Articles

learn more about encryption

How to Choose a Good Password

Nothing seems to be simpler than password – just choose a word and keep it secret. Unfortunately, it is not always as simple as that. While choosing a password is certainly not rocket science, you still need some basic understanding in order to be sure that your password is “good” and is not just a nice surprise for any would-be hacker.

How long should it be?

Ciphers use binary keys, not text passwords. Encryption programs, such as Kryptel, use special technique (called hashing or digesting) to convert a user-supplied text password into a binary key suitable for encryption. So the first question is: how long should a password be in order to produce a good encryption key?

For example, if your password is one letter long, then there are only 26 possible passwords. No matter how strong the underlying cipher is, that kind of encryption could be broken in minutes. The total strength is determined by the strength of the weakest link, and one-letter password is pretty weak.

Modern ciphers typically use 128-bit keys. Some ciphers use longer keys – 192 bits, 256 bits, or even longer, but 128-bit key is considered sufficient because it is impossible to break a 128-bit key by trying every possible key (this method is called “brute force attack”). In order to make brute force attack inapplicable we need to know how many password characters would be enough for a 128-bit key.

A bit of math (you can skip it safely)

When we say that key size is 128 bits, this means that there are 2128 possible keys because one bit can take two values and there are 128 of them. Likewise, a one-letter password provides 26 possible combinations, two letters - 26*26 = 262 combinations, and a password, consisting of k letters gives 26k combinations. In general, the number of possible passwords is Sk, where S is the alphabet size, and k is the password length.

It is easy to see that a password, corresponding to a 128-bit key, should satisfy the equation

Sk = 2128

or, using logarithms

k log S = 128 log 2

hence

k = 128 log 2 / log S

If the alphabet contains more symbols, S should be increased, however there is a question of symbol interdependency. For example, adding capital letters formally makes the alphabet size equal to 52, but in practice capitalizing first letters in some words will not give any noticeable increase in encryption strength. Likewise, digits and punctuation marks are not used arbitrarily and do not strengthen encryption as much as one can expect from the larger alphabet.

For the sake of simplicity, we compensate for symbol interdependency by assuming a smaller alphabet size. The following values seem to be good conservative estimates for S:

  • 30 if the alphabet consists of upper- and lower-case letters and punctuation marks,
  • 36 if the alphabet consists of upper- and lower-case letters, digits, and punctuation marks.

Using the equation for k above, it is easy to calculate the required password length. In order to provide enough material for a 128-bit key, a password, consisting of letters and punctuation marks, should be at least 26 characters long; if the password contains also digits, the length may be decreased to 24.

Recommended password size

Here is a conclusion we can make from the equation above: for the highest security, use passwords at least 24 characters long; if security threats are not very high, 16 characters might be sufficient (which roughly corresponds to a 80-bit binary key).

Okay, it should be long... is that all?

Not quite. A long enough password is usually all you need, but there is a pitfall that must be avoided. Random passwords like “RL3h2yKQsnFqUI71zWmm7ca” are not suited for humans because they are impossible to remember. Passwords that can be remembered are always based on natural language words and so are susceptible to so-called dictionary attack.

Here is a simple example. In theory the password “Harry Potter” is not that bad (even if a bit short), but in reality its strength is close to zero. The first thing the hacker will do is trying all your personal data (such as the names of your spouse or your pet). The next attempt will be based on well-known word combinations (“Harry Potter” fits here). After that the hacker will be trying all possible word combinations in the hope that your password consists of several natural language words. While this looks like a huge task, computers can do it fast enough. In any case, it can be done many times faster than trying all possible passwords character-by-character.

This weakness can be reduced. Even the smallest distortion of the pass phrase, or a punctuation mark, can make the password more resistant to dictionary attack. For instance, “Harry Potter” is one of the worst passwords ever, but “Harry*Potter” is much better. Although this does not render dictionary attack impossible, using non-letter characters makes it very costly. Even a single punctuation mark or a special character would greatly improve any password. One asterisk in “Harry Potter” improves it a lot, adding more special characters, like “=>Harry*Potter<=”, will make it pretty usable and yet easy enough to remember. Adding syntax errors, breaking words, or capitalizing random letters would completely invalidate dictionary attack, but such a password would be too easy to forget, so this method should be used carefully.

Another possible weakness is an interdependency of letters. Not all letter combinations are valid in natural languages, and if the attacker knows that the password consists of English words, he may save a lot of time by not trying invalid letter combinations. There are several ways to prevent such an attack – mixing English and foreign words, deliberately distorting words, capitalizing several letters inside the words, or just increasing the password length.

The most important thing to remember

It is an obvious but often overlooked fact that password is something to be remembered. Even a bad password that you remember is infinitely better than an excellent password that you have forgotten. Time changes everything, and a password, which seems impossible to forget now, may be completely forgotten after several years pass. A chance to forget an old password is very real and this danger is no less serious than a possibility of a hacker attack.

Don't use many passwords – one, at most two, would be enough. Prefer quality over quantity – choose a good long password and salt it with non-letter characters to make it resistant to dictionary attack. Use that password constantly and don't change it unless it is compromised. Regular usage is the only reliable way to remember a long complex password for years.

Another thing worth mentioning is that the slightest mistake makes the password invalid. There is no such thing as an “almost right”, or a “very close”, or a “virtually the same” password. A password is either right or wrong; there is nothing in-between. A tiny error like typing a dot instead of a comma is enough to make decryption impossible even if the rest of the password was entered correctly.

Advices you better not follow

There are several rather common recommendations that better be avoided. The reason is that those recommendations are intended for access passwords and are not suitable for encryption passwords.

Access passwords are used to log into, or to get access to some resource. The system compares the entered password with a stored copy of the right password, and either grants or refuses access. A lost access password can be easily recovered; forgetting it is usually nothing more than a minor inconvenience.

Encryption passwords are different. Software does not keep a copy of an encryption password, and if the password is lost, there is no way to recover it. If the software has no backdoor (and quality encryption software like Kryptel, of course, has none), then a lost password means that your data is lost without any hope of recovery.

Access and encryption passwords are of very different nature and should be treated differently. Encryption passwords are to be chosen carefully, they are usually being used for years, and they are too valuable to risk losing them.

Advice: Use a combination of letters and digits.

Speaking in general, it is not a bad advice, but digits are hard to remember. An easy-to-remember sequence, like your spouse's birth date, would hardly add much security because it is easy to guess. However, if you have a digit sequence that you are unlikely to forget, and at the same time a hacker can't guess it, then use it. Otherwise it might be safer to avoid digits.

Advice: Try to make your passwords as meaningless and random as possible.

The persons, who give this advice, usually conveniently skip over the recommendation how to memorize such a password. Humans are not good at remembering “meaningless and random” character combinations, and writing them down defeats the whole password idea.

Advice: Change your passwords regularly.

This is probably the worst advice ever. It might be useful for an access password, but in case of encryption this is the surest way to forget your password. Change your encryption password often, and you are guaranteed to lose your data soon.