On Wed, Nov 16, 2016 at 3:19 PM, Thomas Morton <morton.thomas(a)googlemail.com
wrote:
Another idea might be to for the software to offer to create a random
password for users at account creation time, and also to make the same
offer at password change time.
For example, even using automatically generated simple-looking and
reasonably simple passwords like "little-center-ground-finger"
consisting of 4 words between 5 and 8 characters long, will give an
effective per-password entropy of 62 bits, significantly better than
most user-generated passwords.
If we did this it's worth pro-actively making the wordlist "hard". For
example, the words chosen above appear in the top-1000 most common English
words, and so therefore are trivially vulnerable to dictionary attacks
(hackers read XKCD too :)).
If you use the top-1000 most common English words (and the attacker knows
you picked 4 random words from that list), 4 randomly-chosen words would
have about 39.86 bits of entropy. That's a bit weak, but probably not
entirely trivial (at 1000 guesses/second it'd take 31 years to try all the
possibilities). Using a list of 1000 *un*common English words has the same
level of entropy, since we assume the attacker can get the word list
somehow (if nothing else, by using the service themselves a few thousand
times and collecting all the words seen).
If you want to increase the entropy, use a larger word list rather than a
"harder" one. The XKCD comic seems to have used a 2048-word list for its
44-bit estimate. Using a list with 8836 words gets the same entropy (about
52.44 bits) as a completely-random 8-character password using any of the 94
characters I can easily type on my keyboard (e.g. "'>hZ|=S\*").
--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation