very convenient to split the password into fragments:

 meklon@meklon-desktop:~$ apg Please enter some random data (only first 16 are significant) (eg. your old password):> BidKasJuink6 (Bid-Kas-Ju-ink-SIX) ontEjsed6 (ont-Ej-sed-SIX) rordOWren4 (rord-O-Wren-FOUR) yalIkatEac0 (yal-Ik-at-Eac-ZERO) WruAdNevav1 (Wru-Ad-Nev-av-ONE) tipBevJieb8 (tip-Bev-Jieb-EIGHT) 

There should be a conclusion, but the author is tired

Successful generation)

UPD

I decided to add a utility for checking password strength. Not an unprofitable thing, picks up the key in the dictionaries and assesses durability.

 sudo apt install libcrack2 

Used quite simply. You can feed something sequentially with a script or just drop a password via echo. Check the generators from the post:

 meklon@RegenLab-LinuxDesktop-1:~$ echo "abc123456" | cracklib-check abc123456:   meklon@RegenLab-LinuxDesktop-1:~$ echo "WruAdNevav1" | cracklib-check WruAdNevav1: OK meklon@RegenLab-LinuxDesktop-1:~$ echo "testrisheocu" | cracklib-check testrisheocu: OK meklon@RegenLab-LinuxDesktop-1:~$ echo "WoLooJeemeir" | cracklib-check WoLooJeemeir: OK 

The utility looks suspiciously at xkcdpass, but it recognizes long passwords from a mixture of dictionary words as valid:

 meklon@RegenLab-LinuxDesktop-1:~$ echo "holograph|archetype|brutishly|refutable" | cracklib-check holograph|archetype|brutishly|refutable: OK meklon@RegenLab-LinuxDesktop-1:~$ echo "holograph" | cracklib-check holograph:      meklon@RegenLab-LinuxDesktop-1:~$ echo "archetype" | cracklib-check archetype:      meklon@RegenLab-LinuxDesktop-1:~$ echo "holograph|archetype" | cracklib-check holograph|archetype: OK 

Thanks for editing in_green_shoes