Criticism of Bruce Schneier's Password Method |
The Schneier Scheme In 2008, Bruce Schneier wrote an article for the guardian in the U.K. on passwords: Passwords are not broken, but how we choose them sure is. The article is also available on his blog at Schneier.com. The article describes the methods used by hackers to break (or "crack") passwords, as well as a better way to choose passwords. Hackers guess at passwords using specialized dictionaries and software. The dictionaries contain ordinary dictionary words, foreign words, names, and common passwords (like "letmein"). The software not only tries every word in the hacker dictionary, but also tries combinations. Each hacker dictionary entry is given a number at the end, or at the beginning, e.g. letmein1, letmein2 ... letmein9999, etc. Every entry is also combined with every other entry, e.g. password123letmein1, etc. Dictionary entries are also modified with common symbol substitutions, such as zero instead of "O" or 4 instead of "A". In the original article, almost as an aside, Schneier proposed a better way to choose a password. Instead of a word plus a few numbers, he suggested choosing a sentence that has meaning to you and is therefore memorable. Then, take the first letter of each word, to create a password: "My advice is to take a sentence and turn it into a password. Something like "This little piggy went to market" might become "tlpWENT2m". That nine-character password won't be in anyone's dictionary."Notice that the password uses the first letter from the first few words, then a whole word capitalized, then a number substitution. So you must remember both the sentence and the different ways that each word in the sentence was modified. In a subsequent post on his blog in 2013, Schneier expounded on this method and gave a few more examples. * WIw7,mstmsritt... = When I was seven, my sister threw my stuffed rabbit in the toilet.So the Schneier password scheme begins with "a personally memorable sentence". Then the sentence is modified and reduced. You take the first letter of some words, or a few letters out of one or more other words. You might even use a whole word on occasion. Then you add some symbols, perhaps substituting @ for the letter "a" or adding an exclamation point. This type of password is too long to brute force by trying every possible combination of letters, numbers, and symbols. And the password it produces is not in any hacker dictionary. So the Schneier scheme does not seem to be vulnerable to the usual method used by hackers to crack passwords. My Criticism In his 2013 post, Schneier gives some examples of passwords which were broken by hackers: k1araj0hns0n Sh1a-labe0uf momof3g8kids tmdmmj17 qeadzcwrsfxv1331 Qbesancon321 Will a password comprised of just the first letter of each word in a sentence be susceptible to a hacker dictionary attack? Given the above examples, the answer is not certain. Perhaps; perhaps not. But what happens when hackers begin to take into account the Schneier scheme? A program could be written to try various passwords comprised of the first letter in each sentence. And you don't need to know the sentence to get to the password. First, certain words in English are very common in sentences: the, and, for, to, he, she, other pronouns, as well as the most common verbs. As for the other words in the sentence, there are only 26 possibilities for the first letter, and certain letters are more commonly used than others. A program which takes these factors into account could break a password comprised of the first letter of each word in a fairly long sentence. Schneier also proposes substituting symbols for letters, using capital letters as well as lower case, and sometimes using more than one letter from a word. But this modification to the "personally memorable sentence" makes the password much more difficult to remember. Is it, then, any more difficult for hackers to break? Not much more difficult. We have already seen, in the examples Schneier gives of broken passwords, that symbol and number substitutions and additions do not thwart hacker software. The Schneier scheme is either easy to remember, but vulnerable to hackers -- just the first letter of each word in the sentence -- or difficult to remember and not much more secure. In addition, it is not possible to calculate the level of security of such a password. A long random password, of upper and lower case letters and numbers, has a level of security that is calculated based on the number of different characters (A) and the length of the password (B). The calculation is A raised to the B power. The result is the number of possible unique passwords of that length. Given a random password of sufficient length, the password is secure. But random passwords are difficult to memorize and to retain over long periods of time. What works much better, in my experience, is passphrases. Each word is randomly chosen from a word list with very many entries. Instead of a list of 62 characters (upper and lower case letters and numbers), a list of words can have thousands of entries. Which is easier to remember, 22 random characters or 10 words from a list of 10,000 words? The level of security is about the same. And only 8 words are needed in the passphrase, if the word list has 65,555 words. I've tried both approaches to memorizing passwords. The passphrase is much easier to remember, and to retain over long periods of time. You don't have to start with a memorable past experience. Words are memorable. Sets of words are highly memorable. The passphrase becomes its own memorable, though nonsensical, story. |