DAV EY WINDER
Our security guru’s 30-year quest for password perfection has finally come to an end, and it all came down to a roll of the dice
Our security guru’s 30-year quest for password perfection has finally come to an end, and it all came down to a roll of the dice.
I’ve been a part of, and as a journalist apart from, the cybersecurity community for the best part of 30 years now. That’s before most people would have said such a thing existed, but I can assure you it did. Back then, in the late 1980s and early 1990s, hacker communities existed across FidoNet (look it up, post-millennials) and other bulletin board systems, as well as the emerging internet by way of certain Usenet newsgroups (ditto).
Since the very beginning of my adventures in cyber, which started on what you might call the wrong side of the fence as a hacker, there’s been one thread that strings it all together: the password. Back in the day, “cracking” a password was something of an overstatement as often that password would be “password”, “admin” or “1234”, assuming there was one at all. I’d like to say that passwords have evolved since then, but “password” and “admin” still appear in the most popular lists of passwords analysed from data breaches, and numerical strings are right at the top as well. This is despite our understanding that passwords are important, that these collections of characters are the first line of defence, sometimes the only line of defence, our data has. Sure, I’m oversimplifying here, but with good intent: we’re not as password-savvy as we like to think we are.
Still, the tech world has moved on in leaps and bounds since 1990, and the security genre particularly so. Not that this is necessarily a good thing. There’s almost a linear relationship between the cleverness of both identification and authentication tech and the blurring of our perception of how secure that makes us and our data. Yes, we have moved from no passwords to fingerprint readers and facial recognition, but for many people that means the passwords underpinning identification tech are either forgotten or considered unimportant. After all, biometrics make us safe, right?
Wrong, wrong, very wrong. Let’s look at your smartphone, the hub of the average consumer’s digital life. How do you unlock the device? It’s going to be either fingerprint or facial recognition, both done in a fraction of a second, both seamlessly providing the keys to your data kingdom. But wait a minute, what about when you’ve updated the OS or had to reboot the device for whatever reason – do your biometrics let you back in then? Nope, you must enter a PIN or password to prove it’s you on most devices. A PIN or password that’s likely to be pretty easy to remember and, therefore, pretty insecure.
I’m not just talking about phones but everything and everywhere, anything and anywhere our data is stored, retrieved, collected. Which is why I always bang on about two things that are arguably more central to keeping the average person and their data secure than anything else: password managers and two-factor authentication. (I usually include a third, encryption, and that has a part to play in the password story I’m about to tell.)
Encouraging entropy
First, let’s talk about password managers. Or rather, let’s talk about the password you use to secure your password manager, whatever that may be: the master key that unlocks everything else. Even if you access your password manager on your smartphone using a fingerprint, that’s only a layer on top of your master password. Which begs the question: how do you choose that master password? Is it a random, absurdly long and complex string?
For most normal people, the correct answer here would be “is it heck!”. I’ll admit that I’m not most people, nor normal for that matter, so mine is precisely that. It’s more than 30 characters and random, it’s not written down anywhere and I couldn’t tell you what it was. So how do I remember it? I don’t. Well, not in the sense that you probably expect: I rely upon muscle memory, which kicks in after I type the first three characters, and those are all I need to recall. Most people, normal people, will likely use a shorter, less secure, password or a passphrase.
Which begs the question of how to tell how secure a passphrase is. The classic XKCD “Correct horse battery staple” cartoon strip ( see opposite) nicely illustrates a way of being able to remember relatively strong passwords. My friend, mathematician and security researcher, Dr Mark Carney, explains that it’s all down to entropy. The numerical measurement of the uncertainty of an outcome, entropy is measured in bits and each one effectively doubles the search space required. The bigger that bit number, the more difficult it is to search and find the password or passphrase in question.
There are around 171,000 common words in the English language, of which anything up to 40,000 are commonly ommonly used. You can determine etermine that a passphrase from, for or instance, song lyrics will be multiplied by 40,000 for every word added to reach the upper entropy ntropy limit. The best passphrases, the most secure and the he ones with the biggest amount of entropy, are truly random – such as “correct horse battery staple”, which has no structure and isn’t a sentence. (Don’t use that, though, and if I need to explain why then you’re already a lost cause, sorry.)
“As long as nobody else uses it, it is (171,000)^4 (to the power of four, that is), which is a big
number,” Carney explained. That number is 855,036,081,000,000, 000,000, which comes in at about 70 bits of entropy. Add another random word and you’ll then have 89 bits of entropy. Random is key here, and why, say, the Trump “person woman man camera TV” meme would be awful: the words are linked to each other and so are more guessable if you know one of them. Word association is a common methodology applied by serious password hackers and cracking tools.
Load the DiceKeys
Where does this leave us regarding your master password creation methodology then? Well, a truly random collection of words as a passphrase is a good move, but not as good as a password that’s, for all practical intents and purposes, unguessable. And how do you create that, let alone remember it? You roll the dice. Literally.
In 2016, Joseph Bonneau, an assistant professor at New York University, created the word lists for the Electronic Frontier Foundation’s (EFF) Diceware project (read the article at pcpro.link/314eff). People aren’t good at making random, unpredictable choices. That was the basis of Diceware, a method of generating truly random passphrases. At this point, I must stop and give a nod to Arnold Reinhold who, way back in 1995, published the Diceware word list ( pcpro.link/314dice) that remained a definitive one for decades. Reinhold’s list contained 7,776 words that were equal to the possible rolls of five six-sided dice.
Bonneau determined that some of the words, being hard to spell or memorise, as well as ones containing punctuation, were usability challenges. And usability challenges are kryptonite to security posture. The EFF word list enabled a six-word passphrase with 77 bits of entropy to be generated by rolls of the dice and removed difficult words to spell and homophones, along with any that were exact prefixes of another.
Fast forward to now and Bonneau, Bonnea along with the world-renowned cryptography expert Bruce Schneier, acted as advisors on a new project called DiceKeys. If they weren’t brains enough, the driving force behind DiceKeys is Stuart Schechter, who has built a career on solving the problems of creating “usable” security. When working at Microsoft Research in 2008, Schechter started looking at the problem of account recovery. “My colleagues and I did the research that debunked the ‘secret’ security questions that were the primary means of account recovery at the time,” he told me. That proved to be the impetus for, a decade on, the DiceKeys product ( dicekeys.com) that Schechter has created at the same time as teaching usable privacy and security as part of the University of California, Berkeley’s master’s programme in cybersecurity.
DiceKeys, like all of the best security solutions that use complex methods, is deceptively simple. First, you roll 25 dice, each with a letter, a digit and an orientation that’s relative to the box you put them in. This box “traps” the dice into a locked-down grid that you can use to create a backup security key with 196 bits of entropy. Not only that, but this key can then be used to generate a secure master password that can be recreated repeatedly. Schechter likens 196 bits of entropy, in terms of the possible number of keys that can be generated, to roughly the number of atoms within 4,000 solar systems – or, as I like to call it, “a lot”.
So, you roll the dice. Which in and of itself is something that math bods will tell you isn’t truly random. Or, at least, isn’t most of the time due to the bias of each individual die as a result of the manufacturing process and the, possibly subconscious, bias when we roll them. For most people, most of the time, I wouldn’t worry too much about this, though. If the idea that you might be diluting the randomness (and you really aren’t in any meaningful real-world way) then put the dice in pint glass or large mug, place your hand over the top and “bounce” the thing three times so that the dice are juggled before then pouring out into the box. Once the DiceKeys box is snapped shut, your grid is formed.
This is your very-random-indeed basis for a cryptographic key, with those 196 bits of entropy, that can be used to generate your master password. By scanning the dice grid with your smartphone or laptop via an app, the cryptographic key is created. It looks at the letters, digits and both position and orientation within and relative to the grid to make the magic happen. The app will then generate a long, complex and random passphrase, which isn’t stored (nor is the key) within the app, online or on the smartphone. If you need it again, just scan the box and hey presto. DiceKeys doesn’t start shipping until January 2021, but you can jump in and preorder a $25 set via the Crowd Supply funding site at crowdsupply.com/ dicekeys.
“It’s roughly the number of atoms in 4,000 solar systems – or, as I like to call it, ‘a lot’”
The idea is that the popular password manager solutions will add support for the open-source DiceKeys API to enable them to derive the “private secret” from the grid without seeing the cryptographic key itself. There’s already support for writing to hardware two-factor authentication keys using the also open-source SoloKey, which can be bundled with DiceKeys at Crowd Supply. Lose or break that physical two-factor authentication key, always a worry and why those of us using them always invest in at least one spare to be kept safely under lock and key, and you have an easy way to seed a replacement module. I liked the concept so much, and the gravitas of the people behind this, that I ordered my DiceKeys on day one.
You may well be thinking, “hold on a minute, how is this any different from using a random password generator, setting the length to 50, and writing the result down on a piece of paper?” Fair comment, and one
I’ve had thrown in my direction from more than one person when I’ve started talking about DiceKeys. First things first: I’d be willing to bet that the password or passphrase in question likely isn’t going to be based on a cryptographic key with 196 bits of entropy. Even if it were, then as Schechter says, “human error rates for reading/writing 196 bits are nonnegligible, and data encrypted with the wrong key is unrecoverable”.
Then there are the physical qualities of both ink and paper, which can degenerate over time, or if wet or… you get the idea.
Finally, there’s the grid box itself: surely this beco mes the weak link if someone gets hold of it? To counter this, numerous and ingenious options have been suggested in various discussions. These include making an easy-to-remember substitution by swapping, say, two dice or changing the orientation of certain dice by a quarter or half turn. Rather more time-consuming and, I suspect, less secure would be to create a humongous photo album of different grid images, which you keep stored safely, and only you know which one is the real key. davey@happygeek.com