[security flaw] Ubuntu is a plain text offender

Kent Borg kentborg at borg.org
Mon May 23 16:58:13 UTC 2011 

Steve Flynn wrote:
> Acorss 54 sites, my average password length is 20.1 bytes (I try to
> generate 32 byte passwords by default but some sites restrict me down
> to say 12).

Be warned that sometimes passwords are silently truncated to just a few 
bytes, accepting long passwords, but ignoring all the good entropy.

Also, I count my passwords in bits of entropy, not bytes of ASCII. That 
is, I don't generate passwords by thinking up something that *seems* 
random and measure the output, rather I use a real random source to 
chose the content and measure the input. For example, if you had a list 
of 64-words, you could use 6-coin tosses to select on word from the 
list. (2^6=64), so one word so chosen has 6-bits of entropy. If you use 
a longer word list and repeat, it is possible to come up with a easy to 
remember passphrase that is pretty good.

For example: "beauty-alias-citizen" or "budget-sunset-radio" each have 
32-bits of entropy. (I have a program that does that.)

Take 32-bits and turn it into hex and you might get 94997b2e, again this 
password is worth 32-bits of entropy (but hard to remember). In both 
cases the best brute-force attack would take over 4-billion (2^32) 
guesses to try all the combinations. 32-bits of entropy is plenty for a 
password (where the rate of guessing should be limited) but far too 
little for an encryption key (where parallel computers can all work on 
parts of the problem at once).

The strength of a passphrase should be set according to how it is used, 
and that strength is fundamentally the number of random bits that went 
into it. "May the force be with you." Might be longer than the examples 
above, but it is a terrible password because too few bits went into 
selecting it.

-kb


P.S. Running a program like mine over and over again until you get a 
sequence you like is cheating and reduces the quality of the result. 
Passwords should be chosen at random, not pawed over by a human. Run the 
password generator once and use the first result, and there won't be any 
human decisions that can be second guessed. Assume that running a 
program like mine twice and choosing the one you like best shaves off a 
whole bit of entropy, leaving you with only a 31-bit password.

More information about the ubuntu-users mailing list