Why3Words!
William John MacLeod Fraser
?? Technology Leader | Product Development Lead | Cybersecurity Expert | Software Engineering | AI & Digital Forensics | Oil & Gas Industry | Publishing Director
The title is a play on the amazing digital tool What3Words but has no link to it other than this reference and a passing joke later.
While reading my newsfeed I came across this well written article by NCSC. I respect the NCSC and love the work they do in helping making the world safer for average people rather than aimed at just organisations like a lot of security minded groups. But I was shocked to find the following advice.
choosing three random words
Choosing words for a password isn't a new thing, indeed, Randall Munroe of XKCD famously has the CorrectHorseBatteryStaple comic. The problem isn't the concept, but the number of words.
What Is Entropy and Why Should I Care?
Sadly, before I begin I am going to have to go through password entropy... I apologise in advance, it's my least favourite thing to describe, because it's something I never explain well. But please stick with me.
Entropy (or more correctly, bits of entropy) is the measurement often used to define strength of passwords. It derives from information entropy and that is all I'll say on the complex part.
Imagine if you will a one sided coin. "Heads". If I asked you to guess a coin throw, you would already know the answer. Therefore it has an entropy of 0. Ok, now imagine a two sided coin, "Heads" and "Tails". If I ask you to guess a throw, you would have a 50/50 chance and would therefor have 1 bit of entropy. How was that calculated? Entropy is the function of L x Log2(E) where L is the length of the password and E is often considered the character set. (stolen from https://www.omnicalculator.com/other/password-entropy)
Ok, I now need you to guess 2 consecutive coin tosses. If you get both right I'll give you access to my account. The entropy of this would be 2xLog2(2) = 2. Expanding on this, lets make those coins 26 sided [a-z]. Now you have a character set of 26 and a length of 2 giving an entropy of 2xLog2(26) which is ~9.4. Entropy can then give a good way of charting password cracking times as shown below. Although the below example is specifically about guessing PBKDF2 passwords, the idea of the increasing cracking times is what matters. Indeed, some algorithms will not take as long as PBKDF2 to break.
Importantly that number in the table isn't a guarantee that each password will be cracked at that time. That is the maximum time it would take to guess all passwords. A password of 12 length in a keyset of [A-Za-z0-9] has an entropy of ~71.4, but if your password is the first the system uses to check it will be instantly broken.
Why are 3 word passwords insecure?
For this article let's use the example the NCSC used, FerruleFibreglassSeaweed. In traditional password entropy calculations that would give an entropy of ?~136.8. (26 lowercase + 26 uppercase over a length of 24). And from the above chart that would take over 91 trillion years at least to crack. But not is all as it seems.
The fallacy here is the ~136.8 entropy assumes that words are made up of random characters. Clearly not true for the definition of a written language. What caused me to pen this peace is the glaring oversight of suggesting 3 words. Words are clearly defined items and there are, by definition, dictionaries of them.
English as a language has 171,146 words according to a BBC article from 2018 https://www.bbc.co.uk/news/world-44569277. So, when it comes to entropy, you break the password up into it's next simplest form. Individual words. Now entropy becomes 3xLog2(171,146) giving the massively reduced entropy of ~52.15. This still isn't bad as it would still take at least 193 years given the above chart. But that is assuming 3 randomly selected words and that is the same problem as assuming that words are created of randomly selected letters.
The average English speaker has a vocabulary of 20,000 words according to wordcounter.io and people will most likely use the words they know... Wouldn't you? Unless, of course, you use What3Words to create your password (told you there was a joke later). I know the word disestablishmentarianism... (Good for me, I know). That word is 24 characters long, amazing to be used in a password... But it is worth the same as the word hardhat when considering the entropy. Assuming the 20,000 word vocabulary, entropy now becomes ~42.9. And there in lies the problem of 3 words. At an entropy of below 43 you are talking about days to crack (in PBKDF2) and hours if you consider some of the other hashing/ encryption algorithms used in technology.
领英推荐
It really can't be that bad, can it?
Almost all companies now have some very contrived password rules usually consisting of minimum length, must contain numbers letters and special characters. And, the aim of the 3 words is admirable, to help people have stronger passwords while remembering them. The problem is, 3 words doesn't give a strong enough password even for the memory trade-off.
An 8 letter password using letters, numbers and the 10 common special characters, is a good rule of thumb for the bare minimum of a secure password... And even then, they aren't that secure. A truly random password of this sort has an entropy of 8Log2(26+26+10+10) = ~49.4. Compare that to the ~42.9 of three words and you can see the issue. Although 3 truly random words will give an entropy of ~52.15 that relies on people using random words and remembering them.
What's the solution?
So, the idea behind the 3 words is sound, just the implementation. Let's take Randall Munroe's CorrectHorseBatteryStaple. In traditional entropy that gives 25xLog(26+26) = ~142.51. And when you consider all words in the English language that gives an entropy of ~69.5. Lastly, if you consider the average vocabulary, that is ~57.15. All that needs to happen is that the advice is upped from 3 words to 4 or more words. At that point the entropy is clear over the years mark to break (using PBKDF2 hashing) and for each new word added the entropy leaps. The only issue then is where word grouping trends could bring the entropy back down but that is less of a problem compared to just using 3 words.
Just as some fun, here is the entropy for words from 1 - 8 assuming truly random out of 171,146 and 20,000 words. It is clear how each new word adds to the security of the password.
Conclusion
As with upping the character counts of passwords, we should recommend people up the word count. 3 word passwords should now be considered broken.
Stay digital safe, stay digital smart.