Passphrase Politics:

As the spreadsheet shows, password complexity is far less important than length when defending against brute-force crackers.  Hence, train your users to use long, easy-to-remember passphrases instead of short, random, hard-to-remember passwords.  Here's some advice for overcoming the political obstacles.

Don't announce to your users, "Henceforth all passwords must be 15-character passphrases", since this will only result in your assassination.  Instead, start a weekly internal e-mail security bulletin that includes a joke, cartoon, funny office story, or something else that will motivate users to open the e-mail instead of just deleting it.  Along with the joke or cartoon, include a security reminder (like "don't open e-mail attachments you're not expecting" or "alert IT staff if anyone asks for your password") and keep it as short as possible or else they're learn to trash the message on sight despite the jokes and cartoons.  

In your next weekly security reminder, include a tip like this:  

    "Passwords are hard to remember, so don't forget that you can use a pass-phrase instead (passphrases are short fun sentences with spaces between the words).  So imagine an incredible or funny scene and make that your easy-to-remember passphrase!  :-)    Here are some examples:

          kitty ate my face off!
          my 100 pups play fight
          naked clowns cost $$$
          20 carbs a day max
          I threw up a mellon?
          Vader is my father dude
          a 200% raise is nice
          I only love Star Wars
          Britney Spears = my wife


In the weeks to come afterwards, follow up with more reminders like this:

    "The more outrageous, dramatic, scandalous, humorous or shocking a passphrase is, the easier it is to remember and the better it is for security.  Go ahead, have fun!"  

    "Wouldn't it be nice if mis-speling words was a good thing?  It is!  The more words you missspell in your passphraze the better it is for netwerk sekurity!"

    "Song lyrics, well-known sayings, and famous poems are easy to remember, but not ideal as passphrases.  Here's a tip!  You can still use your favorite line, but change a word in it or make it goofy in some way...or IMPROVE it!  ;-) "  

    "A passphrase takes less time to type at your keyboard than a random-looking password, and it's easier to remember too.  Great passphrases are five words or longer (size does matter!) and please do include words that no self-respecting librarian would ever put in a dictionary!"

    "If everyone agreed to use passphrases instead of passwords, we wouldn't have to change them so darn often...hmmmmmm...."


After softening up your users like this for a couple months, enforce a passphrase policy, but only against the other administrators.  Why only the other admins first?  Because, one, the security of their accounts is vastly more important than those of regular users, and, two, THEY were the real targets of the above e-mail reminders anyway!  The real obstacle to enforcing a long passphrase policy is the prejudice of the other administrators who have always been taught that "nothing's better than a RANDOM passWORD".  Show them this spreadsheet (after deleting this paragraph) and run the numbers.  It's hard to argue against the math.  Once the other admins are convinced, you can get them to help you enforce the new policy throughout the forest.  "Enforcement" is the wrong word, however, since you'll get much further by educating users first about how passphrases can be easier to remember if they're funny/shocking/bizarre, and you might consider making a deal with them too, namely, if they accept the new passphrase policy then they won't have to change them as often.  

For the other admins, make sure they understand that 1) LM hashes are not stored if a password is 15 characters or longer, 2) their own passphrases should be 15+ characters long with mis-spellings, character complexity and/or very rare words, 3) cached credentials can be extracted from stolen laptops and possibly cracked, and 4) the actual strength of the encryption on a certificate's private key is really determined by the crackability of one's passphrase, not the advertised bit-length of the cipher used, and many things depend on the security of private keys, e.g., S/MIME, VPN, TLS, WPA, etc.  

Good luck!

https://www.dropbox.com/s/syd8vwf31y90ev4/Passphrase_Length_vs_Complexity.xls

Three thoughts:

- Just say Passphrase should be at least 50 characters long
- Show an indicator how good the chosen passphrase is
- Allow people to chose a weaker password

- 50 characters now? 35 is long enough I think, anyone else?
- Indicator, maybe in a later version. Good idea.
- Allow people to choose a weaker password? Do you mean less than 35 characters? if so, no. I like the approach of if < 50, then uppercase and numbers are required.

Cool.

In the Asset Exchange,in 1OZSilver ..it says there are a total amount of 100.
There is a buy order for 190 of it.Shouldnt the quantity  be capped at the total number of items of that asset?To avoid misunderstanding something.

Is this a good error description (shown when less than 50 characters are entered):
 
            error = "Since your secret phrase is less than 50 characters long, it must contain both numbers and uppercase letters.";

btw, no requirement for special characters?

see attached file

Depending on your adversary, edit the number of computers he or she will use in parallel for cracking and the average keyrate of each machine.  Assume that your adversary is using GPU (not CPU) processors to optimize performance (such as ElcomSoft's distributed password cracker using nVidia GPUs).  Increase the number for added pessimism and to account for Moore's Law.

The 31 special symbols are the non-alphanumerics commonly used in the United States (!@#$%^&*()-_+=~`[]{}\:;'"<>,.?/).  Add more if you wish and update the number in the red box.  Reduce the number for added pessimism.  

If the adversary does know the exact length of passphrase, he or she will not have to compute all possible smaller lengths first.  If length is not known, then each time in the spreadsheet includes the sum of all prior times in that column since presumably the adversary would have to exhaust all the smaller lengths first.  Assume adversary does know exact length for added pessimism.

The factors that are difficult to include are the "true randomness" of the passphrase being cracked and how "smart" the cracking program is.  These factors are lumped together in the "Percentage of Keyspace To Be Searched" value.  If this value is 100% then the passphrase is assumed to be truly random, whatever that might mean to you, and/or the cracking program attempts no optimizations based on human nature, dictionaries, common substitutions, etc.  But, as you guesstimate the relevant cracking program to be smart, or as you guesstimate the passphrase to be less than truly random, then lower the percentage number.  The percentage reduces the number of possible combinations that must be searched as a crude estimate of actual time; for example, a five-character lowercase password with 100% randomness yields 11,881,376 possibilities, but with 30% randomness only yields 3,564,413.  If your adversary is doing only brute force cracking (and no dictionary, hybrid or pre-computed searches), set the randomness to 100%.  If your adversary is a large corporation or national government, set it to 1% on the assumption that their cracking programs will be "smarter".

Keep in mind that, if you are considering the crackability of LanManager (LM) hashes, the effective passphrase  length is never greater than 7, even if the passphrase you type in is 14 characters long.  This is because the passphrase is cut in half and and is each hashed independently then concatenated together.  Also, don't forget that LM hashes are NOT case sensitive, so the "lowercase,numbers,<space>" set is the most relevant (with 7 characters max).

In the far right collumn is an area to compute the cracking of dictionary-only passphrases where "length" is not the number of characters but the number of words in the phrase.  The vast majority of sentences in everyday spoken english are drawn from a pool of only about 10,000 words (according to one linguistics web site) from the hundreds of thousands of english words in the Oxford dictionary (which doesn't include scientific terms by the way).  Hence, assuming the passphrase is made up of only these words, with no mis-spellings, no numbers, no symbols, no mixed cases, then 10000 can be assumed and used to compute cracking times.  But if even a single word in one's passphrase were not in the cracker's dictionary, or if one word were deliberately mis-spelled or strangely capitalized or punctuated, then the 10000-word assumption is a vast under-estimate of how large the cracker would have to expand the dictionary and hybridize it in order to flush out the elusive word(s) in question.

Finally, these are MAX times, as though the very last passphrase guessed is the correct one.  Cut times in half to get the average per passphrase when large collections of hashes are being cracked simultaneously.

https://www.dropbox.com/s/syd8vwf31y90ev4/Passphrase_Length_vs_Complexity.xls

That is pretty straight forward and easy to understand.

Well people thought it was too long. I've changed it now. Try it at http://nxtra.org/nxt-client/ (click on don't have an account, then click on "want to choose your own secret phrase")