Strength of passwords with patterns

As far as I can tell, the question is:

They are practically unguessable, right?

The answer is a very strong it depends on the kind of attack you're worried about. Also, in the best case, what you're doing is equally as strong as using a password manager's randomly generated passwords, but almost certainly more effort, right?

@RoyceWilliams' answer pretty much hits the nail on the head:

Generally speaking, if your method becomes weaker once it is known, you're doing it wrong.

Let's break this down a little farther. There are two types of password brute-force attacks you need to worry about:

Drive-by attacks

Aka "opportunistic". Here the attacker is looking for low-hanging fruit: they are attacking all users of the system in parallel, either looking for a single entry-point into the system (in which case any user will do), or they are looking to compromise as many accounts as they can with minimal effort.

They are unlikely to try any sort of "algorithmically-generated" lists, because they can get what they want simply by trying the 100,000 most common passwords based on this year's breaches. As long as your password is not on one of those "Top X Most Common Passwords" lists, you're pretty much immune already; you really don't need to go the extra effort.

Targeted attacks

Here you, and you specifically, have been selected as a target. Maybe there is data on your account that is of value to their employer, maybe you work for your company's IT help desk and sending a phishing email from your account is more likely to succeed. Whatever the reason, you specifically are being studied.

They will find your social media posts. They will find your post on this site. They will pull up all passwords of yours from previous breaches to study how you invent your passwords. They will write software to generate guess-lists based on everything they know about you. If they know that you like to use mathematical constants, or quotes from Tolkien, or wtv, they will build the appropriate guess lists.

Against a targeted attack, @RoyceWilliams' answer referencing Kerckhoffs's principle is relevant: your scheme needs to be secure even if the attacker knows what the scheme is. You may be clever enough to invent something that passes this test, but I'd bet that whatever you invent will be more effort than just using a password manager with 32-char random passwords. So do that.

These two attack models are meant to be a framework for thinking about the threat landscape, not an exhaustive list of things attackers will do. As @Ben points out in comments, there is a sliding scale in between these two that has some characteristics of Drive-by, and some characteristics of Targeted. Where you put your comfort level is your choice; although if you're considering this at all then, for the minimal extra effort, you might as well go all the way to the top and use a password manager.


Such methods do make passwords slightly more resistant to manual inspection. Unfortunately, your opponents are not limited to manual inspection. All of the methods that you describe are subject to automation - and therefore easily replicated by password cracking enthusiasts.

Generally speaking, if your method becomes weaker once it is known, you're doing it wrong. Instead of trying to outsmart manual inspection, you should be using a method that resists attack even when the precise details of the method are known.

Further, some of the techniques that you're describing would be difficult to do in your head, and would require that the user store the password somewhere else anyway. If you're already going to do that, you might as well simply:

  • For non-memorized passwords, generate random passwords and store them in a password manager, and

  • For memorized passwords, use a randomly generated passphrase with a sufficient number of words and length of wordlist to resist brute force. Aaron Toponce has a list comparing various password/passphrase generators that illustrates the qualities that you should consider when selecting one. Adjust the number of words and length of dictionary for your use case.

Finally, to your question about guessing entropy, I would encourage you to not be distracted by that question. There are only a few real-world "bits" of information in there - "here is the base string I used" plus "here is the thing that I did to transform it." The effective "entropy" of such methods may be acceptable in the short term, but will drop dramatically once the method is discovered. (In other words, defer discussion of entropy until you've settled on a method that is not weakened by disclosure).


Long passwords with low entropy are good against one thing: brute force attacks. Current brute-force attacks are limited to about 10 characters, so if you're considering using zxcvbn as your password, using zZxXcCvVbBnN instead would be a big improvement.

However, if you're about to use a proper password (like correct horse battery staple), you can be pretty sure it won't get brute-forced. In this case, using low-entropy padding will only make it harder to type. The attacker will have to get some sort if insight to crack your password in the first place, and if we assume the attacker may get insights about your password, it's only reasonable to assume your padding scheme may be part of those insights.

Here's a short post criticizing the approach you propose. To summarize it in one sentence,

Any public recommendation of a low entropy scheme, at any level of detail, is self-defeating. The more it's adopted, the faster it weakens relative to entropy.

Tags:

Passwords

Recent Posts