Rolling your own password management solution

I specifically want some way to share my passwords with my spouse. (That was the original promise and value of 1Password.) For example: I’m traveling, and he needs/wants to change the password on one of our shared accounts, such as a bank or credit card. A worse example: I die while traveling and he needs to change everything so no one hacks our accounts.

The reason for the traveling is that we envision a time where either of us does not have access to the other person’s browser or hard drive. That’s why a local solution is useful, but not sufficient.

I don’t think either of us will die yet :slight_smile:. However, I want the ability to somehow share my passwords with my spouse and vice versa. We could have used this when my dad died a couple of years ago. His spreadsheet with passwords was useful, but not terribly secure.

1 Like

Perhaps being relatively low-value (and so safer) was more relevant years ago than today?

My general impression (based on no hard evidence, I admit) is that computers are so fast now, and the cracking algorithms so advanced, that a typical mass-hacking event isn’t so individually targeted any more.

In other words, the crime organization hacks into the provider’s server, downloads the entire database, and then attacks everything in it – with both dictionary attacks & more sophisticated attacks – to see what (i.e. whose readable data) can be extracted. So if that’s the case, wouldn’t our relative obscurity/low-value as individuals be less of a safeguard now?

1 Like

Absolutely true I think…but that’s why master passwords of 25 or more characters are really good…because unless you’re name is Musk or Trump or Zuckerberg it’s just not worth it to the bad guys. Taking a quick gander at Steve Gibson’s haystacks page…a 20 character password with 5 each upper, lower, numbers, and symbols… asdfgJKUIO12345&$^%)…which is shorter than I recommend…in the massive cracking array scenario that checks 1 trillion possible passwords per second…the time to crack is 11.52 thousand trillion centuries…and that means that the password is essentially uncrackable. So for instance…3 words of 5 letters each each with 1 upper case in each separated by a single digit and with 3 symbols on the end just is not going to brute force cracked. Now I’ll admit that NSA or some of the other 3 later agencies might have a much faster computer array to crack it with…but even at a million times faster that’s still 11.52 thousand million centuries…and because of the way a dictionary or rainbow table attack works…it doesn’t matter in the slightest that each of the individual words is in the dictionary the cracker uses…because unless the entire combination is in the dictionary as a single entry it fails…the cracking algo cannot tell you “you got the first 5 characters correct”.

Length is your friend…your only friend…against password cracking software. Gotta stay from social engineering, using your kids birthday, or putting it on a sticky under the keyboard though:-)

1 Like

Your better friend is to have the password-receiving entity impose longer and longer time-outs as password errors accumulate.

That of course assumes it has to try every single combination before it guesses correctly. It could also potentially be cracked on the first try. The randomness of the character choices would come into play. I agree the longer the length the harder to crack.

I went through recreating all my passwords when I moved to a new M1 machine (seemed as good a time as any). It was a horrible experience but I’m now confident I have unique passwords (and even emails) for most accounts. What I hate is my absolute reliance on a password manager to be able to use them.

Conversely, what I love is the ability to rely on a password manager to keep over 550 sets of unique login credentials ready for quick access on my various devices. I also store many other important documents for ready reference.

My approach to login credential security also avoids any single login (Facebook, google, etc.) dependency which leverages my PII.

2 Likes

That’s not under our control.

I am under the impression that number of characters of a certain type is not important because a single instance of a character type increases the the search space as much as multiple characters of the same type.

Is there a reason that your example has “an upper case letter in each [word]”?

For example:

  1. Do you believe that a password containing multiple uppercase letters increases the search space beyond that of password with a single uppercase letter?
  2. Does the placement of uppercase letter(s) have any effect on search space? In other words, does it make any difference whether each word has a single uppercase letter as opposed to all the uppercase letters being in the same word?

Honestly, I think that only annoys legitimate account holders who have forgotten (or mis-entered) their password. It doesn’t do anything in the scenario @neil1 was talking about (defense against password cracking software). In that scenario, a cracker has the hashed value of your password. He or she has to then hash every guess they make and see if it results in the same value. Only when they get a match do they then use your password (once) to break into your account.

Longer and longer timeouts, or deadlocks after n failed attempts, might dissuade casual attempts by some joker just making wild guesses, but assuming you have anything like a secure password, you don’t really have anything to fear from them.

3 Likes

Just noodling on this …

As I understand, passwords are generally constructed from the 94 printable ASCII characters that do not include the space character, which leaves:

  • Uppercase Latin letters (26): ABCDEFGHIJKLMNOPQRSTUVWXYZ
  • Lowercase Latin letters (26): abcdefghijklmnopqrstuvwxyz
  • Arabic numerals (10): 0123456789
  • Symbols (32): !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

However, I’ve often seen restrictions on the symbols that can be used in a password. For simplicity, I think that it is reasonable to expect no more than 10 symbols to be eligible in any particular password. Therefore each character of a password is probably one of the remaining (26+26+10+10=) 72.

And therefore, assuming that the selection of characters used in a password is random, the search space for a password of length n is n⁷² 72n and the entropy (in bits) is log₂ n⁷² log27220.

Thus, a 20 character password has an entropy of log₂ n⁷² log27220 or 311 123, assuming that the characters are chosen randomly.

But, of course, humans don’t usually pick characters randomly so this entropy calculation may not be very relevant in the real world.

Suppose, as suggested above, that this 20-character password is instead made up of real English words that a person knows (and can remember how to spell) delimited by either digits or symbols. Since my knowledge of combinatorials is poor, let me restrict the space to:

  1. 4-letter words chosen randomly from a pool of 3,000 English words that a person knows and can spell.
  2. Each character of each such word can be either lowercase or uppercase, increasing the pool from 3,000 to 3,000 x 2⁴ = 48,000.
  3. Either one of ten symbols or one of the ten digits is placed in front of each such mixed case word.

In which case (I think) the entropy is:

log₂ (48000⁴ x 20⁴ ) = 79

Let’s look at some history of strictly random attacks. In 1997 a 56-bit DES key was broken in just 96 days using a distributed system of off-the-shelf personal computers. In 1998 another distributed system did it in only 39 days. In 1998 the Electronic Frontier Foundation (EFF) constructed the DES Cracker (consisting of custom chips and at a total cost of less than $250,000) broke one in only 56 hours of work after checking only 25% of the key space.

So, what amount of entropy is sufficient? RFC 4086 sites a 1996 paper titled, “Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security,” and says that

“It concluded that a reasonable key length in 1995 for very high security is in the range of 75 to 90 bits and, since the cost of cryptography does not vary much with the key size, it recommends 90 bits. To update these recommendations, just add 2/3 of a bit per year for Moore’s law. This translates to a determination, in the year 2004, a reasonable key length is in the 81- to 96-bit range.”

It’s now 2022 so (if I’m doing the arithmetic correctly) the incremental entropy is now:

(2022 - 2004) x ⅔ = 12

Which implies that the entropy required today “for very high security” against a brute force, random attack is in the range of 93 -108. (Yes, obviously key stretching algorithms such as PBKDF2, bcrypt, scrypt, and Argon2 can increase the security conferred by any level of entropy.)

But, as I understand, attackers do NOT guess passwords randomly. I’ve read that they guess in this order:

  1. Entire passwords frequently found in breached password files.
  2. Strings of varying length consisting of all lowercase characters.
  3. Strings of varying length consisting of a combination of uppercase and lowercase characters.
  4. Strings of varying length of characters drawn from the pool of all 94 characters.

If so, this implies that we should choose passwords in which uppercase, digits, and symbols are overweighted.

No doubt there are many errors in these thoughts but perhaps it provides a framework for evaluating different strategies for selecting secure passwords.

UPDATE January 5, 2023 5:12 PM

I corrected my exponentiation error; I had mistakenly transposed the base and the exponent. :man_facepalming:t2:

6 Likes

Excellent post, and I just deleted much the same info after seeing this.

I calculate 215 bits of entropy for that. (Maybe I have a bad calculator…) [edit: I did, in fact, hit the wrong key on the calculator. Nello was right.]

Just to give an example, Diceware uses 7776 words, so I think the word pool is more than 3000 in most cases. (1Password can create what they call memorable passwords, with a certain number of words that can be mixed with numerals and/or symbols, but I haven’t been able to find how many words are in 1P’s dictionary. It seems to be a lot; there are a lot of proper names even in that list.)

Also, to add…

Not to keep jumping on Will, but really the better friend is a system that uses a key stretching algorithm, like PBKDF2, that increases the complexity to derive the actual decryption key from a passphrase and thus decreases the number of guesses that can be made in a given span of time.

I know that there is another thread about the recent LastPass breach announcements, but it’s become clear that LastPass wasn’t all that responsible about ensuring that their users had good key stretching being done. Early accounts used as few as 500 PBKDF2 iterations, while these days >100,000 is typical. LastPass allowed users to change this number whenever they wished - I did so myself about ten or so years ago - but didn’t force users to do so.

Technically I guess you’re correct…but since the bad guy has zero idea on what the password’s length is or how it might have been constructed…the brute force technique essentially starts with A and iterates through the alphabet, then a and iterates and so on…because even if they assumed the first few characters were a word in the Oxford dictionary that’s a lot of words and keeping track of which combos had been tried already is way harder than just iterating starting with 1 character (or 2 or 4 or whatever).

So…if a particular password is constructed from 3 random unrelated words with a random upper case in each, separated by either digits with some symbols on the end or beginning or with symbols in between with digits at the end or beginning or some combination of that…while it could potentially be guessed on the first try…the actual chances of that are so closer to zero that it can be safely ignored. That’s the beauty of forcing a brute force try every possible combination cracking scenario…in the absence of any information about the password in the bad guy’s hand it’s gonna be a long time before they get around to 25 character long guesses (or 26 or 22 or whatever your actual password is).

And for some things…even reusing a password is just fine…for instance on some random web site that simply requires a password for whatever reason and there’s no useful info to be gained from hacking that web site then actually using something like Password123 for the password doesn’t matter. Yes…if it’s hacked then somebody can break into my account at cutecatvideos.com…but who cares. As long as Password123 isn’t used for anything important it’s like a throwaway address on reddit. Now one would never do this for an important site…but let’s face it of the 960 or so entries in my 1Password vaults…probably 100 of them are actually financially important, another 200 or so are important but of lesser importance…and there are several hundred that really don’t matter…Micromat.com support site password, the Diesel Engine forum password, etc. I don’t actually use this theory any more myself as putting a real password into the vault and letting it get auto filled is just as easy…but I’m sure that if I went to the oldest ones I would find some reused or similar entries.

And to be fair…a completely random gibberish password does provide a slightly higher entropy value than a same length one constructed from random unrelated words and the other stuff…but the difference is small…and once you get to 25 or whatever characters long and it’s tens of thousands of centuries to crack…well, then a few centuries either way don’t matter…because better is the enemy of good enough.

You’re correct…all you really need is 1 symbol, upper case, and digit because that increases the search space and putting multiple ones does not add any additional work for the hacking attempt…because in brute force you simply start at A and iterate through all possible 1 character passwords (or whatever number the hacker decides to start guessing at, probably actually something like 8 minimum so start at aaaaaaaa, then aaaaaaab, and so on) before going to the next longer character length. Placement of each of the various pieces also doesn’t matter to any appreciable extent…putting all the symbols at the end for instance might make it a bit easier if the bad guy knew that your passwords always had 3 symbols at the right hand end…but they don’t know that and one should never reveal your individual system…I haven’t done so, just made up an example.

The big key is that you will occasionally have to type the darned things…and correctly typing 25 characters of gibberish into one of those fields that only shows dots while typing will make it extremely hard to do it right. So doing word symbol word symbol word digit digit digit digit (or whatever form you always use makes typing simpler since you’re typing known words, a known set or order or whatever of symbols and digits and upper case…and it doesn’t matter really if the same symbol is used or the same digit…but by using all 4 of the basic password food groups you get to the standard 95 character alphabet.

Yes, but apparently they are not all 4 characters long and Diceware uses 6 words, which is going to be longer than the 20-character password that I’m trying to score here.

I think that the big take away from Diceware is that creates passwords with 77.5 bits of entropy … but is this enough in 2022? Apparently it switched from 5 words (64.6 bits) to 6 in 2014. Are you comfortable with the same entropy now 8 years later?

Correct…they try some or all of those things first…then move on to rainbow tables which are essentially rehashed strings to compare with the hashed passwords…rainbow or dictionary with a precompiled list is faster than calculating each ’next guess’…but as length grows those fall apart due to the size of the dictionary or rainbow table…and at that point then brute force try every possible combination is the only thing left.

Personally…I would think that 4 or 5 words is better than using only 4 letter words and picking 3 of them before adding the symbols and digits…and 25 long is better than 20 because it pushes out the time frame until ever faster computers and faster/larger hard drives to store the table or dictionary on overcomes it…and to be honest 25 (or even 30) isn’t much harder or longer4 to type than 20 is…especially if using words instead of gibberish. As noted in another reply…you really only need 1 each of the various food groups to force the larger alphabet…and there are some symbols that aren’t allowed on some websites so the actual universally usable space is something less than 95…but for some sites it is 95 since all the symbols are desired.

The real goal is to be long enough so that nothing except brute force guessing every combo will work.

1 Like

Actually…I think that for 2023 I’m going to modify my master password and make it another word and a few digits longer. I’ll probably also double each symbol used (i.e., a pair of them in place of the single ones now) and shift to a longer digit sequence than I currently use…those will increase the length by another 10 or 12 characters and while it’s not really necessary it can’t really hurt.

Will also change the length required for passwords to login to the computers…both desktops and both laptops have the exact same account names and passwords for ease of use (even though different would be slightly better) because my wife hates long things. The hardest part will be to convince her to use a longer master password and userid password…

Yes, the device password is critically important.

LastPass, for example, will leave your valut open until you explicitly close it. So if you don’t close it every time that you leave your device, then the device password effectively becomes the Master Password.

If you lose your device (or someone steals it) then an attacker has a backdoor into your vault.

I was talking about the dictionary. Diceware is limited to 7776 words because 5 dice with 6 faces. Clearly there are well more than 3000 words that can be used in a memorable password dictionary.

If you are using words, it’s not the number if characters that matter - it’s the number of words.

Assuming 1 trillion password guesses per second (which is I think more than can be done right now), an entropy of 77.5 would take an average of about 3800 years to crack.

Also remember that having bits of entropy that is greater than the size of the password hash that’s stored doesn’t increase the time. If it is a 128 bit hash and you have 200 bits of entropy, you’d have a hash collision before the 200 bits of entropy matters. (BTW a 128 bit hash would take about 5 billion billion years to crack on average for the theoretical 1 trillion guesses per second.)

I don’t use diceware myself - again, I was challenging the 3000 word dictionary. I think that we all know far more than that. (Though I use 1Password to generate the words myself.)

I’m at least as ignorant as the next fellow about passwords, and I struggle to follow some of the discussion here. Thanks for making it as simple as possible.

In my ignorance, I assumed there were many hashing algorithms and that Joe Hacker would not know which one to use. (Of course, any organization that lets the hashed values leak might let its hashing algorithm leak, too.) Certainly, my suggestion to increase the delay time is only effective if the hacker is submitting the attempts to the web site where I have an account.

Thanks for the education.

Diceware now recommends more words for some uses: " A five word passphrase provides a level of security much higher than the simple passwords most people use. We recommend a minimum of six words for use with GPG, wireless security and file encryption programs. A seven, eight or nine word passphrase is recommended for high value uses such as whole disk encryption, BitCoin, and the like. For more information, see the Diceware FAQ."
https://theworld.com/~reinhold/diceware.html