A poll, aimed in particular at people who think they understand the technologies around password cracking. Assume that there is at least one password that you need to be strong and need to remember & type not-infrequently. How many characters is enough for you to feel comfortable in 2024? Assume any char you can type easily is available.
[May need a follow-up poll if the majority is at >=12]
[Boost if you’re interested in the result]
@agocke @timbray This here is such a key aspect and most if not all other replies are missing that.
If you can control the password hashing function, e.g. for the full disk encryption on Linux, you can tweak it to your specific needs.
For example: use a very expensive password hashing function config for your laptop's full disk encryption because you don't care that it's running argon2id or scrypt for tens of seconds once on boot.
If you can't control that, then the other replies make sense!
@timbray I thought I read a few years back that a desktop GPU can brute force passwords up to 14 characters in length.
A "master password" should probably be a sentence these days.
@chadgeidel
Or a key file/hardware key.
Imo. more services need to support that but at least 2fa is offering it often and HOTP as a login is getting a lot more common now with passkey APIs apparently being based on the same underlying system?
@timbray
Mine is over 2 dozen characters. It's a 3-word phrase that is complete nonsense, but comes from a joke comic strip that several of us in the office laughed our asses off about in 2002 or so.
So those 3 words, plus the 3 parts of a phone number that I've got memorized from my childhood in the '60s.
AREACODEwordEXCHANGEwordLAST4DIGITSword
I've never struggled to remember or type it. You couldn't guess it even if you know me very well.
@chadgeidel @timbray a random password with 14 alphanumeric plus some special characters is above 80 bits of entropy. You need power equivalent to a big fraction of the bitcoin mining network to crack that, which means that it's kinda plausible for an NSA grade attacker but incredibly expensive (and it gets much harder if a proper KDF is used)
I usually go for about 16 randomly generated characters, not impractical to type and has a solid security margin.
@kataclyst @timbray This. As xkcd 936 illustrates, "random" passwords are super hard for humans to use, and made-up passwords tend to be predictable even with substitutions.
More words can always be used to increase strength, and diceware-style phrases are pretty easy to remember if you use them enough.
@timbray So much depends on the context. How much faith do I have in the organization maintaining target environment to securely encrypt in transit and at rest, to prevent and mitigate and detect intrusions, etc? Is this for one environment or am I forced to reuse the password? Intranet or internet? What's the sensitivity of the target system (data, capabilities)?
If it's one password shared amongst all internet websites, then the answer is infiniti.
@timbray Hive Systems has a pretty neat table showing password cracking of bcrypt
http://www.hivesystems.com/library
password: cybersecurityforeveryone
@gigantos @timbray That table assumes that (the password cracker assumes that) each password character is randomly chosen from the available character set, which is not the case for most passwords *or* password crackers. Dates are common, "1" at the end is common, capitalizing the first letter is common, etc.
For example: https://www.openwall.com/john/doc/MODES.shtml "this mode deals with trigraph frequencies, separately for each character position and for each password length" (and that's after the wordlist-mangling modes, which are often successful). I assume proprietary password crackers have even fancier modes.
@timbray @gigantos Ah gotcha... In my case neither the password nor its hash are stored anywhere.
User enters a password, a bcrypt hash is generated, which is used as the key to attempt to AES decrypt a password vault file. And either the hash worked or it didn't. No storing anything except an AES encrypted file per user.
Does that make sense? It's described here: https://david.dlma.com/blog/internet-security
@mdione @dblume @timbray The way I understand it, this is on some level identical to /etc/shadow or a database with bcrypt. The attacker still needs to handle one user at the time, and no work can be shared between each user. As you say, you can achieve a similar effect by using more rounds.
One difference though is the size of the data you need to exfiltrate.
@mdione @gigantos @timbray Yep, but in practice the vaults are usually less than a few MB big, so not very big. And there are never many at one install, it intentionally doesn't scale to be large enough for any install to be a tasty target.
A goal was less "surface" for attack. All there is to get would be a few encrypted vaults. I liked the idea of not storing hashes.
There's a README that illustrates the design here: https://github.com/dblume/tiny-vault
So many implicit assumptions... Here's a couple:
- Is this the hardware hackers use? These days hackers spin up GPUs in the cloud, so the times are meaningless
- If my password is "1Monkey$Wrench" it is 14 characters long and contains lower, upper, numbers and specials. According to this table it should take 805bn years and falls within the "good password" criteria. However, because it's made of English words I bet it would take... many orders of magnitude less than that.
@arikb @timbray this table is for fully random passwords, if you don't use a cryptographic random generator for the letters, it will be less hard to break than what is said here.
Also, it is for hardware that is relatively cheaply available for rent (12x RTX4090), if you are determined.
And it is for standard good practice bcrypt.
@gigantos @timbray Considering that the table covers passwords as short as 4 characters, I would say it's hinting at self selected PIN / passwords. I know no password manager that will generate random passwords shorter than 12 characters by default.
And as for the hardware, you can have as many GPUs as you want for the right amount of money by using a cloud computing provider. The speed of cracking is therefore directly proportional to the amount of money invested.
@timbray Assuming there's MFA and other controls in place will affect the outcome.
100% of these answers should be >=12 and it's shocking to me anyone responded with 9.
Such questions should strongly clarify how the characters were selected.
It will not take me a quadrillion years to crack "I'mTheProbl3mIt'sMe!" 😉
@timbray IMO, the use-case is important.
For any place it's going to be stored in a database? I really don't care - it's going to be unique and if that site gets compromised and the password is stolen, I don't care if it gets cracked. They can already access my account, so as long as the password is unique, I don't care. It shouldn't be guessable against the form, so that's about 8. Let's say 8+ characters.
For a place I personally control (like FDE or my OS password)? I think 8-9 characters is fine, AS LONG AS I can tune the algorithm to make guessing very, very slow. If it takes ~1 second to check a password, an 8 character password is going to take on the order of 10**15 guesses which is like 200m years. Yes, you can parallelize, and yes, technology will improve, but it's much MUCH more likely you'll be compromised by a keylogger or camera or something.
For a place where it's weakly hashed and can be stolen (like Windows)? Again, I'm going to use a unique throwaway password because I assume if my password is going to get stolen, it's a keylogger. That's where I'd consider 12+ mandatory, if I wanted it to be safe.
So really..... it depends. :)
randomlongpasswordsarehardtoremember
3as!er2Cr4cka150
@timbray @HollyGoDarkly
The current cyber password standard is:
• 15 character minimum
• passphrase
• no restrictions
• change once a year
Example:
AVeryLongPasswordYoudRemember
Why:
• 15 characters ups the encryption level as each increase in length increases the combinations. 9 characters is better than 8 with specials.
• A passphrase is memorable, quicker to type and often longer than 15 characters.
• The surface to the attacker is different to the user. The attacker doesn’t know if you put in a £ so the combinations to crack still includes special characters even if you don’t use them.
• You will remember it and never write it down.
Why not:
• Forcing special characters actually lowers the potential combinations AND makes it harder to remember.
• Changing monthly makes them unmemorable and so people write it into less secure places, like notes and text files. The human element HAS to be accounted for.
• So exactly 8 characters with specials is out of date like not wearing a seatbelt is out of date… You might be fine or you might be seriously harmed.
Bonus Life Hacks
• Use words you have trouble spelling like ‘bureaucracy’ or ‘deoxyribonucleic’ and by the end of the year you can spell them.
• Learn a sequence like cell division: InterEarlyLateMetaAnaTeloInterphas£
Katherine 💽 🏳️⚧️
Tim Bray
DDR
7leaguebootdisk𓅽
Andy Gocke
Daniel
Chad Geidel
The Doctor
Max Lee
Natanael ⚠️
Kelvin n0mql EN35ld
Boyd Stephen Smith Jr.
Karl Voit 
kat 🌻
Puppethead
ilikecats
Matthew Martin
Mallory 🏳️⚧️
twifkak
C-rich
aes
Princess Pixel Light
Andrew Beresford
Chris Gerhard 
gigantos
Alyssa Voronin
SnowFox
David Blume
Marcos Dione
Michal Bryxí 🌱
Ben Ford 
Arik
bob
dragonfrog
Alan Langford 🇨🇦🧤🧊摏
Jonathan Polley
NosirrahSec 🏴☠️ guillotine enthusiast
Mario Panighetti
Jamie McCarthy
Royce Williams
Ron Bowes
Max™
Andrew Zonenberg
The Animal and the Machine