The logic behind three random words

75 pointsby DicIfTExalmost 4 years ago

24 comments

dvhalmost 4 years ago

Some time ago I wanted to mass produce new inventions so I generated list of random phrases in form of adjective-adjective-noun and start reading. Most of it was nonsense, occasionally there was something viable, in rare occasion some interesting new idea. Then I stumbled upon this gem:"Creepy wet uncle"and I giggled. I kept reading and once in a while there was something funny. After a while I realized that 3 random words can make me laugh, but no 3 random words made me cry.Before I thought that laughter and crying are equal but opposite emotions, but they are not. Crying is much deeper and requires more emotional attachment. To make someone laugh all you need is 3 random words.

评论 #28097249 未加载

评论 #28097184 未加载

评论 #28101560 未加载

评论 #28102496 未加载

评论 #28097351 未加载

评论 #28096941 未加载

评论 #28098338 未加载

评论 #28097810 未加载

jrootabegaalmost 4 years ago

I find that the brain is just optimized to remember language and language-like constructs. It's not a trick; you've sunk decades into training your brain to do it. Words, phrases, 6/7 digit numbers like phone numbers, etc. Being able to pronounce them out loud or internally is a huge part of it. So it's just easier to remember the same amount of entropy with such a secret compared with other methods.Diceware is the older brother of this method:<a href="https://en.wikipedia.org/wiki/Diceware" rel="nofollow">https://en.wikipedia.org/wiki/Diceware</a>

评论 #28098197 未加载

评论 #28098105 未加载

dfdzalmost 4 years ago

> None of this is helped by ... the continued low uptake of password managers to both store and generate passwordsThis article contains reasonable advice, but I am not sure that is advice that anyone is interested in. Let me explain.Most of my tech savvy friends/family use password managers (either digital or paper), two factor authentication, and sometimes hardware authentication devices for important accounts.In contrast, most of my non-tech savvy friends/family do not care about password entropy or really anything to do with security. If the complexity requirements cause them to forget a memorized password, then they reset using their email.Edit: Actually people forgetting their passwords because of complexity requirements might be useful, since it forces people not using a password manager to login by clicking a link from their email (which is better than a weak password) In this light, maybe companies should start to enforce even more crazy requirements at least 4 numbers, 4 symbols, 8 characters

jepleralmost 4 years ago

Missing is the analysis of the amount of entropy in an unaided "three random words" password.I'll try: people are lousy at random picking. Their choices are highly likely to come from the most common 1000 words, and very very likely to come from the most common 4000 words. If this is true, it gets you an entropy of 30 to 36 bits.BUTJust for curiosity I checked out NIST's current guidance on passwords; they actually allow 6-digit passwords (PINs) [with about 20 bits of entropy], as long as there is server-side rate limiting of authentication attempts [edited to add:] and are uniformly chosen by the server. They recognize that this does not mitigate offline cracking attempts. Since even choosing a random "top 100" word would meet the same entropy bar, perhaps my initial reaction is an over-reaction. [<a href="https://pages.nist.gov/800-63-3/sp800-63b.html#appA" rel="nofollow">https://pages.nist.gov/800-63-3/sp800-63b.html#appA</a>]

评论 #28103563 未加载

jasonwatkinspdxalmost 4 years ago

Years ago I needed to generate default/initial passwords for CRM systems that weren't trivially crackable. I wrote a little script that picked 5 words from a 22e3 dictionary. It's about 70 bit security assuming the adversary knows the dictionary. Not perfect but a whole heck of a lot better than installing stuff with "admin:admin" as is shockingly common.It still irks me how many places have 1. short password length limits and 2. stupid character class requirements. I use long as heck pass phrases everywhere I can't use a password manager but a shocking number of businesses are still like "max length 12 use 1 capital 1 number 1 symbol" :/

评论 #28105507 未加载

mellosoulsalmost 4 years ago

Can we expect a certain well-known geo-locating firm to ban this method as copying their IP?

评论 #28097581 未加载

d5vealmost 4 years ago

Before I used a password manager, I used three random word phrases, but with the first word lowercase, the second upper case, and the third (chosen to contain at least one of "aeio") with tr/aeio/4310/. This gave phrases that passed requirements like "must contain a mixture of upper and lower case" and "must contain at least one number". It also increased the search space for guessing. In some cases I had to chuck a "!" on the end to meet a "must contain a symbol" requirement."crystal lizard rekindle" became "crystal LIZARD r3k1ndl3" etc.

评论 #28099106 未加载

评论 #28098237 未加载

评论 #28103586 未加载

_ZeD_almost 4 years ago

an additional "twist" is that you can use words in different language: good luck with a "dictionary" attack if a word is in spanish, one in french and the other one in italian (or what you prefer).

评论 #28099409 未加载

DigitallyFidgetalmost 4 years ago

I reset my passwords regularly, so this example doesn't provide access to anything of mine, except my old all in one router's wifi that's been sitting in a box in my basement for years.Hun$@ngF0rM3g-K@rp3_W19m This was a base password I used for about two or three years, altering the W19m ending to be a familiar measurement value for me, like walking 19 meters. It's actually lyrics from a song "Hun sang for meg", from Norwegian band Karpe Diem (song name is "Byduer i dur"). It falls into the problem of replacing letters with alike symbols, but that provides the complexity requirement, while also having enough length to be secure even without doing letter replacements.My worst passwords are often for the things I should really keep most secure because they have the dumbest restrictions that cripple complexity.8-16 characters long .. okay, there goes ALL the normal password bases I use, most my passwords are 24-58 characters long.Only - _ ! . for special characters .. what the actual f**? Why? WHY? This is for my online medical account, WHY!?!?

评论 #28103095 未加载

nickdothuttonalmost 4 years ago

VAX VMS had this sorted around 1983 with SET PASSWORD /GENERATE. We have gone backwards since then.

tgvalmost 4 years ago

Most people have a limited vocabulary, in the order of 14 bits. They don't know how to come up with three random words either. That means < 52 bits, probably a lot less. So, these people would need a password generator. Which makes the point moot.Edit: 3*14 = 42, not 52...

评论 #28097638 未加载

评论 #28101948 未加载

评论 #28102481 未加载

Slow_Handalmost 4 years ago

For a password you have to easily memorize, a decent algorithm for generating strong-ish passwords has been to take an easily memorize-able saying/lyric/phrase:Ex: "All we have to fear is fear itself" Ex: "It was the best of times. It was the worst of times."and then reduce it to only the first letters of each word:Ex: Awhtfifi Ex: IwtbotIwtwotThe phrase is the memorable part, and then you simply have to encode it into a seemingly random string of letters that are unlikely to be dictionaried. Salt it with numbers and other characters and I think that makes for a halfway decent password.Of course, I just use a password manager and all actual passwords are 20bit strings.

评论 #28103119 未加载

评论 #28103093 未加载

wodenokotoalmost 4 years ago

It’s kinda funny because I remember when password recommendations were “use the initial letters of a simple, but novel phrase” and it turns out the password would have been much stronger if actually using the phrase.

评论 #28099250 未加载

nickwebalmost 4 years ago

(One word more) relevant XKCD [1].Also, a generator for the above [2].[1] <a href="https://xkcd.com/936/" rel="nofollow">https://xkcd.com/936/</a> [2] <a href="https://www.correcthorsebatterystaple.net/" rel="nofollow">https://www.correcthorsebatterystaple.net/</a>

评论 #28096785 未加载

slateralmost 4 years ago

Getting a '403 - Access Denied' error, and wayback machine has the page, but since the original is some JS-only thing, WB doesn't show anything.

hiccuphippoalmost 4 years ago

The strategy I use for generating 4 to 6 digit passwords (for pin keys) is to imagine drawing a shape over a keypad. For example an N shape would be 7193, a T would be 1328 and so on.Edit: I'd be interested to see what others do!

评论 #28102398 未加载

Causality1almost 4 years ago

I just free-associate the first few words that come to mind when I look at the name of the site. It's remarkably consistent and I can derive passwords for accounts I haven't used in years.

评论 #28102299 未加载

stavrosalmost 4 years ago

Can we finally get WebAuthn everywhere and not have to remember any passwords at all? It's 2021, our civilization is almost at an end and we haven't even managed to solve passwords.

NotSwiftalmost 4 years ago

This is sound advice. But I would suggest that you choose words for which you can find some mnemonic to remember them, e.g. by combining them in a nonsensical sentence.

评论 #28096685 未加载

jhgbalmost 4 years ago

OK, the article convinced me, especially the end. My next password will be 'mitigationpasswordvulnerabilities'.

alisonkiskalmost 4 years ago

Three random words are great. But for this to work in real life requires dozens of sets of three random words per person.

评论 #28101736 未加载

RyEgswuCsnalmost 4 years ago

Knowing a password consists of three random words makes it significantly easier to guess it. Knowing a password contains at least a digit and a special symbol and a upper-case letter does not make the password much easier to guess, and, as others have pointed out, it encourages the use of password managers.

评论 #28102782 未加载

评论 #28105522 未加载

kragenalmost 4 years ago

This is mostly good, but you should use four to seven random words, not three.<a href="http://canonical.org/~kragen/sw/netbook-misc-devel/bitwords.py" rel="nofollow">http://canonical.org/~kragen/sw/netbook-misc-devel/bitwords....</a> has several different ways of generating strings of random words from strong randomness, as well as other forms of random passwords. It uses the frequencies from the British National Corpus <a href="http://canonical.org/~kragen/sw/wordlist" rel="nofollow">http://canonical.org/~kragen/sw/wordlist</a>. The word lists I've found most effective have 2048 or 4096 words, thus 11-12 bits of entropy per word; much larger lists of words include a lot of strange words that are much harder to memorize. So, person acid hidden, cases truck merge, KNIT SOOT CEIL, worn profession products, claw gerry teeth, or TIDY ANY HUG, but not fitzwilliam preside maxine, relieve scottish seminar, or tunis orange formerly, which use a 32768-entry wordlist.However, three 12-bit words is only 36 bits of entropy. If an unsalted password hash database containing 2000 users' passwords gets stolen, every 34 million hash operations will yield one of those passwords. If a salted password hash gets stolen, every 34 billion hash operations will yield one, but the attacker can choose which one.To non-computer people this probably sounds like a lot, but john on one core of this quad-core laptop can try 8500 md5crypt passwords per second or 480 bcrypt passwords per second with 32 iterations. So one password cracked per 34 million hash operations, assuming md5crypt, is one user account cracked every 17 minutes, and one password cracked per 34 billion hash operations is an average of 12 days to crack your target password.Unless the attacker has more than a US$300 used laptop to attack with, that is. If they're using a 19" rack full of equipment, possibly equpiment that doesn't actually belong to them, they could quite easily have 256 times as much hashpower, so they can crack your password in 65 minutes. Or 19 hours if you were using bcrypt or something better like scrypt, configured for that level of resistance.By contrast, if you use four random 12-bit words, they'll need 130 years with my laptop to crack your account if it's using md5crypt, 6 months if they're using a rack full of equipment, or 9 years if they're using the rack full of equipment but the passwords were hashed with 32-round bcrypt.With a 72-bit-entropy password like "thank reason massive derived reasonably go", "pick sat adams orcs arabs being", or "ALL JURY SAUL BILK ADD RULE CUB", you should be reasonably safe even with a poorly chosen password hashing algorithm and a more seriously funded attacker.If the password hash database is not stolen, and the attacker is limited to an online attack, three words might be reasonable, but four words is safer.A key point that people often miss here is that you really need to use real randomness to generate the passwords. Don't use "random" passwords from your mind, because, as any mentalist knows, those are enormously less random than you think they are. Use actual physical dice, as with Diceware, or /dev/urandom.

aaron695almost 4 years ago

Reading between the lines this is a political move.Users hate IT security. IT security like all professions has become blame shifting not about security and made the problem worse.Password complexity rules don't matter in practice. This keeps users the most happy and is close enough.OT:If you are a hacker and care about TLA, passphrases seem the best but you need more than 3 words and you need something random in the mix. This is if they have your encrypted hard disk for instance or wallet.