this post was submitted on 19 Jun 2024
111 points (99.1% liked)

Privacy

32103 readers
540 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

This is really good for encrypted content such as a hard drive, password vault or gpg key

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 5 months ago (2 children)

It is a good technique to be sure, but I haven't found it useful in my everyday life. In practice 99% of my passwords are stored in my password manager. I only remember like 3 passwords myself. For those I want them to be easy to type as I do it semi-regularly (whenever I turn on my computer or phone, my phone sometimes re-verifies, ...). These may be slightly easier to remember but end up being much longer. I find that I don't have issues remembering the 3 passwords that I actually regularly type.

In fact I recently switched my computer passwords to be all lowercase, just to make it easier to type. I've offset this reduced entropy by making them longer (basically shift+key is similar entropy to key+key and easier to type, especially on phones or on-screen keyboards).

The recommended 6 words produces incredibly strong passwords. The equivalent with all lowercase would be 16.5 characters. Personally I went for 14 characters and in my threat model that is very very secure. But this will also depend on your attack model. If it is a disk encryption password or other case where you expect that the attacker can get the hash then it will depend on the strength of the hash and possible attacker's computing power. If it is protected by a HSM that you trust you can get away with short PINs because they have strict rate limits. Any decent online service should also have login rate limits reducing required entropy (unless the leak the hash without resetting passwords, then see the above point where the attacker gets the hash). All of my memorized passwords fall into the category of needing very strong security but I still found that remembering a random character password that only only took about a week when entering it once a day.

[–] [email protected] 5 points 5 months ago (1 children)

This is precisely for the master password of your password manager, the one you actually need to be highly secure but memorable

That or passwords that won't go there in practice, like computer boot passwords

[–] [email protected] 1 points 5 months ago* (last edited 5 months ago)

Yeah, but my point is that I use my master password enough that random characters are still memorable while being faster to type. For me personally there isn't really a use case where the easier memorability is worth the extra characters to type. But of course everyone is different, so it is good that this system is laid out for them with a great guide.

[–] possiblylinux127 4 points 5 months ago (1 children)

I also think encryption password security depends heavily on the hash. A hash that's takes along time to break will be more secure and will require a shorter password to be secure

[–] [email protected] 3 points 5 months ago (2 children)

Yeah, that is what I meant by "strength of the hash". Probably should have been more clear. Basically the amount of resources it takes to calculate the hash will have to be spent by the attacker for each guess they make. So if it takes 1s and 100MiB of RAM to decrypt your disk it will take the attacker roughly 1s and 100MiB of RAM for each guess. (Of course CPUs will get faster and RAM will get cheaper, but you can make conservative estimates for how long you need your password to be secure.)

[–] [email protected] 1 points 3 months ago* (last edited 3 months ago)

Parallelism 1, iterations 15, memory 512mb

New status unlocked! LUNATIC

[–] possiblylinux127 1 points 5 months ago (1 children)

Keep in mind they will be using GPUs with lots of ram and cores so that 1s will be more like hundreds or thousands a second.

[–] [email protected] 2 points 5 months ago

It depends a lot on the hash functions. Lots of hashes are believed to be difficult to parallelize on GPUs and memory hard hash functions have different scaling properties. But even then you need to assume that an adversary has lots of computing power and a decent amount of time. These can all be estimated then you give yourself a wide margin.