Good Passwords, Bad Passwords, and How to See the Difference David - - PowerPoint PPT Presentation

good passwords bad passwords and how to see the difference
SMART_READER_LITE
LIVE PREVIEW

Good Passwords, Bad Passwords, and How to See the Difference David - - PowerPoint PPT Presentation

Sep 02, 2022 17 likes •447 views

Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of Information Technology Uppsala University, Sweden 20. January 2020 Caveat Auditor Background Passwords this talk contains opinions Diceware

slide-1
SLIDE 1

Good Passwords, Bad Passwords, and How to See the Difference

David Klaftenegger

Department of Information Technology Uppsala University, Sweden

  • 20. January 2020
slide-2
SLIDE 2

Background Passwords Diceware Questions Overture

Caveat Auditor

this talk contains opinions my opinions not the university’s nor do I claim to be an expert ... so expect some imprecision and errors

20 Jan 2020 Passwords @ Cryptoparty

  • 2 -

David K

slide-3
SLIDE 3

Background Passwords Diceware Questions Overture

What’s the problem?

Why use passwords?

20 Jan 2020 Passwords @ Cryptoparty

  • 3 -

David K

slide-4
SLIDE 4

Background Passwords Diceware Questions Overture

What’s the problem?

Why use passwords?

protect accounts

20 Jan 2020 Passwords @ Cryptoparty

  • 3 -

David K

slide-5
SLIDE 5

Background Passwords Diceware Questions Overture

What’s the problem?

Why use passwords?

protect accounts (so that I can’t use them)

20 Jan 2020 Passwords @ Cryptoparty

  • 3 -

David K

slide-6
SLIDE 6

Background Passwords Diceware Questions Overture

What’s the problem?

Why use passwords?

protect accounts (so that I can’t use them) protect against

  • your ex?
  • your coworkers?
  • police?
  • nation state attackers?

20 Jan 2020 Passwords @ Cryptoparty

  • 3 -

David K

slide-7
SLIDE 7

Background Passwords Diceware Questions Overture

What’s the problem?

https://www.xkcd.com/538/ https://creativecommons.org/licenses/by-nc/2.5/

20 Jan 2020 Passwords @ Cryptoparty

  • 3 -

David K

slide-8
SLIDE 8

Background Passwords Diceware Questions Overture

What’s the problem?

Why use passwords?

protect accounts (so that I can’t use them) protect against

  • your ex?
  • your coworkers?
  • police?
  • nation state attackers?

This talk

people who know you well computers guessing very quickly not: people willing to hurt you not: attackers with other access

20 Jan 2020 Passwords @ Cryptoparty

  • 3 -

David K

slide-9
SLIDE 9

Background Passwords Diceware Questions Overture

Bad Passwords

Only I myself know how the password is chosen!

20 Jan 2020 Passwords @ Cryptoparty

  • 4 -

David K

slide-10
SLIDE 10

Background Passwords Diceware Questions Overture

Bad Passwords

Only I myself know how the password is chosen!

The town I live in My birthplace, a special character, and two numerals "onetwothreefourfivesixseveneight" "41229411121620514577518"

20 Jan 2020 Passwords @ Cryptoparty

  • 4 -

David K

slide-11
SLIDE 11

Background Passwords Diceware Questions Overture

Bad Passwords

Only I myself know how the password is chosen!

The town I live in My birthplace, a special character, and two numerals "onetwothreefourfivesixseveneight" "41229411121620514577518"

Security by obscurity

20 Jan 2020 Passwords @ Cryptoparty

  • 4 -

David K

slide-12
SLIDE 12

Background Passwords Diceware Questions Overture

Bad Passwords

Only I myself know how the password is chosen!

The town I live in My birthplace, a special character, and two numerals "onetwothreefourfivesixseveneight" "41229411121620514577518"

Security by obscurity

When someone knows how you construct your password it is trivial to guess it Therefore the password should be chosen randomly

20 Jan 2020 Passwords @ Cryptoparty

  • 4 -

David K

slide-13
SLIDE 13

Background Passwords Diceware Questions Overture

Choosing Passwords

How to choose good passwords?

(audience suggestions)

20 Jan 2020 Passwords @ Cryptoparty

  • 5 -

David K

slide-14
SLIDE 14

Background Passwords Diceware Questions Overture

Choosing Passwords

https://www.xkcd.com/936/ https://creativecommons.org/licenses/by-nc/2.5/

20 Jan 2020 Passwords @ Cryptoparty

  • 5 -

David K

slide-15
SLIDE 15

Background Passwords Diceware Questions Overture

Good Passwords

Gold Standard

I tell you exactly how I choose my password You still cannot guess it before we’re all dead

20 Jan 2020 Passwords @ Cryptoparty

  • 6 -

David K

slide-16
SLIDE 16

Background Passwords Diceware Questions Overture

Good Passwords

Gold Standard

I tell you exactly how I choose my password You still cannot guess it before we’re all dead

Entropy means using randomness

have a random number generator

20 Jan 2020 Passwords @ Cryptoparty

  • 6 -

David K

slide-17
SLIDE 17

Background Passwords Diceware Questions Overture

Good Passwords

Gold Standard

I tell you exactly how I choose my password You still cannot guess it before we’re all dead

Entropy means using randomness

have a random number generator use it until you have a secure password

20 Jan 2020 Passwords @ Cryptoparty

  • 6 -

David K

slide-18
SLIDE 18

Background Passwords Diceware Questions Overture

Good Passwords

Please bear with me it’s just an example

1

20 Jan 2020 Passwords @ Cryptoparty

  • 7 -

David K

slide-19
SLIDE 19

Background Passwords Diceware Questions Overture

Good Passwords

Please bear with me it’s just an example

15

20 Jan 2020 Passwords @ Cryptoparty

  • 7 -

David K

slide-20
SLIDE 20

Background Passwords Diceware Questions Overture

Good Passwords

Please bear with me it’s just an example

151

20 Jan 2020 Passwords @ Cryptoparty

  • 7 -

David K

slide-21
SLIDE 21

Background Passwords Diceware Questions Overture

Good Passwords

Please bear with me it’s just an example

1512

20 Jan 2020 Passwords @ Cryptoparty

  • 7 -

David K

slide-22
SLIDE 22

Background Passwords Diceware Questions Overture

Good Passwords

Please bear with me it’s just an example

15124

20 Jan 2020 Passwords @ Cryptoparty

  • 7 -

David K

slide-23
SLIDE 23

Background Passwords Diceware Questions Overture

Good Passwords

Please bear with me it’s just an example

151245

20 Jan 2020 Passwords @ Cryptoparty

  • 7 -

David K

slide-24
SLIDE 24

Background Passwords Diceware Questions Overture

Good Passwords

Please bear with me it’s just an example

1512452

20 Jan 2020 Passwords @ Cryptoparty

  • 7 -

David K

slide-25
SLIDE 25

Background Passwords Diceware Questions Overture

Good Passwords

Please bear with me it’s just an example

15124524

20 Jan 2020 Passwords @ Cryptoparty

  • 7 -

David K

slide-26
SLIDE 26

Background Passwords Diceware Questions Overture

Good Passwords

Please bear with me it’s just an example

151245241

20 Jan 2020 Passwords @ Cryptoparty

  • 7 -

David K

slide-27
SLIDE 27

Background Passwords Diceware Questions Overture

Good Passwords

Please bear with me it’s just an example

1512452415

20 Jan 2020 Passwords @ Cryptoparty

  • 7 -

David K

slide-28
SLIDE 28

Background Passwords Diceware Questions Overture

Good Passwords

Please bear with me it’s just an example

1512452415263112214316331622221641

20 Jan 2020 Passwords @ Cryptoparty

  • 7 -

David K

slide-29
SLIDE 29

Background Passwords Diceware Questions Overture

Remembering Passwords

Now we have a good password

can’t remember that many numbers in order slow to type

20 Jan 2020 Passwords @ Cryptoparty

  • 8 -

David K

slide-30
SLIDE 30

Background Passwords Diceware Questions Overture

Remembering Passwords

Now we have a good password

can’t remember that many numbers in order slow to type

Diceware

transform numbers into words much easier to remember still equally hard to guess

20 Jan 2020 Passwords @ Cryptoparty

  • 8 -

David K

slide-31
SLIDE 31

Background Passwords Diceware Questions Overture

Diceware

Process

roll die five times write down results (in order) look up word in wordlist repeat until desired number of words

20 Jan 2020 Passwords @ Cryptoparty

  • 9 -

David K

slide-32
SLIDE 32

Background Passwords Diceware Questions Overture

Diceware

Process

roll die five times write down results (in order) look up word in wordlist repeat until desired number of words

Example

15124 52415

20 Jan 2020 Passwords @ Cryptoparty

  • 9 -

David K

slide-33
SLIDE 33

Background Passwords Diceware Questions Overture

Diceware

Process

roll die five times write down results (in order) look up word in wordlist repeat until desired number of words

Example

15124 52415 carrot rotunda

20 Jan 2020 Passwords @ Cryptoparty

  • 9 -

David K

slide-34
SLIDE 34

Background Passwords Diceware Questions Overture

Diceware

Process

roll die five times write down results (in order) look up word in wordlist repeat until desired number of words

Example

15124 52415 carrot rotunda 21146 11646 13351 56154

20 Jan 2020 Passwords @ Cryptoparty

  • 9 -

David K

slide-35
SLIDE 35

Background Passwords Diceware Questions Overture

Diceware

Process

roll die five times write down results (in order) look up word in wordlist repeat until desired number of words

Example

15124 52415 carrot rotunda 21146 11646 13351 56154 correct animal battery staple

20 Jan 2020 Passwords @ Cryptoparty

  • 9 -

David K

slide-36
SLIDE 36

Background Passwords Diceware Questions Overture

Diceware

Process

roll die five times write down results (in order) look up word in wordlist repeat until desired number of words

Example

15124 52415 carrot rotunda 21146 11646 13351 56154 correct animal battery staple 11512 45241 52631 12214 31633 16222 21641

20 Jan 2020 Passwords @ Cryptoparty

  • 9 -

David K

slide-37
SLIDE 37

Background Passwords Diceware Questions Overture

Diceware

Process

roll die five times write down results (in order) look up word in wordlist repeat until desired number of words

Example

15124 52415 carrot rotunda 21146 11646 13351 56154 correct animal battery staple 11512 45241 52631 12214 31633 16222 21641 ambiguity premium sampling apostle gallstone clumsily cursor

20 Jan 2020 Passwords @ Cryptoparty

  • 9 -

David K

slide-38
SLIDE 38

Background Passwords Diceware Questions Overture

Diceware

How secure is it?

20 Jan 2020 Passwords @ Cryptoparty

  • 10 -

David K

slide-39
SLIDE 39

Background Passwords Diceware Questions Overture

Diceware

How secure is it?(roughly)

dice rolls 10 nu- merals 26 letters 52 case- sensitive 88 with symbols diceware 5 4 3 2 2 1 word 10 8 5 5 4 2 words 15 12 8 7 6 3 words 20 16 11 9 8 4 words 25 19 14 11 10 5 words 30 23 16 14 12 6 words 35 27 19 16 14 7 words 40 31 22 18 16 8 words

20 Jan 2020 Passwords @ Cryptoparty

  • 10 -

David K

slide-40
SLIDE 40

Background Passwords Diceware Questions Overture

Diceware

https://www.eff.org/dice https://www.eff.org/files/2016/07/18/eff_large_ wordlist.txt https://en.wikipedia.org/wiki/Password_strength https://haveibeenpwned.com/

20 Jan 2020 Passwords @ Cryptoparty

  • 11 -

David K

slide-41
SLIDE 41

Background Passwords Diceware Questions Overture

Questions?

https://www.xkcd.com/1256/ https://creativecommons.org/licenses/by-nc/2.5/

20 Jan 2020 Passwords @ Cryptoparty

  • 12 -

David K

slide-42
SLIDE 42

Background Passwords Diceware Questions Overture

Use Different Passwords

https://www.xkcd.com/792/ https://creativecommons.org/licenses/by-nc/2.5/

20 Jan 2020 Passwords @ Cryptoparty

  • 13 -

David K

slide-43
SLIDE 43

Background Passwords Diceware Questions Overture

Use Different Passwords

Remember all these passwords?

always use a different password you only need one memorable password store the others in a password manager

20 Jan 2020 Passwords @ Cryptoparty

  • 13 -

David K