How Secure Is My Password?

How can I create a secure password?

• I know the standard tricks, create a long password, numbers, symbols, capital letters, etc. My questions is how do I judge password security. I heard different tricks to make secure passwords. For example, until the http://xkcd.com/936 came out (correcthorsebatterystaple), that would be a perfect password. No cracker would target it per-se, and to brute force it would take forever. Now that the pattern is known, that password style is not nearly as secure, since cracking software is now made to target it. So even though normally password security tools measure bits of entropy, there are techniques that crackers use to make passwords easier to crack. How do I know that my password is really secure? Are there tools out there to check my password against real cracking software?

• Answer:

  Strictly speaking, you cannot measure the entropy of a password. (Or if you like, you can measure it, but the value is 0.) There is no entropy in a password: the entropy is in the way the password is generated. This is explained in the http://imgs.xkcd.com/comics/password_strength.png: “correct horse battery staple” is just one example, what the password illustrates is the procedure to generate that password. Namely: “four random common words”. The next panel gives the quantification “44 bits of entropy”, which is based on 11 bits per word (i.e. choose each word randomly among 211 = 2028 words). That password generation procedure has 44 bits of entropy, which means that on average, an attacker who knows how the password was generated will need to make 243 guesses to find the password. (On average, the attacker needs to enumerate half the password space.) The comic does not recommend that you pick “correct horse battery staple” as your password. It recommends that you select 4 random words. The pattern is known, but not the random choices. http://en.wikipedia.org/wiki/Diceware is a popular variant of this method: you pick words on a list of 65 words by rolling five dice for each word. To put it yet another way: there are two aspects in choosing a password, http://security.stackexchange.com/questions/37039/composition-of-passwords/37043#37043. The method is cleverness and does not contribute to the security of the password. http://security.stackexchange.com/questions/25960/calculating-how-secure-my-password-is/26055#26055, regardless of any cleverness. Cleverness is only useful to make the password easier to type and remember. If you're http://security.stackexchange.com/questions/22717/how-secure-are-passwords-made-of-whole-english-sentences/22724#22724, you only get protection against attackers who are less clever than you. A method like “pick random words” is easy to quantify because as long as the random choices are independent, http://security.stackexchange.com/questions/37039/composition-of-passwords/37041#37041. If you add constraints (e.g. generate something and “smooth it out” to make it memorable), you need to http://security.stackexchange.com/questions/4630/how-can-we-accurately-measure-a-password-entropy-range the number of possibilities that remain and take care if the smoothing can map several different random rolls to the same final password. Yes, there are http://security.stackexchange.com/questions/6499/best-password-strength-checker. They come in two kinds. The fast ones apply some http://security.stackexchange.com/questions/2687/how-reliable-is-a-password-strength-checker/2690#2690. They don't always get it right, because they have no idea how the password was generated; they tend to favor passwords with clever bits over passwords with randomness. Since they see only the final result and not the generation method, they cannot take randomness into account. For example (picked at random — not in the cryptographic sense) http://www.passwordmeter.com/ tells me that “correcthorsebatterystaple” is weak (25%) and “homechasebogbigamy” (which I just generated randomly with the XKCD procedure) is very weak (19%). Yet if I'd only told you how I'd generated that second password and not what the random choice was, it would take 1000 computers about 3 year to find at 100 attempts/second/computer! In contrast, pass+word1! is rated strong (64%). The second kind of password strength checker is… cracking software. This gives you the perfect measure of your password against that same cracking software. It doesn't tell you much about other cracking software. The best way to ensure that your password is secure is to measure the amount of randomness that goes into it. N bits of randomness = 2N-1 guesses needed on average to crack it. Figure out how much you want 2N-1 to be and deduce N. Exercise: to generate “homechasebogbigamy”, I used a list of 4172 distinct words in alphabetical order and generated each word by taking a random word among the first 2048. Assume that list is public. Does the fact that the list was sorted alphabetically reduce the entropy of the password? Is my claim that this procedure has 44 bits of entropy correct?