Please don't panic...OK, panic.
March 3, 2013 8:18 AM   Subscribe

Nothing to see here, but could you _all_ change your passwords? Yup, if you're using Evernote you should really reset your password. Says who? Why, Evernote itself. It looks like they've had a tiny security issue...They say that there is "no evidence that any of the content you store in Evernote was accessed, changed or lost and [...] no evidence that any payment information [..] was accessed". But just to be on the safe side...50 millions users should reset their passwords.
posted by MessageInABottle (118 comments total) 12 users marked this as a favorite
 
Eponysterical FPP but to the point, this has made me question the overwhelming cheers of "cloud, cloud, cloud" I hear all the time when trying to speak up.
posted by infini at 8:21 AM on March 3, 2013 [17 favorites]


It seems appropriate to link in this blog post from yesterday and it's relevant Hacker News thread as well.
posted by trackofalljades at 8:22 AM on March 3, 2013 [2 favorites]


Dammit. I love Evernote and want to use it to organize all kinds of deeply sensitive stuff. Not pleased if someone can just go on there and yoink my pre-OCR'd bank documents.
posted by grobstein at 8:25 AM on March 3, 2013 [1 favorite]


Unfortunately, it seems there are now only two kinds of web sites: Those that have been hacked, and those that will be.
posted by gwint at 8:26 AM on March 3, 2013 [28 favorites]


there are now only two kinds of web sites: Those that have been hacked, and those that will be.

This has always been true, just not everyone realized it. Most people still don't.

this has made me question the overwhelming cheers of "cloud, cloud, cloud"

Your options are either to have your site get hacked, or have someone else's site with your data on it get hacked. You can debate the merits of either of these, but the option of "have your site not get hacked" does not exist.
posted by kiltedtaco at 8:30 AM on March 3, 2013 [19 favorites]


"now" there are only two kinds of websites? that's how it's always ever been. it's just that typical users now have to care more about this kind of thing.

didn't seem like this breach was too horribly bad - obviously it was, but as reported all they got was the user database essentially and the password information was encrypted well so it's more of an inconvenience than anything. I did find it funny that I heard about this on various other sites maybe a day or two ago and just today got the official notice from Evernote..
posted by mrg at 8:31 AM on March 3, 2013 [1 favorite]


Dammit. I love Evernote and want to use it to organize all kinds of deeply sensitive stuff. Not pleased if someone can just go on there and yoink my pre-OCR'd bank documents.

This seems unfair, as they said nobody's actual data was leaked, so unless you think they're flat-out lying, which I doubt, this hasn't happened. And, as gwint says, eventually everyone gets hacked. This is the same sort of leak that gawker, Sony, and LinkedIn have all had recently.
posted by tylerkaraszewski at 8:32 AM on March 3, 2013 [3 favorites]


Yeah, to clarify, I'm not worried that I've already lost sensitive info. I'm worried that I've been put on notice that this is a bad place to put my sensitive info.

Curious if there is a good high-security competitor to Evernote, or if there is an Evernote-like service I can run on my own that might be safer.
posted by grobstein at 8:34 AM on March 3, 2013


There are now only two kinds of web sites: Those that have been hacked, and those that will be.

That is as informative as saying there are only two kinds of windows: Those that have been broken, and those that will be. There are only two kinds of socks: Those with holes, and those that will have holes. There are only two kinds of bananas: Those that have turned brown, and those that will.

After Tacoma Narrows no one declared, "There are now only two kinds of bridges. . ."

Everything fails, but, thankfully, there are only two kinds of failure: Those that inspire truisms, and those that don't.
posted by TwelveTwo at 8:38 AM on March 3, 2013 [45 favorites]


This is the same sort of leak that gawker, Sony, and LinkedIn have all had recently.

But for the fact that Evernote used responsible security practices and the others didn't, to my recollection of those incidents.
posted by Inspector.Gadget at 8:40 AM on March 3, 2013 [4 favorites]


Well, that explains why my Evernote was not accepting my password just now.

Also realizing I need to up my game with respect to the actual passwords I use.
posted by dry white toast at 8:44 AM on March 3, 2013 [1 favorite]


This is not really a panic level event. The password store that was accessed is long unique salted, then MD5 hashed. Under most circumstances, that means the vanilla password is not worth the effort to recover, especially if it was not a short dictionary word or the like - the long salt means each password will have to be cracked individually, and the longer the original password, the longer that will take.

Given the forced password change, and that underlying passwords are hard to recover, it's extremely unlikely the hackers have gained access to your evernote store in the timeframe available. Unless they were after very specific accounts, and you happened to be one of those, you can basically not worry about the security of your notes.

It's not great that evernote got hacked, obviously, but they appear to have done a lot of things right, and they've done the right thing with prompt notification, and successfully protected the most important data.

On the other hand; your email was leaked in the clear. You may get more phishing email and spam in the future. If you used the evernote password elsewhere, especially if it was short (8 characters or less) then at a future point it may eventually be retrieved, and tried against other places - this especially applies if you used the same password for the email address you used. Don't do that.

Take the opportunity to switch to lastpass, onepass, keepass or the like and have unique passwords for each service - keep only three passwords in your head; one master password, one for your email, and one for banking. My evernote password has changed from one unique 16 char random string to another, and I don't care in the slightest if the old one eventually gets broken as it's totally useless to them.
posted by ArkhanJG at 8:50 AM on March 3, 2013 [35 favorites]


How am I supposed to reset if I can not log in?
posted by InkaLomax at 8:53 AM on March 3, 2013


It seems appropriate to link in this blog post from yesterday

The author falls into the common trap of worrying about whether the strongest pieces of security are strong enough, rather than the far more important but difficult question of asking how strong are the weakest points. Unfortunately, you can't write a blog post about some employee's friend's malware-infested laptop on the network that was just visiting for a day, so I guess we might as well focus on whether we need 64 bit or 128 bit encryption instead.

We didn't start rubbing our hands after Tacoma Narrows

Tacoma Narrows was an isolated incident, which is why we all know it (well, and it was filmed). The point of the truism is to get people to stop thinking that websites getting hacked are each isolated incidents that surely their superior security practices would have prevented, and realize that the state of computer security is ubiquitously bad.
posted by kiltedtaco at 8:53 AM on March 3, 2013 [5 favorites]


Unfortunately, it seems there are now only two kinds of web sites: Those that have been hacked, and those that will be.

My website isn't interesting enough to get hacked. :(
posted by mazola at 9:08 AM on March 3, 2013 [3 favorites]


Inkalomax: If you log in to the web client with your current password, it should ask you to reset your password there. Then it's a matter of logging back in with the new password on your Evernote-enabled devices.

(I should use Evernote more, but my local solution is a Livescribe pen for note-taking and voice recording, and Scrivener for websites and typed notes. I should regularly drop those into a Truecrypted drive and put them into cloud storage, but am bad at remembering...)
posted by running order squabble fest at 9:12 AM on March 3, 2013


> How am I supposed to reset if I can not log in

Log in once on the website with your old password -- it should still work -- and then change the password, as you'll be prompted to do.

(And then guess what, there's an update! As there is every freaking time I open it on my computer!)
posted by The corpse in the library at 9:12 AM on March 3, 2013 [2 favorites]


My website isn't interesting enough to get hacked. :(

Not by chinese govenment sponsored hackers maybe, but automated scanning tools abound these days, seemingly as drop spots for spammer's webpages and the like, as well as infection points for visitors. If you don't keep up to date with software patches, and sometimes even if you do (such as recent rails and java exploits) you may well get infiltrated eventually by some script.
posted by ArkhanJG at 9:13 AM on March 3, 2013


That is as informative as saying there are only two kinds of windows: Those that have been broken, and those that will be. There are only two kinds of socks: Those with holes, and those that will have holes. There are only two kinds of bananas: Those that have turned brown, and those that will.

If you can just take the next step to "The nature of life is inherently unsatisfactory," you will be getting somewhere!

(except there is no somewhere, and no getting)
posted by GenjiandProust at 9:20 AM on March 3, 2013 [8 favorites]


TwelveTwo: "That is as informative as saying there are only two kinds of windows: Those that have been broken, and those that will be. There are only two kinds of socks: Those with holes, and those that will have holes. There are only two kinds of bananas: Those that have turned brown, and those that will."

This is kind of interesting when you look at it from information perspective and entropy. First, you have this binary dichotomy, and you have the two states (0, 1) representing information and the disorganization of information (decay). You have a WHOLE thing, put together, then you have the disorganized, broken thing, as part of a process of decay. Then of course you talk servers and hacking and being broken, and you are dealing with systems that utilize information theory and binary digits in their actual workings, and you have entropic actions occurring on a different level. Of course, is it really entropy when it takes energy to go in to a server and hack it? I suppose that's the opposite of entropy as it means it's more of an open system. Entropy in this case would be more like bit-rot. So, I guess perhaps, the information theory/entropy comparison maybe isn't as apt as I thought it to be, so... Thanks for nothing, symbioid.
posted by symbioid at 9:22 AM on March 3, 2013 [1 favorite]


Take the opportunity to switch to lastpass, onepass, keepass or the like

Been thinking of switching to one of these, but having a tough time choosing. Which is:
  • Least inexpensive
  • Supports the most platforms with native client app (IOS, Win, Mac, Linux, OS/2, etc..)
  • Has a widely adopted API
  • Can use other APIs (Dropbox, iCloud, Gooogle Drive, Spideroak)
posted by wcfields at 9:26 AM on March 3, 2013


My website isn't interesting enough to get hacked. :(

Eh. My portfolio site (which got maybe 100 visits in a year) got hacked 3 times in the past year. There was nothing interesting there, just links to some of my writing and such, nothing remotely approaching personal information, but apparently it's worth hacking thrice for some reason.
posted by Ghostride The Whip at 9:28 AM on March 3, 2013 [1 favorite]


When governments compete to create a marketplace for software exploits, you win!

Ok, there's always been a marketplace, but the extra funding doesn't help.
posted by RobotVoodooPower at 9:38 AM on March 3, 2013 [1 favorite]


This is not really a panic level event. The password store that was accessed is long unique salted, then MD5 hashed.

Why is someone still using MD5 for password hashing in 2013? Is it laziness or stupidity?
posted by ryoshu at 9:43 AM on March 3, 2013 [3 favorites]


> > How am I supposed to reset if I can not log in
Log in once on the website with your old password -- it should still work -- and then change the password


This didn't work for me when I tried it last night; it kept asking for my new PW and would not accept the old one. I ended up going through the "forgot my password" process, which allowed me to set a new one. (Safari 5.1.7 on OS 10.6.8, FWIW)
posted by Quietgal at 9:43 AM on March 3, 2013


wcfields: I've been extremely pleased with onepassword's functionality (I use it on my iPhone and Windows 7 PC, synced using the dropbox API). It's 50 bones which is kinda steep but it doesn't have any of those pesky subscription fees or anything and has great support.
posted by anewnadir at 9:48 AM on March 3, 2013


wcfields: I use 1Password exclusively, but it's probably the most expensive of the options there; the iOS app costs, the OSX app costs, and (presumably) the Windows app costs. That said, it's worth every penny, and if they ever release a Linux app or a pure Firefox/Chrome solution that doesn't depend on the app itself being installed, I'll be all over that too.
posted by ChrisR at 9:53 AM on March 3, 2013 [2 favorites]


Evernote's been pretty great at handling this kind of thing in the past. I remember a few years ago, I got an email out of the blue saying basically "SOME of our servers have been compromised in a relatively harmless way, and although it's unlikely and we're totally not sure, your account MAY have been one of the ones POTENTIALLY involved with those servers, so have a free year of Evernote premium on us for something that probably never even affected you anyways."
posted by jason_steakums at 10:11 AM on March 3, 2013


And cloud cloud cloud? Unless you keep your data on a system with no Internet connectivity, your local computers are vulnerable too. Even if you think you've got nothing of interest to anyone that makes it worth having a go, you own a useful net-connected node that is worth compromising in order to attack other systems.

Fraud, compromise and theft of secure systems has been going on since the first priest of the first temple was blackmailed to leave the back door to the temple open at the next new moon. Even if we invent a system that one hundred percent guarantees that access to data can only be achieved by the registered and unambiguously identified owner, that owner can be misled or traduced. And the level of system awareness of our identities that such security implies would itself be a security risk to ourselves, our data and our freedom of action.

However online security evolves, the myth of perfect safety will not be achieved - perhaps by some very significant margin. We're going to have to evolve our entire concept of personal and corporate data, how it's used and what it means, and that will be a most interesting process.
posted by Devonian at 10:12 AM on March 3, 2013


Take the opportunity to switch to lastpass, onepass, keepass or the like and have unique passwords for each service - keep only three passwords in your head; one master password, one for your email, and one for banking. ...
posted by ArkhanJG at 10:50 AM on March 3

Just curious -- why would I keep three passwords in my head if I am using LastPass, why not just keep LastPass master password in memory, use it to create and then keep passwords to email and banking and wherever else. Probably there's some really solid, simple reason to what you're up to, I just don't see it is all.
posted by dancestoblue at 10:15 AM on March 3, 2013


Unless I can find a huge text file that has my username / password in it (like when Gawker got hacked a while ago), I am nowhere near panic levels.

Ever since moving to 1Pass, I think of passwords as just meaningless randomly generated long tokens that I have to type in every now and then.

I found it more annoying that my mobile phone carrier has a 12-character limit on my online password, rejecting my 21-character randomly generated string, all the while lecturing me to provide a "strong" password that includes capital letters.
posted by meowzilla at 10:17 AM on March 3, 2013 [3 favorites]


Lastpass running in Firefox/Palemoon on desktop and laptop has been invaluable for me. It's free and it looks like it runs on just about everything. That said, to get it to run on anything other than a laptop and desktop (ie iPhone and Blackberry) you need to upgrade to premium for $1 a month.
posted by urbanwhaleshark at 10:18 AM on March 3, 2013


That is as informative as saying there are only two kinds of windows: Those that have been broken, and those that will be. There are only two kinds of socks: Those with holes, and those that will have holes. There are only two kinds of bananas: Those that have turned brown, and those that will.

Sorry if my original comment came off as pithy, I was going more for "resigned"

I don't think most people thought about websites in the same terms as socks and bananas, that is, given enough time, they'll all go bad. But that notion is changing, because it's true-- and it's a sad realization to make.
posted by gwint at 10:25 AM on March 3, 2013


Mostly irrelevant: I was using Lastpass for a while, then the master password stopped working and I just said "fuck it" and didn't bother to recover. I guess a cosmic ray hit a hard drive platter somewhere and flipped a bit, 'cause I know my master password was my master password, and it just pissed me off so much that I threw up my hands.

This is only the second time in my life that a seemingly-known password has quit working. The other was a root password on an old Mandrake Linux box back in the day.
posted by laconic skeuomorph at 10:57 AM on March 3, 2013


People who say the cloud isn't safe remind me of people who say that the bus is less safe than the car.
posted by zoo at 10:59 AM on March 3, 2013


Your options are either to have your site get hacked, or have someone else's site with your data on it get hacked.

You can also just not put your data on the web in the first place. We all still have PCs, right?

As far as I'm concerned putting data on the web is publishing it, and security settings are just a sort of anti-advertising that makes your act of publication less obvious. But once you've sent your data to someone else's server, it's out of your control and from then on you can never guarantee that it has not been misused.
posted by Mars Saxman at 11:00 AM on March 3, 2013


Mars Saxman : And that's why should keep your money hidden under your mattress, and not in the bank. Where essentially, you're keeping your "data" on someone elses "server".
posted by zoo at 11:06 AM on March 3, 2013 [3 favorites]


I can't afford to build a vault in my basement and hire security guards to stand around making sure nobody breaks into it. My money is therefore safer if I take advantage of a shared central security facility, aka "bank", which distributes the cost of those expensive physical security measures across thousands of depositors.

With data, the situation is reversed. The "vault" would be a machine which is not running any public services and which thus presents a minimal attack surface. Guess what? I already have one. I'm writing these words on it. There is no web service which can make my data any more secure than it already is, sitting on this machine.
posted by Mars Saxman at 11:20 AM on March 3, 2013


Mars Saxman: You are incorrect. There are known (and worse, unknown) exploits that can permit a random website -- even one that was historically believed to be safe! -- to deliver code to your so-called secure vault and deliver your secrets to a malicious third party, or enlist it in a botnet to do the same to others, or both.

All you're doing with your purportedly safe system is taking on responsibility for keeping up to date with security management in perpetuity, whereas cloud providers take that on for you. Will they make mistakes? Yes. Will breaches happen? Yes. If you're under the impression that doing it for yourself is likely to be safer, however, you're either delusional or we cloud providers should be hiring the shit out of you.
posted by ChrisR at 11:39 AM on March 3, 2013 [2 favorites]


dancestoblue: why would I keep three passwords in my head if I am using LastPass, why not just keep LastPass master password in memory

Presumably because your e-mail and your banking are the two most critical password-protected resources you use, and if your password store or master password were compromised you'd still like to have them be secure.

I'm (so far as I know) the inventor of hash-based password generation, and even I memorize my Google and banking passwords. (Well, actually I memorized a simple algorithm for extra munging of the passwords I generate for those sites).

So, I have three levels of password security: 1. generated with my old master password, which I still use for random Web sites, 2. generated with a different master password that I use only for a few more-trusted sites, 3. generated with that master password and then munged in my head, for just e-mail and banking.
posted by nicwolff at 11:40 AM on March 3, 2013 [5 favorites]


Unless you keep your data on a system with no Internet connectivity, your local computers are vulnerable too.
But they're much lower value than a big cloud host, and much less likely to be specifically targetted.

If you're not specifically targetted you might still be compromised by an automated attack, but those don't usually search your system for bank_passwords.txt - it's a needle in a very big haystack.

When a database like this is compromised the haystack is smaller and it's more obvious where the interesting data is.
posted by cdward at 11:47 AM on March 3, 2013 [1 favorite]


There is no web service which can make my data any more secure than it already is, sitting on this machine.

How are you backing up your data? Because if you aren't, it's a bit like worrying about ninja attacks while rock-climbing without any safety equipment.
posted by Pyry at 11:49 AM on March 3, 2013 [4 favorites]


ChrisR Mars Saxman is talking about storing data on a machine without a web server (or any other internet services). Ya if the machines accessing that data are connected to the internet then an attacker could theoretically by pass the security on a person's firewall and client machine to read the locally attached storage. The security risk vector compared to a well known publicly facing server should be much less. And if you manage to compromise the local box then the web based storage would also be compromised vut the reverse shouldn't be true.
posted by Mitheral at 11:49 AM on March 3, 2013


Mitheral: Your web browsing machine does not need to run a server to be compromised. Do you run any of these programs? Are you sure that all of the ways they can be exploited are known? Does your "secure" machine access the internet at all? Ever? If not, how is it useful to you?

My point is that everyone externalizes security somewhere. It's smart to know where those externalities are, and it's hard to get the right ones. Me, I know I'm no security expert; I trust cloud providers' security teams more than I trust my own security skills for certain things, mostly because I know that they're better at it than I am.
posted by ChrisR at 11:55 AM on March 3, 2013


"Fraud, compromise and theft ...". Hey, that's the new album from New Order, right?
posted by benito.strauss at 11:58 AM on March 3, 2013 [1 favorite]


Good list ChrisR but don't forget about Adobe PDF.
posted by reiichiroh at 12:08 PM on March 3, 2013


Of course! I knew I was forgetting about one of the big ones.
posted by ChrisR at 12:14 PM on March 3, 2013


For the paranoid : another good thing about solutions like LastPass, you can use a different email address, username (username generators are good here), AND passwords to keep companies from matching up your sold accounts.

*adjusts tin-foil tricorn hat.
posted by stratastar at 12:20 PM on March 3, 2013


I know two factor authentication isn't infallible, but I wish every website starting using a form of it.
posted by dobi at 1:13 PM on March 3, 2013 [1 favorite]


1Password is great for storing complicated passwords. But it's really annoying every time you have to punch in your AppleID password manually on your iPhone.

Also if you run Wordpress, I strongly recommend installing Login Lockdown to get a sense of how many times people are trying to break into your admin panel. I basically run nothing of importance, and get break-in attempts 3-4 times a week.
posted by phaedon at 1:18 PM on March 3, 2013 [1 favorite]


And yet, a few days ago, people here were excited to be able to directly hard-wire their consciousness to the web in overblown response to that weird psychic rat experiment; or more mundanely, to finally have a GPS-enabled web-connected camera to strap to their goddamn face. Pardon me for not feeling optimism for tech advances anymore, I'm just a moron who can't keep up with security protocols and encryption algorithms.
posted by pleurodirous at 1:24 PM on March 3, 2013 [1 favorite]


Your options are either to have your site get hacked, or have someone else's site with your data on it get hacked. You can debate the merits of either of these, but the option of "have your site not get hacked" does not exist.

You know that things that are not "sites" exist, right?
posted by DU at 1:25 PM on March 3, 2013 [3 favorites]


The password store that was accessed is long unique salted, then MD5 hashed.

With a majority of passwords derivative from a dictionary of a few hundred known passwords, and a majority of those used universally by users, I wouldn't put too much trust in this.
posted by CBrachyrhynchos at 1:30 PM on March 3, 2013


ChrisR: "Your web browsing machine does not need to run a server to be compromised. Do you run any of these programs? "

Of course. But like I said in my comment those vulnerabilities exist whether your storage is local or cloud. However cloud based storage adds the extra layer of vulnerability for all the cloud systems. Plus never knowing whether your cloud is going to exist when you wake up tomorrow.
posted by Mitheral at 1:38 PM on March 3, 2013 [2 favorites]


A good friend lost a bunch of content in this screw up. Work related too.

Evernote saves very small file sizes. In this situation, is cloud what's safest, or is redundancy what's safest? One would think that particularly for small file-size applications, simultaneous local and cloud storage would be the best way to go. The odds of both failing at once would seem much lower than the odds of either failing alone.
posted by MeanwhileBackAtTheRanch at 2:00 PM on March 3, 2013


My portfolio site (which got maybe 100 visits in a year) got hacked 3 times in the past year.

That's ... not good. I mean, zero-day exploits do exist, and no security system is impenetrable to a determined-enough attacker, but three times in a year is really bad. Like, someone — maybe not you personally, but perhaps someone at your hosting company — is doing something really wrong, or not doing something that they should be doing.

Anyway, what I really don't like about the "only two kinds of web sites" dichotomy is that it ignores the steps that you (or your web host, if you don't manage your own hosting) can take to minimize the attack surface and in general make yourself a harder target. Particularly if you are not worried about a specifically-targeted attack (i.e. you don't think that someone is going to go after you as much as they're just trying to compromise your site to use it for malware propagation or just lulzy script-kiddie bullshit), then there is a bicycle-rack phenomenon at work: if your site is harder to break into than the proverbial one next door, guess who probably isn't going to get hacked?

The big culprits in my experience, in terms of basically guaranteeing that you will become compromised, are CMSes — WordPress used to be notoriously bad, not sure if it's improved — and web-based management consoles, particularly stuff like phpmyadmin. Of course, whether they are bad because they're actually bad-by-design, or bad because they're popular among the sort of people who know just enough to be dangerous and cookbook their way through a LAMP-stack install, is debatable. Personally, I think it's "both."

But you can vastly reduce the chances that you'll get hacked by carefully choosing a hosting provider, and then carefully selecting, configuring, and installing software — with an eye towards minimal code footprint, a good security track record, a reasonably large installed base of other users, and general good design. There's no reason that getting compromised has to be an inevitability, at least if you are dealing with the dumbest kind of untargeted, drive-by malware insertions.
posted by Kadin2048 at 2:08 PM on March 3, 2013


wcfields: I use KeePass and have done for years, there's ports for OSX, Windows and Android. I use them for all my passwords and am very happy with it's performance and the $0 price point.
posted by arcticseal at 2:13 PM on March 3, 2013 [1 favorite]


My website isn't interesting enough to get hacked. :(

Neither is mine. I get about 15 hits a day. Not including the 3,000 hits a day from bots hitting my Mediawiki and Wordpress login pages trying to get in, of course.
posted by Jimbob at 2:19 PM on March 3, 2013 [3 favorites]


Again we are reminded that passwords are a stupid form of authentication. The way we log into 300+ sites with different passwords (or more commonly, the same password) is stupid. Agents like LastPass and 1Password help but are a terrible kludge.
posted by Nelson at 2:19 PM on March 3, 2013 [1 favorite]


I wish I could figure out what to use evernote for. I can already save bookmarks just fine, thank you.

The videos are less than inspiring.

And why a whole category on recipes? That seems oddly specific.
posted by surplus at 2:47 PM on March 3, 2013 [1 favorite]


A good friend lost a bunch of content in this screw up. Work related too.

can you expand on this? I haven't heard of anyone losing any evernote content here.
posted by jacalata at 2:57 PM on March 3, 2013 [1 favorite]


I wish I could figure out what to use evernote for.

Just for putting things in. I very rarely use the webpage-bookmarking feature. I'm at a meeting, instead of typing up notes in Word, I put them in Evernote. I'm planning a trip, I make an Evernote notebook, and fill it up with stuff I need to remember. I've got an Evernote note with a list of books I want to get around to reading - if I'm out an about and hear about an interesting book, I can hit up Evernote on my phone and add it to the list. I'm a scientist, and I put my methods in Evernote as I do them, and my results, before I whittle them down to something publishable. It's a simple, obvious concept, but Evernote does it quite well. Luckily I don't keep anything in there that I'm concerned about 64-bit encrypting.

And why a whole category on recipes? That seems oddly specific.

Yeah that is a bit weird. Evernote's trying to expand their reach by promoting purpose-specific plugins and stuff.
posted by Jimbob at 2:59 PM on March 3, 2013 [1 favorite]


Any thoughts on the appropriate punishment for malicious hackers who are caught? Length of time in prison? probation restrictions? fines? How can justice be done to the victims of hacking? How imposed upon the villains?
posted by SteveLaudig at 3:20 PM on March 3, 2013


And, as gwint says, eventually everyone gets hacked.

Lets see if anyone here provides pointers to best practices to minimise the damage.

At least Evernote was watching thier stuff enough to detect a violation of some type.
posted by rough ashlar at 3:21 PM on March 3, 2013


Lets see if anyone here provides pointers to best practices to minimise the damage.

1: Use random passwords or passphrases. Random is the key word here. If it follows English grammar or is a quotable phrase, assume that it's in a database or will be. Don't trust password generations schemes that don't involve an RNG.

2: Don't trust algorithmic methods of mudging passwords you can do with a pencil.

3: Don't use the same password for multiple systems. If you log into a system, assume that the administrators will screw up in their storage of your password and personal information.
posted by CBrachyrhynchos at 3:43 PM on March 3, 2013


If we add a few more commonly quoted rules to that list, CBrachyrhynchos... change your passwords often, and don't write them down...what we have left is the need for me to remember, in my head, dozens and dozens of random non-English-phrase passwords that I need to change every month and that I'm not allowed to write down. I'd like to see evidence that anyone has ever actually achieved that ideal. Obviously services like Lastpass help a lot, but on the whole it just indicates that passwords are a shitty, failure-prone way to do what we've been doing.
posted by Jimbob at 4:05 PM on March 3, 2013


Jimbob: " passwords are a shitty, failure-prone way to do what we've been doing."

Is there any evidence that bio tech ways of doing things (Thumbprint, Retina Scan, Voice) are any less?

"Had an accident and forgot your thumb?"

edit: That is, if someone compromises my thumbprint or synthesizes my DNA in the future.
posted by wcfields at 4:09 PM on March 3, 2013


I'm with Schneier on the "don't write them down" rule. Keeping a list of strong passwords (or hints) in a secure location that you check and watch on a daily basis (such as your wallet) is probably better reusing or using a weak password.

But you're right that we need a better system.
posted by CBrachyrhynchos at 4:15 PM on March 3, 2013 [2 favorites]


So, what I'm taking away from this is that I should probably stop using passwords based on my favorite slash fanfic pairings.
posted by nonasuch at 4:22 PM on March 3, 2013


> Supports the most platforms with native client app (IOS, Win, Mac, Linux, OS/2, etc..)

OS/2, man, right in the feels. Boy, I miss OS/2.
posted by Weltschmerz at 4:43 PM on March 3, 2013 [1 favorite]


Supports the most platforms with native client app (IOS, Win, Mac, Linux, OS/2, etc..)

Wait, native OS/2 support is an issue? In 2013?
posted by DLWM at 5:16 PM on March 3, 2013


Dammit Weltschmerz
posted by DLWM at 5:17 PM on March 3, 2013


With Keepass, I've had fun either blindly trying or trawling through scanty online/cloudy API docs to find maximum password lengths and supported characters (non-printing, non-keyboard high ANSI is sweet) and then creating unfeasibly long and individual (1024+) character passwords for some popular websites. It's even more fun when you make your username be random ascii strings as well.

One drawback I've found, however, has been that many boneheaded mobile or keychain app coders sometimes make much more restrictive assumptions about max password length and allowed chars than the original sites. Which either means your news 4096-entropy-bits password won't work, or won't be saved by the keychain.
posted by meehawl at 5:25 PM on March 3, 2013


Dammit, people. OS/2 isn't DEAD. It's still alive as eComStation.
posted by PROD_TPSL at 5:32 PM on March 3, 2013


Yeah, the worst thing about generating $MAXLENGTH passwords are those sites where the login field has a smaller limit than the original password field, such that you have to use the recovery feature to set it again. You just know a lot of thought went into their auth mechanism when you encounter that bit of fail.

Oh, that and those dialogue boxes in IOS that helpfully disable copy-paste in password fields.

(Still I recommend 1Password, it's worth the money.)
posted by cj_ at 6:19 PM on March 3, 2013


the worst thing about generating $MAXLENGTH passwords are those sites where the login field has a smaller limit than the original password field

Why anyone would think a login/password field would need a maximum length, anyway, is beyond me. It all gets turned into a hash in the database - why can't I use a paragraph as my password?
posted by Jimbob at 6:24 PM on March 3, 2013 [1 favorite]


Just curious -- why would I keep three passwords in my head if I am using LastPass, why not just keep LastPass master password in memory, use it to create and then keep passwords to email and banking and wherever else. Probably there's some really solid, simple reason to what you're up to, I just don't see it is all.

Four reasons I do it; feel free to ignore these if you choose, there's no technical reason you can't store absolutely everything in lastpass or the like.

1) I'm paranoid-ish when it comes to security. Control of your email account IS your digital ID online in 99% of cases - with it, you can reset pretty much anything else (though not lastpass). Banking obviously controls my financials, and I let lastpass handle everything else. Just in case something does ever happen to lastpass, though I consider it very unlikely due to their design, my banking and email are still secure. Note, my registered lastpass email account, while valid, is not the same as my primary email I use elsewhere. Belt and braces, so to speak.

2) I'm already using two-factor authentication for both email and banking - I'm going to be at least partially be doing manual entry a lot anyway, so there's little point auto-entering only my password - or I'm using a machine-level saved authentication so I don't need to enter the password at all (email on my phone, for example).

3) Email is the most likely service I'm going to use away from my own kit, and banking access is a handy thing to keep in your head for emergencies. You can use the javascript version on the lastpass site, for example, but it's just simpler to keep them in my head.

4) I'm a sysadmin with a bunch of secure passwords for work rattling around in the meat-space in my skull. Once you've learned to memorize a dozen or two of strong passwords, what's another couple?
posted by ArkhanJG at 6:55 PM on March 3, 2013 [1 favorite]


kiltedtaco: "Tacoma Narrows was an isolated incident, which is why we all know it (well, and it was filmed)."

It was also a natural occurrence. I haven't yet seen any passwords leaked by wind or lightning strike. If we applied the level of quality we demand from websites to the Tacoma Bridge, we'd formulate the following: "There are two kinds of bridges: the kind criminals have blown up, and the kind they will blow up."
posted by pwnguin at 7:02 PM on March 3, 2013


It all gets turned into a hash in the database

Only if you're lucky. I suspect half the sites that have password length limits do it so they can email you your password in plaintext and have it fit in an 80 column limit somewhere in the COBOL generated card.

American Express retroactively decided passwords had to be <= 8 characters in length. I bothered to actually ask why and the half-robot who answered had the audacity to say it was for my security
posted by Nelson at 7:04 PM on March 3, 2013 [1 favorite]


wcfields: "Is there any evidence that bio tech ways of doing things (Thumbprint, Retina Scan, Voice) are any less?"

Bio authentication is demonstrably worse. Duplication and sharing data a pretty fundamental part of biology. They're also prone to change. Scar a finger, lose access? Get a cold and can't speak well, don't bother coming into the office? And the implementations have been sad, ranging from putting up a picture of a face to duplicating a fingerprint to a gummybear.
posted by pwnguin at 7:10 PM on March 3, 2013 [1 favorite]



Why is someone still using MD5 for password hashing in 2013? Is it laziness or stupidity?


There are three main flaws in MD5. The first is that it's possible to get known collisions that hash to the same result as the original, the second is that it's been around long enough for big rainbow tables to already exist for lots of common passwords, and the third is that it's a relatively fast hash.

The first and second (collisions and rainbow tables) are effectively negated by long unique salts. Yes, if someone has your plaintext password, they can find a collision that matches - but they already have your password, so who cares. Rainbow tables are worthless with a good salt. Without a salt, MD5 is painfully weak to attack, and passwords can be retrieved very quickly. But then, that also applies to most common hash algorithms, which is why even a 'good' hash (say, SHA-512) is still weak if you haven't salted each password first.

The final problem is that it's quick to hash. Better password algo's like bcrypt deliberately make iterations slower so when brute forcing each password - as you have to when attacking salted hashes - it takes longer, quite often orders of magnitude longer. (they also come with salting built in to avoid noob mistakes)

But if the password was weak in the first place (i.e. SHORT), hash and salt don't really help you much, no matter how good they are - with modern parallel hardware, it doesn't matter if they used bcrypt with extra salt in the db, your password of 'cat' is still going down in short order. Ultimately though, you only need to protect the bulk of the password database long enough to force a password change from the legit users - once that's done, any substantial extra time to compromise is kinda irrelevent, because the shorter ones will get compromised eventually, but it no longer matters.

The three most important things are
2) password length (and complexity)
3) unique salts

which hash algo you use is definitely lower on the list.

Oh. I forgot 1). Don't let your password db fall in the hands of the enemy in the first place.
posted by ArkhanJG at 7:41 PM on March 3, 2013 [2 favorites]


I’m getting my wife to beef up her passwords and telling her about options. As I’m telling her about 1Password, Lastpass, etc. she says "how is that different from Keychain ?" in OS X. The same thing she said last time. And I don’t know, again. How are they different?

We’ve both always used Keychain Access to handle things and it works fine.
posted by bongo_x at 8:21 PM on March 3, 2013


I know nothing about Keychain, but a quick google found this:

Macs have KeyChain built into OS X, and it’s great for people who use only one workstation. But the downfall is that it’s local-only. All passwords and auto-fill information are hosted on that machine. As soon as you find yourself using another workstation, it’s useless.

LastPass is server side, so I can access it from my home pc, work pc, phone, tablet, etc. KeyChain would be useless for me.
posted by jacalata at 8:32 PM on March 3, 2013


That’s true, it used to sync with MobileMe but now that’s gone. Now my different computers have to be updated separately. Not a big deal, but a drawback. I pretty much never use anyone else’s computer and don’t have a smartphone so I guess I’m not the target audience.
posted by bongo_x at 8:45 PM on March 3, 2013


Not quite directly related, but I didn't think it was worth a whole FPP:

Verizon turns in Baltimore church deacon for storing child porn in cloud

So any thought you might have that cloud services are secure, especially if Verizon is involved, should now have evaporated. In addition to the security threat from storing data you care about in the cloud, you also have the threat of the provider (and who else?) directly and knowingly snooping on what you are storing.

The big headline they want to push is 'yay child porn viewer nabbed!'. But the real story here is that this corporation is spying on its own customers.
posted by Malor at 9:53 PM on March 3, 2013 [2 favorites]


As a corollary: any encryption you didn't do yourself, on your own machine, is not trustworthy either. If they want to snoop, and they're doing the encryption, then they can just give themselves a key, and this is entirely invisible to you.

The only way I know to do remote data storage securely is to be your own cloud.
posted by Malor at 9:57 PM on March 3, 2013


For passwords, memorize lines of Lojbanist poetry but no haiku!
posted by TwelveTwo at 10:13 PM on March 3, 2013


Seconding Malor; anything you want to keep secret needs to be encrypted with a scheme that isn't provided by your cloud provider.
posted by Mitheral at 11:02 PM on March 3, 2013


Reasons to use LastPass over Keychain:

- you can access all your passwords on any device, not just one machine. Keychain doesnt even sync via iCloud.
- you can stop using the same passwords everywhere and use unique, long ones - I like to use 2048-character strings of random characters now, unless the site has a length limit.
- you know how sometimes Safari won't fill in a password field for you? The LastPass plugin will.

There are probably similar reasons to use the other password vaults over Keychain, I chose LastPass so I can't really talk about them.

Also regarding surplus' comment of "I wish I could figure out what to use Evernote for"? Well, what do you use a paper notebook for? Pretty much all of those things. Except now it's a magic notebook you can search with the computer, that's accessible on your computer/phone/tablet/work computer/web browser. I, for instance, have a notebook in EN for each of my graphic novel projects (in progress and in planning) that gets both text typed into it and photos from my sketchbook (and search even picks up words in those, though my quick scrawls sometimes defeat it); I have one for convention planning, where I keep a note for stuff relating to each con. One for notes on a browser game I play sometimes. One for medical notes, one for financial stuff, ideas for art, one for planning a European vacation that fell through, etc etc etc. And a catchall general notes notebook.
posted by egypturnash at 2:40 AM on March 4, 2013 [2 favorites]


"Had an accident and forgot your thumb?"

Apparently some police or security organization in Mexico got the bright idea of having some VIP cars secured with RFID readers, with the tags implanted in the guards' fingers. The first thing that happened was that prospective kidnappers cut off the tagged finger and took it with them.
posted by sneebler at 6:40 AM on March 4, 2013


There was a "Star Trek: The Next Generation" episode where a bad guy locked himself and Data in a small ship that he had set up to unlock by his palm print. He had a phaser, set to stun, and confidently told Data his nefarious plan. Then he shot the phaser at Data... but it didn't actually shoot.

"I assume that your palm print will open this door whether you are conscious or not", Data said.
posted by Flunkie at 7:00 AM on March 4, 2013 [1 favorite]


1password is expensive, but once you swallow the cost it's a pretty great system. I've been using for the last 6 months or so across desktop and iOS systems, and don't have any real complaints other than a couple of bugs in the iOS software.
posted by modernnomad at 7:34 AM on March 4, 2013


Another aspect of the problem is that the state of the art in password cracking these days includes analysis of lists from previously cracked sites to build dictionaries. Unfortunately passwords seem to approximate Zipf's law with at least half of any database trivially cracked using the passwords discovered from the last database.
posted by CBrachyrhynchos at 8:02 AM on March 4, 2013 [2 favorites]


Everyone knows the best way to find out someone's password is to look at the post-it notes on his or her desk. And everyone knows the best way to force someone to write down the password is to implement dumb restrictions on passwords. Things I have actually seen in requirements:
  • It must contain a number, but it cannot start or end with a number, and cannot have any number combinations that the system thinks might refer to a specific date. [Note: Every combination of more than one number in a row was detected as a "date"].
  • It cannot contain a dictionary word [which eliminates passphrases. Plus, almost every random alphanumeric string I tried on that site was detected as a "dictionary word"!].
  • It cannot be over 8 [or sometimes 14] characters in length [really, Microsoft?].
  • It cannot contain any nonstandard characters such as spaces, $, %, or ? [if your site can't handle password chars other than alphanumerics, you suck at coding and deserve to be hacked.].
  • It MUST contain a capital letter [Really? Even if it is 30+ characters including non-alphanumerics?].
  • It must be changed once every 90 days [this is a training site that we are required to access no more than once per year].
  • Look, now we use access cards with PIN codes so you don't have to remember a password! And codes don't need to be changed more than once every 3 years! [But the PIN card won't work if your network password has expired, and that still needs to be changed every 90 days, and anyone can still log in as you using this password. So the extra security offered by the PIN card is effectively zero.]
Next the IT people will decide that it must include at least 3 high-ASCII characters, but not the ones actually found on most keyboards. And it won't respond to alt or ctrl so these characters will be impossible to type.

These requirements are bull, really. Everyone in IT is convinced that we should start with a nonsense sentence like "My dog Frank loves to eat pork on the Sabbath" and turn that into a password like "MdfL2Ep$". But the original 45 character sentence (including spaces) is infinitely harder to crack than the "secure" 8 char mess, and hell if you have a pork-loving dog named Frank I'll warrant the full sentence is a hell of a lot easier for you to remember. One of my best passwords is something my son said one day. If a password is supposed to incorporate random elements, well, you will have a hard time finding anything more random than the thoughts of a three year old. The sentence was funny, memorable, and long enough to be secure. Yes, it contains "dictionary words" but unlike in the movies, in real life the entire thing needs to be guessed at once. There is no word-by-word matching. As long as the entire password is a phrase rather than one single word, length will always trump complexity.
posted by caution live frogs at 8:53 AM on March 4, 2013 [3 favorites]


There are three main flaws in MD5. The first is that it's possible to get known collisions that hash to the same result as the original...

I agree that MD5 sucks, but I don't know of a password hashing algorithm where this isn't the case. You're sticking n things into m buckets. If n > m then you can't avoid collisions. I guess you could try to make a perfect hash function for passwords (where n=m and no buckets are shared). But that would put a limit on password length/complexity, since without knowing the number of possible items, you don't know how many buckets you need. Is bcrypt a perfect hash?
posted by purplecrackers at 9:24 AM on March 4, 2013


caution live frogs: As long as the entire password is a phrase rather than one single word, length will always trump complexity.

Um, well, sort of, but if you're using actual words, that's one of the attacks they try; combining different patterns of words and punctuation. It narrows the search space by a really extraordinary degree when you can check for just 'rutabaga', and a zillion combinations involving rutabaga, without having to check 'rutabagb' and 'rutabagc', never mind 'rttabtga'.

Using real words means that the search space to get your passwords is a LOT smaller than you'd think it was, based purely on the length, and then they can further narrow and refine attacks using the rules of grammar.

So, yes, that's a reasonably good system, but it's not as strong as you're claiming, and it is far, far from impervious.

For more info: Grammar badness makes cracking harder the long password.
posted by Malor at 9:30 AM on March 4, 2013 [1 favorite]


Oh, and the uniqueness of using your son's original phrase will help a lot.... storing the full text of every major book in existence, and using those texts in various ways to generate rainbow tables, is getting to the point of nearly being feasible.

If you're using a phrase you remember from a book, change it at least a little, don't use it verbatim.
posted by Malor at 9:34 AM on March 4, 2013


It narrows the search space by a really extraordinary degree when you can check for just 'rutabaga', and a zillion combinations involving rutabaga, without having to check 'rutabagb' and 'rutabagc', never mind 'rttabtga'.

And yet "Steve doesn't like rutabagas at 24 Sussex." is essentially impossible to brute-force if salted correctly.
posted by one more dead town's last parade at 9:36 AM on March 4, 2013


I agree that MD5 sucks, but I don't know of a password hashing algorithm where this isn't the case. You're sticking n things into m buckets. If n > m then you can't avoid collisions. I guess you could try to make a perfect hash function for passwords (where n=m and no buckets are shared). But that would put a limit on password length/complexity, since without knowing the number of possible items, you don't know how many buckets you need. Is bcrypt a perfect hash?

Uhh, this is one of the properties of hash functions, known as collision resistance. Yes, there will be collisions, but they should be hard to find. In fact, because of the number of possible outputs, trying a brute force attack on a hash to try to find a collision is infeasible.


It narrows the search space by a really extraordinary degree when you can check for just 'rutabaga', and a zillion combinations involving rutabaga, without having to check 'rutabagb' and 'rutabagc', never mind 'rttabtga'.

Tools like hashcat do exactly this. But, each additional word drastically increases the number of possible combinations. Here's how hashcat works:

It takes a dictionary of root words. You can then specify rules for modifying these words, eg prepending or appending numbers, substiting numbers for letters, etc. You can also specify to try two words in a row. If the size of the dictionary is N words, this will have N*N=N^2 possible combinations of words. Since N is big, N^2 is really big. Each additional word makes this a LOT bigger.

Even if you're only trying grammatically correct phrases, each additional word still adds significant complexity (as noted by Malor's article).
posted by Adamsmasher at 9:56 AM on March 4, 2013


This disappoints me. After years of hearing about Evernote and not seeing any use for it for myself, I finally got it a few months ago and started using it, and I like it a lot. That said, anything remotely sensitive is in a private, unsynced notebook. If someone really wants my recipes and archived Lifehacker articles...

wcfields: "Take the opportunity to switch to lastpass, onepass, keepass or the like

Been thinking of switching to one of these, but having a tough time choosing. Which is:
  • Least inexpensive
  • Supports the most platforms with native client app (IOS, Win, Mac, Linux, OS/2, etc..)
  • Has a widely adopted API
  • Can use other APIs (Dropbox, iCloud, Gooogle Drive, Spideroak)
"

I like Keepass. It's free. There are separate 1.x and 2.x builds (comparison) - I find 1.x is fine for personal use. but you'll need 2.x if you want to use Mac OS or Linux. You can use a key file on USB to unlock it if you like that sort of thing. It works with Dropbox and Google Drive, and I can't see why it wouldn't work on other similar sites.

If you get it, the free iOS app MiniKeePass is my favorite. (Link goes to Appshopper; does not launch iTunes.) One benefit of Keepass that I like is that anyone can start attacking LastPass, while no one can attack my KeePass database unless I tell them where I keep it on the web, or they break into my computer.
posted by IndigoRain at 10:48 AM on March 4, 2013 [1 favorite]


It takes a dictionary of root words. You can then specify rules for modifying these words, eg prepending or appending numbers, substiting numbers for letters, etc. You can also specify to try two words in a row. If the size of the dictionary is N words, this will have N*N=N^2 possible combinations of words. Since N is big, N^2 is really big. Each additional word makes this a LOT bigger.

That relies on two assumptions about passphrases that we know are false in practice:
1: random selection of words
2: random ordering of words.

If you assume Zipf's law applies to the selection of root words, then I can arbitrarily restrict the size of the dictionary and still get a large number of hits. If I assume that the passphrase follows an English grammar, I can sort the dictionary by parts of speech. Both of these substantially reduce the number of combinations.

So for example, "Steve doesn't like rutabagas at 24 Sussex" strikes me as potentially weak. "Doesn't like" is going to be on my short list of common verb roots, and "at" is on an even shorter list of English prepositions (a few dozen if we drop the more obscure one like "modulo"). The nouns can be weighted by a frequency analysis of text on the site I'm planning on attacking. If I'm using a general corpus, rutabaga and 24 Sussex might be infrequent enough to exclude from my dictionary. But if I'm using your public blog posts and you've written about rutabaga mousse at 24 Sussex, then I'm likely to include them.

Grammar engines for passphrase cracking already exist. If you want N^X complexity from a passphrase, you need to use a method like diceware that selects words from a long dictionary with a flat distribution.
posted by CBrachyrhynchos at 12:07 PM on March 4, 2013 [1 favorite]


You can then specify rules for modifying these words, eg prepending or appending numbers, substiting numbers for letters, etc.

These also don't work because, surprise surprise, the use of those rules follows Zipf's law. That means you only need to account for a handful of rules in order to catch a large number of cases. Humans are complete rubbish when it comes to randomness. (Myself included.)
posted by CBrachyrhynchos at 12:18 PM on March 4, 2013 [1 favorite]


But if I'm using your public blog posts and you've written about rutabaga mousse at 24 Sussex, then I'm likely to include them.

Of course you don't want to make the passphrases something that can be easily connected to you. A phrase that's that long, and isn't something that can be connected to you, is generally going to withstand brute-force attacks beyond the time at which this planet is no longer habitable.
posted by one more dead town's last parade at 12:33 PM on March 4, 2013


Of course you don't want to make the passphrases something that can be easily connected to you. A phrase that's that long, and isn't something that can be connected to you, is generally going to withstand brute-force attacks beyond the time at which this planet is no longer habitable.

Why use brute force when you have cheaper and easier methods based on the fact that human beings are predictable creatures? Take for example, "password123456789." That's brute-force proof on most systems using a modern salt. But it's trivially vulnerable to the observations that:

1. "password" is the most common password root
2. 123... is the most common numeric padding
3. alphabetic + numeric is the most common pattern for constructing passwords.

Using those three observations you can get as many as half the password in any database. Quite possibly %80 can be had with a trivial dictionary attack.

The English language, averaged over a large number of people, also predictable in order and word frequency. This isn't pie in the sky thinking here. The tools for running attacks on English-grammar passphrases using English frequency tables already exist, and can do better than brute force in many cases.
posted by CBrachyrhynchos at 2:39 PM on March 4, 2013 [1 favorite]


Yes, when you use a password that's not particularly complex, it's easy to guess. My example above with Steve doesn't fall into that category, though.
posted by one more dead town's last parade at 3:18 PM on March 4, 2013


Yes, when you use a password that's not particularly complex, it's easy to guess. My example above with Steve doesn't fall into that category, though.

Easy to guess, no. But within the realm of possibility in the near future for an engine that tries passphrases based on common English sentence construction. You're not getting close to N^7 complexity with that phrase.
posted by CBrachyrhynchos at 3:59 PM on March 4, 2013


That relies on two assumptions about passphrases that we know are false in practice:
1: random selection of words
2: random ordering of words.

If you assume Zipf's law applies to the selection of root words, then I can arbitrarily restrict the size of the dictionary and still get a large number of hits. If I assume that the passphrase follows an English grammar, I can sort the dictionary by parts of speech. Both of these substantially reduce the number of combinations.


Yes, and according to the article Malor linked the major password brute forcing programs, John the Ripper and hashcat, don't yet have this functionality, but the program being discussed does.


If you assume Zipf's law applies to the selection of root words, then I can arbitrarily restrict the size of the dictionary and still get a large number of hits. If I assume that the passphrase follows an English grammar, I can sort the dictionary by parts of speech. Both of these substantially reduce the number of combinations.

The article Malor linked specifically addresses that. They claim that "Hammered asinine requirements" is less strong than "My passw0rd is $uper str0ng" because the latter "requires significantly more tries to correctly guess". It appears that even following english grammar, the number of possibilities goes up exponentially as number of words increases.
posted by Adamsmasher at 8:11 PM on March 4, 2013


Replacing O with 0, S with $, etc. are very predictable substitutions and don't really add much to password complexity, if we are assuming relatively smart bruteforce strategies, so that's a bit of a red herring. What they seem to be saying is that longer passphrases are better.

Though this raises an interesting question: is a passphrase consisting of multiple short words better than one consisting of fewer long words (i.e. assume the same overall length in characters or bits)? It seems like it probably is, but maybe the tradeoff depends on what sort of bruteforce strategy you expect your attacker to actually be using.

If you use dice and just choose a string of words from a dictionary at random, this doesn't matter though — you can pretty easily get to a degree of complexity that's generally regarded as impractical to bruteforce. The only reason why this isn't more common (IMO) is that the resulting passwords are more cumbersome to type in than character-level randomized ones.
posted by Kadin2048 at 10:42 PM on March 5, 2013


See msli keabe tt ers olu tionwo uldbe towri tealong sen ten ce,but p utth esp acesin t hewr on gpl aces.
posted by TwelveTwo at 10:49 PM on March 5, 2013


One of my colleagues had an interesting point: The security of a password only needs to be sufficient for its intended use. Website that makes you register for some inane reason? Use your birthday or cat's name. Bank? Use something that is not going to fail without some serious effort.

His take is that the effort required to crack a password that isn't going to be found in an average rainbow table is high enough that no one is going to do it unless they have a good reason to do so. He builds strong, complex passwords for very important stuff, and uses something easy to remember for anything that will not impact him if cracked.

He has two reasons for this: One, it makes life easier for him - fewer stupidly complex passwords to keep track of. Two, no matter how good your password is, it is really only as secure as the people on the other end of the equation. If they store it in plain text, or don't salt hashed passwords, or get exposed to a zero-day exploit that opens up their server, or just plain screw up and leak them accidentally, your super-secure 2048-character password is worthless and your data/dollars are at risk.
posted by caution live frogs at 6:59 AM on March 6, 2013


caution_live_frongs, re. 'unimportant' sites: eh, sure, mostly. when i used to work at a student computing lab help desk, one of the big things we struggled to impress on people was how important their reputation was. if someone got their password and masqueraded as them, it could cause all kinds of misery. which routinely happened: broken friendships, broken relationships, even pretty significant academic consequences, all from just 'joking around' with other people's logins.

that said, I basically do this, too, and I think the main lesson is to segregate those from one another also. i use a bunch of simple passwords for the unimportant sites [and sometimes I have to try two or three before I get the right one ;-)], and i think your colleague is probably doing something similar.
posted by lodurr at 12:45 PM on March 10, 2013


which routinely happened: broken friendships, broken relationships, even pretty significant academic consequences, all from just 'joking around' with other people's logins.

This can also happen by the way of social engineering as I discovered a couple of years ago. On a campus naturally.
posted by infini at 12:58 PM on March 10, 2013


oh my yes. didn't mean to suggest that it was just weak passwords.
posted by lodurr at 1:02 PM on March 10, 2013


No worries, just that in our drive for secure passwords, this shadier (and often sneakier and subtler) means shouldn't be overlooked...
posted by infini at 1:11 PM on March 10, 2013 [1 favorite]


Another way of trying to show the relative power of words versus standard alphanumeric phrases: let's just say that, for purposes of argument, the English language has 100,000 words in it. (that's low if you consider technical terms, but it's high compared to most folks' operational vocabularies, so it's probably over-optimistic, in actual practice.)

That means that, for any given word, someone has a 1/100,000 chance of guessing it. If it's two words, since they have to get both words, and in the right order, then it will be 1/100,000^2, or 1 in ten billion. Each word you add, in other words, adds 10^5 complexity to your password; 2 words is 10^10, 3 words is 10^15, and so on.

Now, compare that with a standard alphanumeric password, the stuff like "p3ssw0rd". If you assume a password space of upper case, lower case, and the ten digits, that's 62 possibilities for each individual character to be. That means that, just like with words, if your password is one character, they have a 1/62 chance of guessing it, each try. Two characters is 1/3,844. Three characters is 238,328. Every three characters you add multiplies that by another 238,328.

This means that, broadly speaking, each word in a passphrase is worth roughly 2.8ish letters in a random password. Because vocabularies tend to be limited, the actual worth is probably slightly lower. Every two words you add, in very broad terms, is probably about the same as adding five fully random characters to a standard password. You improve entropy by ignoring grammar rules, and you improve it a bunch by not using any published or standard phrase in any language. This has, as XKCD points out, the very nice effect of making it much easier for people to remember a password of significant complexity.

But do not make the mistake of thinking this kind of password makes you invulnerable. It is still not significantly complex unless it has quite a number of words in it, and lots and lots of analysis is going into ways to usefully narrow the search space. Mixing some punctuation into your passphrases would not be a bad idea, and doing so in nonstandard places would be a much better idea.

And, of course, there's always the threat of keyloggers; if someone manages to install one of those on your system, it doesn't much matter how long your passwords are.
posted by Malor at 7:50 AM on March 11, 2013


That means that, for any given word, someone has a 1/100,000 chance of guessing it.

Only assuming random selection of the word in question, which is the most frequently violated constraint of password security. A more realistic assessment is that more than half of the words will come from a dictionary of about 100, and about 90% from a dictionary of about 1,000.

Certainly it is the case that passphrase complexity increases in length, but we shouldn't fool ourselves into thinking that we're getting (10^5)^5 complexity out of something like "my password is super strong" when all five elements are in or near the 100-word dictionary. (That complexity can be further reduced with some linguistic analysis.) That's actually weaker than an 8-character password.

There are two questions at stake here: 1) How strong is an individual password? 2) In a breach of password hashes for thousands of accounts, how many can be compromised?

In the case of question #2, password crackers can arbitrarily choose smaller dictionaries and still compromise hundreds or thousands of accounts.
posted by CBrachyrhynchos at 8:56 AM on March 11, 2013


the English language has 100,000 words in it.

So you transliterate phrases from another language into Roman alphabet but as Malor says, what difference does it make with a keylogger?
posted by infini at 9:03 AM on March 11, 2013


This means that, broadly speaking, each word in a passphrase is worth roughly 2.8ish letters in a random password.

Your overall point is correct, but this is a bit of an overestimation since that's only true with randomly-selected words (as others have pointed out) and most random-selection passphrase schemes don't use a dictionary that large. E.g. Diceware has an 8k word dictionary behind it, thus each word is something like 12 bits of randomness (because 8000=2^12.9ish).

But the issue with Diceware is that in order to make the passphrases strong you use dice to ensure randomness, but the result are passphrases that are pretty difficult to remember, at least compared to actual natural-language phrases. You are still memorizing random gibberish, it's just words instead of letters, so it's possible to use some better mental strategies to actually do the memorization. (There are only so many heuristics for memorizing strings of letters and numbers.)

One of the things I've meant to do for a while but never get around to is making a Diceware-like system with a significantly bigger dictionary, that you'd select from using bigger dice or more rolls of regular cube dice (so if you had a d20 lying around, you could use that instead of multiple d6 rolls). At least for me, I think the uncommon words would lead to more memorable passphrases.

Of course, the real problem is that lots of systems still have stupid, arbitrarily short limits that prevent you from using passphrases at all, and force you to use passwords instead. The addition of "special characters" and other garbage just makes it worse. Things are slowly getting better, though: I've noticed that more and more sites have replaced the static password rules (8-10 characters, uppercase/lowercase, one special character) with what's essentially a very quick dictionary attack attempt ("no, you can't use that password, it's based on a dictionary word, try again"). This is a much better validation.
posted by Kadin2048 at 8:14 AM on March 12, 2013


« Older Gay Mormon Records Reactions To His Coming Out   |   Make someone's day with your own pony mashup Newer »


This thread has been archived and is closed to new comments