(idea) by m_turner Mon Jun 04 2001 at 20:27:16
The first thing to realize in selecting a good password is how password cracking works. At the core of any password cracker is a dictionary and a set of rules.
Dictionary files
Dictionaries range from the small (the one that comes with Linux at 45407 words) to large (ok, so a a guy I worked with wore a gray hat (it used to be very dark gray) and liked to assemble large dictionary files - 111284 words). I am certain there are larger ones out there.

Macro rules
The macro rules for crack are probably the best known and most common. The operations available to crack include

The classic first rule for crack is '!?Al' which translates to 'not-contain non-alpha, lowercase', or in English 'force every pure alphabetic word lowercase'. Crack will then go on to try words of length greater than 2 that don't contain non-alpha characters and pluralize them. It also tries tacking on a single digit and punctation.

Very often, people change letters in passwords with well known substitutions. Within the crack rule-set these are written '>2/asa4l', which means 'Take a word longer than two letters that contains "a", substitute "a" for "4" and force lowercase. The list of standard substations:

  • a / 2
  • a / 4
  • e / 3
  • h / 4
  • i / 1
  • l / 1
  • o / 0
  • s / $
Realize that 'password' is a bad password, as is 'pa$$word' and 'p4$$w0rd'. Don't do this - you will be sorry.

Another simple rule would be '@?vl' - purge all vowels and lowercase the word. 'psswrd' is not a good password either.

Crack, for all its power is a rather old program and has a 'flaw' in that it only looks at single words. There are other password crackers that are probably more powerful than crack and have a more expressive rule-set language. Unfortunately the rule-sets of these are kept hidden from the browsing sysadmin - probably so that he or she can't adjust the anti-crack rules to account for it. Still, you can get a fairly good idea of what can be done in the password cracker by looking at its language.

One of the docs for a password cracking program that I have found will do multi-word cracks separated by some character. It also has the possibility of working from the language itself and attacking non-sense passwords made up of pronounceable syllables.

Often system administrators try to write rules about how a password is to be created. The unfortunate side effect of these rules that if they are known to the attacker, they reduce the search space that the program needs to attack dramatically.

True story: One of the labs I know of had a rules 'the password may not be a dictionary word or contain a dictionary word'. What does that mean to the cracker?

  • 'a' is a dictionary word - the password may not contain an 'a'.
  • 'i' is a dictionary word - the password may not contain an 'i'.
  • There are 49 two character words in the standard Linux dictionary (and 164 in that larger one I happen to have). The password may not contain the pattern 'in', 'to', 'pi', etc...
Taking this into account, we have now drastically reduced the search space necessary. Even rules such as "Your password must be at least this secure to ride the internet Your password must be at least 4 characters long" reduce the search space - '>4/asa4l' has to search fewer words than '>2/asa4l'.

Other times, programs create passwords that look like vaguely pronounceable line noise. VMS has this capability as part of the basic password system (note: one of the meanest things a VMS admin can do is to set a users password to: expires once used, password must system selected, min length 32 characters, max length 32 characters, require a second password with same restrictions). The difficulty with this is that once the rules are known of how to generate passwords, it becomes trivial to search that space.

We are given an example above of how to generate such a password.

  1. Select 2 unique random 3 character words from the dictionary
  2. Select 2 unique random characters from a character set
  3. password = word1 + char1 + word2 + char2
Using the larger dictionary: 1038 words (lets call it 1024) and a character set of 30 (lets call it 32), the size of the possible words is: 1024 * 32 * 1023 * 31. This is (only) 1,039,171,584. The smaller dictionary is a measly 284,465,920 possible passwords.

A quick benchmark of crypt in perl (slow by comparison to optimized C programs and crawling compared to hardware designed for encryption) shows that 2000 crypts of different passwords can be done and printed in 1 second on my system (a three year Pentium II). To attack a password known to be in the smaller search space would only take a day and a half. The larger search space would take about a week. Scale this up to a nice alpha or MIPS R10k and the password might as well be stored in clear text in the password file.

Another suggested piece of code (by comp.sci in choosing a password) to generate passwords selects four consonant vowel pairs and concatenates them. Frankly, this is worse than the above example having only 21^4 * 5^4 (121,550,625) possible combinations - the brute force search space for this is less than a day.

So how should I pick my password?
Take a sentence - for example "So how should I pick my password?" - and convert it into letters of mixed case and symbols. One possible transformation on this sentence would be "Shs1pmP?". Because this password is not based upon a dictionary word or combinations of a small number of dictionary words it is fairly much immune to an intelligent brute force attack that is based off of a dictionary. It is also easy to remember - it is a sentence that you came up with. Do not use this password - it has been printed somewhere as an example now and that would be a 'Bad Thing'.

I like it! 1 C!