This is really good for encrypted content such as a hard drive, password vault or gpg key

  • kevincox
    link
    fedilink
    arrow-up
    9
    ·
    6 months ago

    It is a good technique to be sure, but I haven’t found it useful in my everyday life. In practice 99% of my passwords are stored in my password manager. I only remember like 3 passwords myself. For those I want them to be easy to type as I do it semi-regularly (whenever I turn on my computer or phone, my phone sometimes re-verifies, …). These may be slightly easier to remember but end up being much longer. I find that I don’t have issues remembering the 3 passwords that I actually regularly type.

    In fact I recently switched my computer passwords to be all lowercase, just to make it easier to type. I’ve offset this reduced entropy by making them longer (basically shift+key is similar entropy to key+key and easier to type, especially on phones or on-screen keyboards).

    The recommended 6 words produces incredibly strong passwords. The equivalent with all lowercase would be 16.5 characters. Personally I went for 14 characters and in my threat model that is very very secure. But this will also depend on your attack model. If it is a disk encryption password or other case where you expect that the attacker can get the hash then it will depend on the strength of the hash and possible attacker’s computing power. If it is protected by a HSM that you trust you can get away with short PINs because they have strict rate limits. Any decent online service should also have login rate limits reducing required entropy (unless the leak the hash without resetting passwords, then see the above point where the attacker gets the hash). All of my memorized passwords fall into the category of needing very strong security but I still found that remembering a random character password that only only took about a week when entering it once a day.

    • jherazob@beehaw.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      6 months ago

      This is precisely for the master password of your password manager, the one you actually need to be highly secure but memorable

      That or passwords that won’t go there in practice, like computer boot passwords

      • kevincox
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        6 months ago

        Yeah, but my point is that I use my master password enough that random characters are still memorable while being faster to type. For me personally there isn’t really a use case where the easier memorability is worth the extra characters to type. But of course everyone is different, so it is good that this system is laid out for them with a great guide.

    • Possibly linux@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      6 months ago

      I also think encryption password security depends heavily on the hash. A hash that’s takes along time to break will be more secure and will require a shorter password to be secure

      • kevincox
        link
        fedilink
        arrow-up
        3
        ·
        6 months ago

        Yeah, that is what I meant by “strength of the hash”. Probably should have been more clear. Basically the amount of resources it takes to calculate the hash will have to be spent by the attacker for each guess they make. So if it takes 1s and 100MiB of RAM to decrypt your disk it will take the attacker roughly 1s and 100MiB of RAM for each guess. (Of course CPUs will get faster and RAM will get cheaper, but you can make conservative estimates for how long you need your password to be secure.)

        • Possibly linux@lemmy.zipOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          Keep in mind they will be using GPUs with lots of ram and cores so that 1s will be more like hundreds or thousands a second.

          • kevincox
            link
            fedilink
            arrow-up
            2
            ·
            6 months ago

            It depends a lot on the hash functions. Lots of hashes are believed to be difficult to parallelize on GPUs and memory hard hash functions have different scaling properties. But even then you need to assume that an adversary has lots of computing power and a decent amount of time. These can all be estimated then you give yourself a wide margin.