Let's not forget that an enormous number of people in the world still use Windows. We need a secure, reliable, and free solution for them. The only app that currently fills these requirements for Windows is TrueCrypt.
That's why I think it's a great idea to do a security audit of TrueCrypt since that's the best available solution for a big segment of the world's population.
> We need a secure, reliable, and free solution for them. The only app that currently fills these requirements for Windows is TrueCrypt.
What's wrong with BitLocker?
EDIT: Keep in mind we are just talking about Windows solutions here. And if Windows is backdoored, it is not going to make much difference if BitLocker is also backdoored by the same agency.
There is the truecrypt binary and truecrypt formatted encrypted volume.The format of the truecrypt volume is known and there exists open source solutions that can create and open truecrypt volumes.
All it will take to have alternatives in windows is for windows based block device encryption applications to pick up the format.It is surprising it hasnt happened yet and this drive is completely ignoring this line of thinking.
Interesting I'll take a look. I need a backup system for my gf (basically a wife) to decrypt my drive in case of my passing. I had a truecrypt volume, now I switched back to OSX encryption.
It's basically a drive (in a safe deposit box) with all of my stuff there, also with a copy of my lastpass passwords unencrypted. My gf knows our phrase, 50 characters no less. Took me few months to teach her it.
Actually, as the Ars technica articles have shown, it takes much more than that to protect from a dictionary attack with the speed that passwords can be tried now.
58 characters made up of English words with spaces between, especially if the words form a sentence, is much less secure than 58 random characters. Of course, good luck memorising 58 random characters.
No the point isn't being missed. How easy that phrase would be to crack is debatable and I don't know the correct answer, but let's assume that it is easy, you might need to make it more complicated. If this is the case, then the fact that a simple easy-to-crack phrase is easy to learn is irrelevant, like saying "it's quick to learn every word of French you'll ever need to speak - bonjour, oui, non". On the flip side, if you're right that the phrase is secure enough, then your argument is valid that it should be fairly quick to memorise. But the question of whether that phrase is good enough is entirely relevant and not missing the point.
(You could still make the point that two months is two long for any phrase, I'm sure, but without knowing how much more complicated it is than your example, and without knowing how different people manage learning things, that's hard to say.)
The specific phrase is or isn't easily crackable, that's as debatable as anything. It's not relevant to what I've been saying at all. What's not debatable is the fact that this dude "taught it to his wife" in a multi-month span. That's pants on head stupid. Combine that with "basically a wife", and the dehumanization/patronization was enough to piss me off, cryptographic overkill aside. Maybe that's just me. Whatever.
But let's pretend we're talking about complication for a moment (a much more interesting conversation to all of us anyway), and then let's realize that this very sentence probably would take about a minute to memorize, and would be completely uncrackable.
You're forgetting password cracking 101 - it gets a lot harder, even if the word/phrase only gets a little longer, or a little different. Sly dogs instead of lazy dogs, a hand in the bush is worth two in the bird, sally smells sea shores by the she shell, every fine boy does good; what do you want from me? You'd never crack any of those, and we both know it. Why? You'd never try them. You just wouldn't. Show me the algorithm that'd come up with, "No champions, play like excuses!" Only 32 characters, should be trivial. Right?
You're still debating whether or not it's easily crackable.
Let's imagine the phrase you were saying needs to be remembered is simply "password", whereas a phrase good enough to not be cracked actually needs to be 400 characters long and include punctuation and numbers. In that scenario, you would be thinking "should take 10 seconds to memorise", whereas realistically it takes much longer.
That shows that the difficulty of phrase is of course relevant to how long it might take to learn, and the fact that other people have been arguing with you over how difficult the phrase needs to be shows that it is debatable.
So maybe you're right that your example phrase is fine, but if his wife learned a much more complicated phrase then it could well take longer to remember.
Yes, if what you ask us to imagine were what happened, then you'd be right. It didn't, however, so you are not.
The difficulty of the phrase is not relevant to how long it might take to learn, because of how cryptography works. That is, a 60 character phrase is much harder to crack than a 58 character phrase. So, the difference between "password" and "this is the password I'm going to use from now until the end of eternity" is cryptographically large, but trivial, memorization wise. So while the difficulty of the phrase to crack just jumped into "not gonna happen" land, the difficulty of the memorization of the phrase moved from instantaneous to 5-10 minutes.
If his wife learned a much more cryptographically complicated phrase it still would not have taken her longer to remember, making the specific phrase completely irrelevant. Two months is laughable, "taught it to my gf" is doubly laughable, and "gf (basically a wife)" is off the laughable charts.
Actually, the issue with that phrase is that it's a common one, likely to be found on the web or in books - It's not just a collection of random words. You can't just consider the length of the passphrase.
Because if you don't use a passphrase for a long time you tend to forget it, especially if there are minor abnormalities in the phrase to defeat the dictionary attacks.
And the phrase isn't in english, but in russian translit.
Kinda like this: PustVsegdaBudetSolnze$PustVsegdaBuduYa
You don't know it's alphabetic, you don't know it's an actual English phrase, you don't know how long it is, you don't basically know jack shit to be able to effectively use a dictionary attack against a password like that. You don't know it's a passphrase, basically.
A phrase like that is very easy to crack actually. People have been cracking brain wallets in the Bitcoin world (think storing all your money behind a passphrase that anybody can access, madness!) with greater complexity than that. From the person in questions posts, they're trawling wikipedia, quote databases, movie scripts, anything you can imagine to find phrases that people might use for passwords. It seems to work too, judging by the number of times I've encountered this person saying "hey, that's me, I stole those!".
The fact that there's google results for that phrase means it's a useless passphrase.
You underestimate people. More often than not people will use a quote like the example in the parents post did. In a world of custom FPGA devices to crack passwords, it wouldn't take long.
That is one of my least favorite xkcd comics. It is very misleading.
If the attackers knows that your password is constructed in this fashion, then it is trivial to track the password, as we've restricted the search space to a multiple of the number of common English words. The entropy argument only makes sense if the human readable strings are just as likely to be chosen as passwords as other random strings, which is not at all the case.
You have completely missed the point of the comic, which is that if you choose 4 common English words at random, the entropy is surprisingly high. It isn't based on "human readable strings" at all.
For example, my /usr/share/dict/american-english contains just shy of 100,000 words. A random word chosen from that set has 16.6 bits of entropy, and four randomly chosen words has over 66 bits of entropy. If anything, XKCD's comic is understating the entropy involved.
Except when people create phrases like that they aren't choosing random words from a dictionary, they're most likely choosing words from their own vocabulary which will be significantly less than 100k words. Additionally the distribution is not uniform, reducing entropy even further.
Every password require that the user choose randomly. Words, letters, numbers, pixels on a screen... All require randomness in choosing.
This is why some websites assign passwords to users and do not allow users to pick their own custom passwords. The only safe passwords are those generated by machines.
This does not mean that picking words to form a pass-phrase is less secure than picking letters to form a password.
Less entropy means less secure. However the method in the comic is not pick a passphrase. It is pick 4 random words(hopefully with the help of a computer with a good source of randomness, so they are really random). This is because phrases have semantic meaning and reduced entropy. Also people tend to pick phrases that are common enough to be found on the internet somewhere like movie quotes, book quotes and thus are likely to be in an attackers dictionary. So four random words not a phrase has better entropy than a passphrase, and is less likely to appear in a dictionary attack than a phrase.
Right - this is the crucial point. The method suggested in the XKCD comic isn't to pick four words yourself out of your head - it's to randomly select four words from a dictionary.
Yes this is true. This is why password crackers will scrape twitter/facebook/whatever for modern slang, common mispellings, neolgisms, etc for their word lists.
I don't think it's particularly misleading; if you look carefully, he's assigning 11 bits of entropy for each word in the passphrase, in other words, choosing from a list of 2048 common words only.
This is probably quite close to what a brute force passphrase cracking software would do as well, and he's not even adding bits for common alterations, such as capitalisation of first letter(s), spaces between words, common substitutions, etc. So the 44 bits estimate is for a software matching exactly this pattern, using exactly this common English dictionary.
Also, I suspect throwing in a single word from another language would greatly increase overall strength, especially if it's an uncommon word.
That's not true. Given a dictionary of 2048 words that the attacker has complete knowledge about, picking any 4 random words will always give you 44 bits of entropy.
As a rule of thumb, English text has about one bit per character of entropy. [0, 1] Since we're going with averages, let's say 5 letters + a space for each word. So you need a 7- or 8-word sentence, with normal capitalization and punctuation, to get 42 bits of entropy. And of course it shouldn't be a well-known phrase like "I've got a bad feeling about this!"
> as we've restricted the search space to a multiple of the number of common English words
Diceware uses a set of 7776 words. You select words from the list using 5 dice. 5 words, picked using 5 rolls of the set of 5 dice, gives you about 64 bits of entropy.
> A five-word Diceware passphrase has an entropy of at least 64.6 bits; six words have 77.5 bits, seven words 90.4 bits, eight words 103 bits
Because our attacker knows that we've used Diceware, and knows what diceware wordlist we used, and knows that we've used a 5 word passphrase, there are 7776^5 phrases to try. That's 28,430,288,029,929,701,376.
> If the attackers knows that your password is constructed in this fashion
Then all bets are off, but they don't, so we're sorted.
Mind you, my /usr/share/dict has ~ 100,000 words in it. 100,000 5 is around the same order of magnitude as 62 12, which is the number of 12 character passwords of upper and lower letters + digits.
Few months? How about "anAardvarkAndAHippoAreNeverFriends@" easy to remember and almost impossible to brake. Worst case, lets say that attacker actually knows that the password is 6 words with a special character at the end. Lets further assume that the attacker knows that the words are not overly complicated, say from a subset of 5,000, and the special character is one of the 10 that's easy to type on the keyboard. Even than, at the speed of 10 million passwords per second it would take 500 million years (just about) to crack that one, and no need for months of memorization.
Passphrases are not more secure then regular passwords by default, the problem is that a lot of people use phrases that follow simple grammar. Capital first letters of each word, a sentence that is actually valid and no spelling mistakes make it a lot easier to crack then 50 random characters (or 20 random characters).
Passphrases that work are random sequences of words that have spelling mistakes, random capitalization, aren't found in any book/song/poem and preferably mix several languages. The famous "correct horse battery staple" is better then your example, I have memorized 20 random words from 3 languages and use those words in some combination in all my passwords.
> "zuluCrypt is a front end to cryptsetup and tcplay. It makes it easy to manage LUKS,PLAIN and TRUECRYPT encrypted volumes through a GUI and a simpler to use CLI interface."
If you can handle experimental CLI-driven software, pbp [2] is interesting.
> "PBP is a simple python wrapper and a command line interface around libsodium, to provide basic functionality resembling PGP. It uses scrypt for a KDF and a much simpler packet format, which should be much harder to fingerprint, pbp also provides an experimental forward secrecy mode and a multi-party DH mode."
