Good and Bad Passwords How-To

Administrators Can Use Automated Password Generators to Create Hard to Crack Passwords That Can Be Remembered

• The Administrator's Goals
• New Password.pl
• Pseudo Words

The Administrator's Goals

The obvious goal for an administrator is to keep intruders off his or her system. If this is not possible, then at least make the intruder work very hard to get on the system.

(Only a minority of illicit system access is via poor or cracked passwords. Most illicit access is via faulty system software, typically buffer overflow conditions, that allow a remote cracker to execute "arbitrary code" on the target system. The arbitrary code may be sufficient for the attackers purposes. If the attacker wants interactive access to the system, then the arbitrary code may be used to retrieve the password hash file so passwords in it can be cracked. Cracking success may then allow the cracker to login as root, or as another user who can su to root, and thus obtain complete access to the system. As this is a discussion of passwords, password strength, and password cracking, these other methods are not discussed here, but are addressed in other areas of this website.)

In all the discussion to this point, so that the effort required to crack the passwords could be estimated, we assumed that passwords were fully random or built according to one pattern or clearly defined set of patterns and that the intruder had the necessary information to build custom dictionaries matching the password patterns at the site being attacked.

Potential intruders should never know site password policies, and especially not password patterns if a pattern based password generator is used to supply or suggest user passwords; if potential intruders have such information someone is leaking what should be confidential information. It's very much in any site's interest not to let anyone outside know anything about their password policies. A site that has put strong password practices in place, may lose some of the advantage of these polices, if detailed knowledge of these policies is allowed outside the organization.

A site that has password policies, should inform all users of these policies, one of which should be that users never discuss system password or security policies with anyone outside the organization. Users should be informed that violation of such policies may result in disciplinary action which may range from reduction of system privileges to termination, as seems appropriate. Obviously this is possible only with the full backing of upper administration and cannot be imposed by the IT department.

There is nothing more advantageous to a site than to have a cracker working with the wrong assumptions regarding password's lengths or character set, because then the odds against the cracker become larger than they would have been otherwise. In other words, while the odds of cracking normal passwords are good and the odds of cracking strong passwords are very small, if the cracker is trying for passwords that are too short or contain insufficient character variety, they will never get any passwords.

Truly strong passwords will be of such length, character type diversity and structural diversity that even if an intruder has a pretty clear idea how a site creates passwords, the intruder won't be able to apply sufficient computing resources to crack the passwords in an acceptable time frame.

It's worth noting that passwords made from all one case letters should be perfectly acceptable; they just need to be about four characters longer than passwords containing characters drawn from the entire keyboard to have similar strength. As long as a password is not made from dictionary words, patterns or combinations of such, that might be predicted, there is no more likelihood that a 14 character, all lower case alphabetic password will be cracked than a 10 character password with diverse characters, even if the cracker knows someone or some site uses 14 character alphabetic passwords.

It makes a big difference whether you subscribe to the prevailing wisdom that an administrator needs to protect all the accounts on their systems or to mine, that trying to force ordinary users to use truly strong passwords is largely a lost cause and waste of time that could be better spent elsewhere. For those who wish to make the attempt, some of the tools to try to force users to create better passwords are discussed on the next page. The techniques available to ensure that all users have passwords in conformance with a policy may not be worth the drawbacks.

My goal is to give regular users reasonably decent but moderately easy passwords while forcing attackers to crack root and administrator passwords comparable in strength to 9 character and longer, diverse character set passwords. They can't do it with brute force and building custom dictionaries isn't much better.

There are more than 30 trillion possibilities with the original password.pl default settings. The custom dictionaries would take 300 terabytes or 9.5 CPU years (at 100,000 per second), assuming that the intruder knows this is how passwords are created at a site. Included among these are about 135 billion of the 809 billion two word, two non letter passwords previously discussed. Any generated password containing two words should automatically be discarded, keeping in mind that a weak password is weak regardless of how it was obtained. A password containing two alphabetic strings that are words is much weaker than a password with two arbitrary alphabetic strings of similar length.

The default behavior of the original password.pl displayed passwords of significantly varying strength. Of the ten displayed each time, usually one or more was seven characters with a digit in the middle and a capital in either or both of two positions. There would also normally be some ten character passwordswith three to five character alpha sequences, mixed case and both a digit and symbol in either order. If the second upper case letter was present it could be in any position from the fourth to the eighth character. The new version has more variability. Seven character passwords can be all lower case and the non letter may be either a symbol or digit. At the harder end both non letters may be symbols or digits.

The original password.pl anticipated that ordinary users would pick their passwords from the easier 7 and 8 character passwords and administrators would select harder 9 and 10 character passwords. After showing users good passwords, options to make them use them are limited. The simple checkers that force some degree of complexity will let some pretty poor passwords through. A checker that requires three of the four: 1) lower case, 2) upper case, 3) digit, 4) symbol, will let Attack1 through even though all three crackers discussed, using standard dictionaries and default rules, should have this in seconds.

If users use the easiest of the recommended passwords, we let enterprising crackers have these. If a cracker stays with standard dictionaries, they hopefully won't get any. Of course some users will insist on using bad passwords they weren't shown. If the cracker knows password.pl is in use and builds the custom 194 million word dictionary to match the default 7 character passwords, they'll get all the users who choose the very easiest passwords.

There is a big catch that works against the cracker. Without inside information, they can't know what the passwords look like even if they know the tool being used. They can't know if the minimum length has been upped to 8; there are 36 billion possible 8 character passwords with the default patterns. They can't know if the mixed case option was set. This generates true random case letters in all positions and discards any resulting password that comes out all upper or lower case by chance. They can't know the source hasn't been altered to create other variations.

New Password.pl

The State Department password generator created passwords that conformed to a single character pattern, cvcddcvc, in the notation that we'll be using from now on. The first password.pl included this and a limited number of user controllable variations from the base pattern. The new password.pl allows the user to define almost any imaginable character pattern and to control variation from the base pattern to almost any degree.

See pattern formation in the password.pl instructions for the definitions of pattern characters and the resulting output in the generated passwords.

The 0, 1 and 2 - 9 qualifiers provide three different methods of generating pattern variations. A pattern variation is basically two or more fixed sequence patterns that can be generated from a single control pattern. The user can change the probabilities that control the relative frequencies of each fixed pattern.

We'll examine two examples to help make this clear. Perhaps the simplest variation of the State Department pattern is cvcdd0cvc. The 0 makes the second digit optional. There are two fixed patterns that can result: cvcdcvc and cvcddcvc. The default probability for the second digit is .25. This is called "Zero odds" on the password.pl form. Thus, approximately three fourths off the generated passwords will match the shorter and one fourth the longer pattern.

The default pattern of the new password.pl is Cc0vcc0n2Cc0vcc0.This defines a mixed case consonant followed by an optional lowercase consonant followed by a lower case vowel and consonant and another optional lower case consonant. In the middle is n2 which means one or two non alphabetic characters, i.e. digits or symbols which is used here to include punctuation characters. The part after n2 duplicates the first part of the pattern. n2 is different than nn0 only in the probability of two characters being output.

There is an additional restriction that comes into play. "Maximum zero Characters" is defaulted to 2 so that no more than 2 of the c0 characters will ever be output. Because the odds are only .25 for any one, this won't affect most of the generated passwords but it does have an important effect. If the first alpha character sequence is 5 characters, the second can never be longer than three. If the first alpha character sequence is 4 the second can never be longer than 4.

Whenever the Maximum zero characters is less than the actual number of characters followed by a 0 in the controlling pattern, the maximum puts an upper limit on the diversity of the generated passwords. It prevents the longer more complex, fixed character patterns from ever being displayed.

There are 22 possible fixed character patterns that can be generated from the default controlling pattern: CvcnCvc, CcvcnCvc, CvccnCvc, CvcnCcvc, CvcnCvcc, CvcnnCvc, CcvccnCvc, CcvcnCcvc, CcvcnCvcc, CvccnCcvc, CvccnCvcc, CvcnCcvcc, CcvcnnCvc, CvccnnCvc, CvcnnCcvc, CvcnnCvcc, CcvccnnCvc, CcvcnnCcvc, CcvcnnCvcc, CvccnnCcvc, CvccnnCvcc, CvcnnCcvcc.

The shortest possible pattern is 7 characters and the longest 10, which match the default password length settings. The minimum could be decreased or the maximum increased without affecting any of the possible patterns. If the minimum is increased or the maximum decreased the output password patterns would definitely be affected. Increasing the minimum to 8 would have the effect of discarding CvcnCvc as a possible pattern.

Decreasing the maximum to 9 would eliminate three patterns: CvcnnCvcc, CcvcnnCvcc and CvccnnCvcc. These would be truncated by one character but the truncated result already exists as a pattern. It would also truncate three other patterns into new patterns: CcvcnnCcvc becomes CcvcnnCcv, CvccnnCcvc becomes CvccnnCcv and CcvccnnCvc becomes CcvccnnCv. Each of the three new patterns has 21 times less possible combinations than the replaced pattern.

The number of possible passwords that a specific controlling pattern can generate can be calculated by adding the number of possibilities contained in each of the fixed character patterns that can be generated from the controlling pattern. The number of possibilities in a fixed character pattern is the product of the number of characters that may appear at each position in the pattern. The default password.pl pattern contains more than 147 trillion possibilities. Truncating the default pattern to 9 characters reduces the possibilities to 11.2 trillion. What pattern character or characters are truncated has a significant impact on the number of possibilities removed. Truncating an "A" which represents 94 characters on the keyboard has a much larger impact than a "v" which represents only 5 possibilities.

The current password.pl contains three options for adding variability to the patterns which the resulting passwords match. The first that's already been described is a zero following a pattern letter. The default settings provide a way to introduce relatively subtle and controlled variations into a control pattern. Raising the maximum zero characters or odds will create a higher degree of variability.

A 1 following a character will cause password.pl to output one or more of the preceding character (provided the maximum password length has not yet been reached). See One odds password.pl instructions. A small increase in the value of "One odds" will substantially increase the number of long sequences even though most will still be short (1 - 4 characters).

Use of the 1 qualifier will pretty much assures that unless the maximum length is very long, some passwords will truncate and truncation creates variation in the output patterns. Used only at the right end of a password, normally only the characters output by the pattern character modified by the 1 will be truncated.

Used anywhere else in the password, the output strings created by the 1 quantifier will occasionally push everything following them past the maximum length. For example, any pattern that starts with 'l1' (a lower case letter l followed by the digit one) and a length range of 7 to 10, will occasionally generate a password consisting solely of ten letters, regardless of what pattern control characters follow the 'l1'. Such a password will be displayed unless the force mixed case, force digit or force symbol options cause such passwords to be discarded

A 2 thorough 9 following a pattern character will generate variable length string that is much more controllable than those created by the 1 option. The 2 through 9 set an upper length limit and the 2 thorough 9 odds allow the results to be biased toward the long or short possibilities. The default odds get a pretty even distribution of strings from the shortest to the longest.

Increasing the 2 through 9 odds (default .5) will cause the shorter sequences to be over represented and the longer sequences under represented. Decreasing this number will do the reverse, over representing the long sequences and under representing the short sequences. Odds equal 1 will prevent a second character of a 2 character sequence from ever appearing and eliminate the longer sequences from the higher control numbers. Odds equal 2 will reduce 2's and 3's to one character sequences and a 9 to a 1 to 4 character sequence. Odds equal .1 will grossly over represent the longest sequences for all control numbers without quite eliminating the shortest. Set the minimum password length to 1 and experiment with d1, d5 and d9 as the complete control pattern and vary odds to see the effects.

Pseudo Words

Pronounceability makes passwords much easier to remember. With password.pl, the 'cvc' pattern produces mostly pronounceable sequences. A significant percent are real words. With two of these in a complete pattern, getting two real words in one password is rare but happens. Many of the 'ccvc' and 'cvcc' sequences are pronounceable and a few are words. Many of these are not pronounceable however. Part of using an automated password generator is learning to pick results that are strong but still sufficiently pronounceable or having other characteristics that aid memory. Conforming to a general structural pattern should be some help.

It is not necessary that passwords be generated randomly or picked randomly from the displayed results. What matters is that there is no way to reliably create the exact character sequence, using the known or foreseeable cracking techniques, without generating huge custom dictionaries. Further, the cracker needs to know the pattern or patterns used, if he or she is to build the right dictionaries. This was the main weakness of the original password.pl. The basic pattern set was rather limited. Also, while the cracker couldn't be sure what the resulting passwords looked like, experience tells us there is a strong tendency to stay with default settings.

The user now has full control over general nature of the output passwords and the tools to build word like patterns or fully random character sequences. GET's were deliberately used for the CGI form, so that once new settings were found that satisfy a user's idea of what passwords should look like, they can be book marked and reused at will. Note the current site lacks an SSL option so generated passwords could theoretically be intercepted by a third party; also password.pl could be written to log generated passwords and the requesting IP address. You need to assess these possible drawbacks and compare them to password generators that you can run locally on your system. A "freeware" generator for which you do not have the source code could transmit generated passwords (or any local system data to which you have access) back to an unknown remote site. Certain firewalls and privacy products could prevent this or alert you if it was attempted.

An important departure from the previous password.pl is that multi character sequences can be generated from a single pattern control character, specifically 'w', 'W', 'e' and 'E'. These represent two and three character consonant sequences that commonly begin and end words, in addition to single consonants.

A collegiate dictionary was examined to find as many of these as practical. There are roughly one hundred entries in both the word beginning, 'w', and word ending, 'e', sequences. There are twice that number in the mixed case counterparts. In the mixed case versions, upper case letters only appear in the first 'W' character or the last 'E' character.

Though these multi character sequences significantly increase the number of passwords generated by a fixed length pattern, the increase is not close to the number that two additional independent consonants would generate. The numbers are 100 instead of 21 for 'w' and 'e' where these replace a 'c' and 200 instead of 42 for 'W' and 'E' where these replace a 'C'. Two extra independent consonants would be 21 * 21 * 21 or 42 * 21 * 21, using comparable case variations. The impact on the cracker is probably greater than it might seem, because depending on which sequence starts any password, following characters may be moved by one or two characters.

Some of the additional word like patterns are: wve, wvc, cve, wvv0e or wv2e, cvv0c or cv2c, cvcvc, wveve, wv2ev2e, cv2cv2c, c2v2c2, c2v2c2v2c2. All of these can create pronounceable sequences or complete gibberish. Pick ones you can remember. 'Wve' can produce three to seven character sequences; 'wv2ev2e' can be from 5 to 13 characters. Some sequences like 'evw' and 'EvW' make little sense; they will produce patterns unlike any others but they are not likely to be useful creating passwords that are much more memorable than random sequences. If you want randomness (including digits, symbols, and punctuation as well as letters) use 'a' for lower case and 'A' for complete randomness, including mixed case.

As indicated before, there is nothing wrong with putting either or both one or more digits or symbols at either end of these. Don't confuse an arbitrary string of letters preceded or followed by digits and or symbols with dictionary words preceded or followed by digits and or symbols. The sample control patterns on the current password.pl, place digits and symbols in every possible character position from 1 through the last which is about 15 and include character type sequences from one up to about ten of the same type. Without knowing exactly what pattern was used to create a specific password (or all the passwords at a site), it's of no practical value to a cracker to know that some patterns put 2 or three character digit sequences after alphabetic sequences.

Though 'WvE' can vary from 3 to 7 characters I would not be comfortable with WvEsd and the default length of 7 to 10 because it forces the 'WeV' sequence to provide 5 characters. Every result will draw from the either or both multi consonant sequences and be a lot less random than appearance of the resulting passwords suggests. The randomness would be more representative of a five character password than the physical 7 to 9 character results. There will be dictionary words with an appended symbol and digit among the results.

I would be quite comfortable with WvEs2d1 as there are now four pieces supplying optional extra length and each has the potential of providing it's full range of diversity. Nearly all the passwords from this second pattern are strong but it will very occasionally create a dictionary word followed by a single punctuation then digit. After about 15 minutes of trying, 'bully>5' was created. Crack and John the Ripper would probably miss it but L0phtCrack would get it on NT in less than a minute if the full character set was used in the "hybrid attack". A poor password remains a poor password no mater how it's obtained.

Top of Page - Site Map

Copyright © 2000 - 2014 by George Shaffer. This material may be distributed only subject to the terms and conditions set forth in http://GeodSoft.com/terms.htm (or http://GeodSoft.com/cgi-bin/terms.pl). These terms are subject to change. Distribution is subject to the current terms, or at the choice of the distributor, those in an earlier, digitally signed electronic copy of http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the time of the distribution. Distribution of substantively modified versions of GeodSoft content is prohibited without the explicit written permission of George Shaffer. Distribution of the work or derivatives of the work, in whole or in part, for commercial purposes is prohibited unless prior written permission is obtained from George Shaffer. Distribution in accordance with these terms, for unrestricted and uncompensated public access, non profit, or internal company use is allowed.