Passphrase

A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs and systems. Passphrases are particularly applicable to systems that use the passphrase as an encryption key. The origin of the term is by analogy with "password". The modern concept of passphrases is believed to have been invented by Sigmund N. Porter [Sigmund N. Porter. "A password extension for improved human factors". Computers and Security, 1(1):54-56, January 1982.] in 1982.

ecurity

Considering that the entropy of written English is less than 1.1 bits per character cite web | url = http://cs.fit.edu/~mmahoney/dissertation/entropy1.html | title = Refining the Estimated Entropy of English by Shannon Game Simulation | format = HTML | publisher = Florida Institute of Technology | author= Matt Mahoney | accessmonthday = March 27 | accessyear = 2008] , pass phrases can be relatively weak. NIST has estimated that the 23 character pass phrase "IamtheCapitanofthePina4" contains a 45 bit-strength. The equation employed here is 4 bits (1st character) + 14 bits (2nd - 8th characters) + 18 bits (9th - 20th characters) + 3 bits (21st - 23rd characters) + 6 bits (bonus for upper case, lower case, and alpha numberic) = 45 bits. cite web | url = http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf | title = Electronic Authentication Guideline | format = PDF | publisher = NIST | accessmonthday = April 7 | accessyear = 2008] Using this guideline, to achieve the 80 bit-strength recommended for high security (non-military) by NIST, a passphrase would need to be 58 characters long, assuming a composition that includes uppercase and alphanumeric.

There is room for debate regarding the applicability of this equation, depending on the number of bits of entropy assigned. For example, for 5 letter words Shannon found that each contained 2.3 bits of entropy, which would mean only a 35 character length passphrase is necessary to achieve 80 bit strength.cite web | url = http://www.microsoft.com/technet/security/secnews/articles/itproviewpoint100504.mspx | title = The Great Debates: Pass Phrases vs. Passwords. Part 2 of 3 | format = HTML | publisher = Microsoft Corporation | author= Jesper M. Johansson | accessmonthday = March 27 | accessyear = 2008]

The words or components of a passphrase need not all be, but often are, found in a language dictionary — most particularly one available (on or off line) as input to a dictionary attack program. If findable in such a dictionary (and especially if the entire phrase can be found in a quotation or phrase compilation), an attacker has some chance of discovering the pass phrase by an automated dictionary attack. However, the required effort (time, cost, ...) can be made impracticably high if there are enough words in the passphrase. How many depends on the size vocabulary from which they are chosen "and" if those words are selected randomly. The number of combinations which would have to be tested under such conditions make a dictionary attack so difficult as to be infeasible. These are difficult conditions to meet, and selecting at least one 'word' for a pass phrase which cannot be in any dictionary is still more effective. A good rule of thumb is to purposely misspell at least one or preferably a few words in the passphrase, mix words up from different languages, and/or add symbols to the words. This will considerably decrease the chance of a dictionary attack being effective. Fact|date=March 2008

For example, the widely used cryptography tool PGP and its clones require each user to make up a passphrase that must be entered whenever signing or decrypting messages. The Internet services like CryptoHeaven or Hushmail provide free encrypted e-mail service, but its security depends almost entirely on the quality of the chosen passphrase. You should have your passphrase ready before creating your PGP or GPG key or opening a new account as 'inventing' a passphrase whilst entering it is a poor practice, very likely to lead to poor or quickly forgotten passphrases, and therefore poor security. It is recommended to take time periodically to think of good, creative, non-dictionary passphrases and ones which can be easily remembered. It is difficult to accomplish this on the fly, when under pressure to come up with a new passphrase. Fact|date=March 2008

Compared to passwords

Passphrases differ from passwords. A password is usually short — six to ten characters. Such passwords may be adequate for various applications (if frequently changed, if chosen using an appropriate policy, if not found in dictionaries, if sufficiently random, and/or if the system prevents online guessing, etc.) such as:

* Logging onto computer systems
* Negotiating keys in an interactive setting (e.g. using password-authenticated key agreement)
* Enabling a smart-card or PIN for an ATM card (e.g. where the password data (hopefully) cannot be extracted)

But passwords are typically not safe to use as keys for standalone security systems (e.g., encryption systems) that expose data to enable offline password guessing by an attacker. Passphrases are generally stronger, and a clearly better choice in these cases. First, they usually are (and always should be) much longer — 20 to 30 characters or more is typical, making some kinds of brute force attacks entirely impractical. Second, if well chosen, they will not be found in any 'phrase or quote dictionary', so such dictionary attacks will be almost impossible. Third, they can be so structured as to be more easily memorable than passwords without being written down, reducing that risk as well. Most applications will allow for spaces which is recommended because the use of spaces will increase the brain’s ability to remember the passphrase.Fact|date=December 2007 They can be, thus, considerably more 'secure'.

Passphrase selection

Typical advice about choosing a passphrase includes suggestions that it should be:
* Long enough to be hard to guess (eg, automatically by a search program, as from a list of famous phrases).
* Not a famous quotation from literature, holy books, et cetera
* Hard to guess by intuition -- even by someone who knows the user well
* Easy to remember and type accurately
* For better security, any easily memorable encoding at your own level can be applied.

Example methods

One method to create a strong passphrase is to use dice to select words at random from a long list, a technique often referred to as diceware. While such a collection of words might appear to violate the "not from any dictionary" rule, the security is based entirely on the large number of possible ways to choose from the list of words and not from any secrecy about the words themselves. For example, if there are 7776 words in the list and six words are chosen randomly, then there are "7776⁶ = 221073919720733357899776" combinations, providing about 78 bits of entropy. (The number "7776" was chosen to allow words to be selected by throwing five dice. "7776 = 6⁵")

Another is to choose two phrases, turn one into an acronym, and include it in the second, making the final passphrase. For instance, using two English language typing exercises, we have the following. "The quick brown fox jumps over the lazy dog", becomes "tqbfjotld". Including it in, "Now is the time for all good men to come to the aid of their country", might produce, "Now is the time for all good tqbfjotld to come to the aid of their country" as the passphrase.

There are several points to note here, all relating to why this example pass phrase is not a good one.
* It has appeared in public and so should be avoided by everyone.
* It's long (which is a considerable virtue in theory) and requires a good typist (which is an overwhelming problem for most folks in actual practice). (Whatever software is accepting the passphrase for testing should "never" echo it to your display, lest shoulder surfers take advantage.) Typing errors are much more likely under such conditions, especially for extended phrases.
* It doesn't contain any non-alphabetic characters. Converting, say, the 'l' (Latin small letter L) in the acronym to a '1' (digit one) would be an improvement.
* Individuals and organizations serious about cracking computer security have compiled lists of passwords derived in this manner from the most common quotations, song lyrics, and so on.

The PGP Passphrase FAQcite web |date=1997-01-13 |author=Randall T. Williams |title=The Passphrase FAQ |url=http://www.iusmentis.com/security/passphrasefaq/ |accessdate=2006-12-11] suggests a procedure that attempts a better balance between theoretical security and practicality than this example. All procedures for picking a passphrase involve a tradeoff between security and ease of use; security should be at least 'adequate' while not 'too seriously' annoying users. Both criteria should be evaluated to match particular situations.

Another supplementary approach to frustrating brute-force attacks is to derive the key from the passphrase using a deliberately-slow hash function, such as PBKDF2 as described in RFC 2898.

Windows support

If backward compatibility with Microsoft LAN Manager is not needed, in versions of Windows NT (including Windows 2000, Windows XP and later), a passphrase can be used as a substitute for a Windows password. If the passphrase is longer then 14 characters, this will also cause the very weak LM hash to not be generated.

Unix support

In recent versions of Unix-like operating systems such as Linux, OpenBSD, NetBSD, Solaris and FreeBSD, up to 255 character passphrases can be used.

References

ee also

*Keyfile

External links

* [http://www.diceware.com Diceware page]
* [http://passkool.sourceforge.net Passkool - A deterministic "pronounceable" password generator]
* [http://www.pgpi.org/doc/faq/passphrase/ Passphrase FAQs]