Title: On passwords Author: Alexander Arkhipov Created: Before 2023-06-24 Modified: 2024-03-23 Most of this document is a long version of the "correct horse battery staple" [comic]. There are some more interesting observations towards the end. The strength of a passphrase does not derive from it having at least one letter, one digit and one special character, but from something called "entropy". "Entropy" is this mysterious concept that my professors kept telling me about, all the while I would wonder "what is an entropy?". In our case we are dealing with "more is better" and the formula E = log_2(R^L) where E is entropy, R is the size of the dictionary (a rather offputting term, see below) and L is the length of the password. I won't be telling how much entropy is needed for a good password: calculate that yourself. That formula works if passphrases are generated by taking random words from the dictionary. If your password is your birthday, the entropy is 1 because the passphrase is cracked by answering the question "is it the owner's birthday?". "Word" here is simply the smallest unit we are dealing with, while a dictionary is a list of unique words. English alphabet is a dictionary of single-byte words. There are several ways the vast majority of people make passwords in practice: they either use something very simple like their birthday, or they use something very hard to remember, yet easy to crack. This is further promoted by many sites refusing to take passwords with more than e.g. 20 characters &c. The readers may be surprised to read from me that the issue lies not with the fact of using such weak passwords on its own: unless the attacker has physical access to a device, he is usually limited to "n tries per t time". The real issues begin with man's faulty memory. Firstly such lack of methodology leads to passwords being easily forgotten, which is just horrible; secondly, people like this tend to use the same password for everything. This means that should one service's security turn out to be less-than-optimal (it usually is), all of the other accounts become compromised as well. And quite simply because I am quite tired of hearing stuff like "They wouldn't get anything important anyway": no, "they" bloody will, unless you consider your bank information, personal information and the ability to be the only one to write messages from your name to be unimportant. The solution is to randomly generate passwords, and then store and retrieve them using a password manager. There are generally two kinds of such passwords: strings of randomly-generated bytes from something like [A-Za-z0-9] and sequences of randomly-generated words. I strongly prefer the latter, as they may be typed by looking at them even when clipboard is unavailable. Then there is of course the issue of setting up one or more "master" passwords. Generally the following _have_ to be memorised: password to a normal user on the system, password to the root user, the password to the password-manager and passphrases to ssh &c. Since it all really ought to be done entirely locally on a single-user system (if it isn't, start panicking), there is not much danger in setting them to be the same thing. It does, however, have to be something strong, memorable and not too complicated to type. One option is to generate a passphrase via a normal method and simply memorise it (or write it down, unless you live with people you don't trust unconditionally). Another method is to make up a few words, not tell anyone about the fact and use those. And now since I mentioned the ssh passphrases, I'd like to also state that yes, ssh keys should have passphrases. A possible exception are the keys used for things like backups. This should instead be restricted to certain users and/or commands. A concern some people might have is that it could hurt automation. I say not nearly as much as people think. Executing ssh-agent and ssh-add at every login does mean typing password twice, but it also means that all those scripts could still be run, provided they are started afterwards in the same session. OpenBSD's xenodm is already set to run the necessary. On platforms that use startx, a wrapper would be simple to write. Other DMs should have such functionality (or they should be avoided otherwise). If not starting X at all, then executing it from ~/.profile or similar file is even simpler. [comic] https://xkcd.com/936/