 users? How do we authenticate humans? And some of the issues of, well, what is a good password? If we need to remember one, what's secure, but also convenient, we're going to move on to how to store passwords and how to submit passwords. And we gave some statistics last lecture about typical passwords that people choose. We'll come back to that. So we're going to mix, jump through some slides here and come back to them where needed. Let's look at what's this concept of password entropy. And that's a measure for how much information is in a password. Let's assume for starters that we choose random passwords from some character set. If we use just English lowercase, so just the English letters to keep it simple and just lowercase letters. If you can choose a password which has to be six characters long, how many possible passwords? You can choose a password which is six letters long from the English character set, lowercase only. How many possible passwords? How many passwords are there that could be chosen? Six characters long. 26 to the power of six. That is the number of characters. That is, choose a sequence of letters, six characters long. The first character can be one of 26, a through to z. The second character one of 26, a through to z and keep going. The sixth character could be one of 26. So the number of possible passwords is 26 to the power of six. 26 times, 26 times. What we would like is to make it for some types of attacks, an attacker will try and guess your password. And the simplest way to try and guess is a brute force attack. Try all possible passwords. So to look at the security of different password schemes, we would often like to be able to measure, with a particular structure of a password, how secure is it? And one way to measure that is how much effort would it take to do a brute force attack? So let's just give a few examples and then we'll come back to the lecture notes. If we have, what do we say? The character set was a character set of our password to get started is a through to z. That is, there are 26 letters. If the password length is six characters, then the number of passwords, the number of possible passwords. This is simple concepts that you've seen in other parts of security as well is 26 to the power of six, whatever that is. 10 million or 100 million you could calculate. So a brute force attack from an attacker, let's say you have chosen a password using this password scheme. You chose a six character password from lowercase letters. You chose it randomly. So a brute force attack would involve an attacker trying to guess your password. And a brute force will be to try all possible passwords. So an attacker would need to try 26 to the power of six passwords. How many is that? Let's just calculate. I need a calculator. 26 to the power of six just so we know is what, 300 million about. That's about 308 million. Approximately 3 by 10 to the 8 passwords. So assuming a user chooses random passwords, they don't choose words from dictionaries. There's no structure amongst the passwords. If I chose a random password six characters long, then an attacker to guess my password worst case has to try about 300 million attempts. So we want to look at how much effort would it take an attacker to guess my password? Take about 300 million attempts. How many attempts should we make it such that an attacker would not be able to do a brute force attack? How long or how many passwords do we need such that a brute force attack would take too long? Anyone want to guess or estimate? Go back to your knowledge about, remember we introduced desks and symmetric key encryption. We spoke about brute force attacks on keys. We said if we had a 32 bit key, we had some table that said a 32 bit key would take seconds to find in a brute force attack. A 56 bit key, I can't remember the numbers, but a 56 bit key with enough computers, we could make that 2 to the power of 56 attempts. 100 bit or 128 bit key, 2 to the power of 128 attempts was too many for any computer to try in reasonable time. Similar concept. We want to have enough passwords such that if an attacker tries them all, they will not be able to complete trying them all within centuries and take them too long. It depends upon how fast is the attacker in trying passwords. Let's say an attacker has a computer and a system set up so that they can try passwords at some rate. Let's just make up a number. The attack rate, that is the number of attempts per second, let's say 10 to the power of 12 passwords per second. The attacker has a computer and what their computer does is tries passwords to log into your computer system trying random passwords at a rate of 10 to the power of 12 passwords per second. Why did I come up with 10 to the power of 12? Later when we talk about how passwords are stored, we'll see that's about 10 or 100 times faster than typical computers that do on breaking passwords today. It's about in the order in which passwords are broken today. We'll return to that number later. How long does it take for an attacker to try all of these passwords? We have 3 to the power of 8 passwords to try. We do 10 to the power of 12 passwords per second. How many seconds? One or more? Less than one. If I can find your password in less than one second, I'm happy. If I can guess passwords at this rate and you have chosen a password randomly from this character set A through to Z and your password I know is 6 characters long, then I'm going to be able to try 26 to the power of 6 passwords in less than a second. A brute force attack against such a password selection scheme is possible. I haven't mentioned, I've hidden some details. What does an attack involve? Let's say I'm trying to guess your password for your web mail login. Then how do I do an attack? I submit a request and the server checks and sends back an error, so I try another one. With such a system I cannot do 10 to the power of 12 passwords per second because there's some delay across the network. The server is not fast enough to process and the server would have mechanisms to slow me down and eventually log me out. But in theory, let's say that somehow I can make guesses. We'll come back later and we'll see some ways in which it's practical that we can make guesses on passwords. Let's just look at the numbers of how many possible passwords are needed to make a brute force attack at this rate not feasible. Then we'll come back how we can achieve that from an attacker's perspective. So what do I do in my password scheme? How do I make the brute force attack not possible? What am I going to do? What do you suggest? Sorry? Longer password. Longer password. How long? So increasing the password length you'll see if it's 10 it's 26 to the power of 10. I will not write down the numbers but if it was 10 characters 26 to the power of 10 passwords are possible which is about what? 10 to the power of 14 approximately. Okay. So this approach of increasing the number of the length of the password brings us up to 10 to the power of 14. If I was guessing at 10 to the power of 12 per second it would take about 100 seconds. Still I'm happy if I can guess your password in a couple of minutes. So yes we can increase the password length sorry 26 to the power of let's say you must have a 15 character password. 10 to the power of 21 possible passwords divided by 10 to the power of 12 passwords per second is about 1 billion seconds divided by our 10 to the power of 12. That's how many seconds, that's how many minutes, hours, days, 53 years. Okay that should be enough. That is if you chose a 15 character password 15 characters long then a brute force attack would take about 50 years to find the password okay 53 years. So that's strong okay if someone guesses my password when I'm dead I don't mind okay. So one way to make our passwords stronger is we know is to increase the length and the other way increase the number of characters we choose from. I limited the passwords to a through to z lowercase 26 values. What if we allow uppercase and lowercase with if the password could be uppercase or lowercase it would be 52 possible characters and we could do the calculations but if say we had six characters would be 52 to the power of six what is 52 to the power of six so let's say I now allow uppercase and lowercase six characters long still not enough but try eight characters nine characters and so on until you get enough possible passwords such that brute force is not feasible. So so far to make a brute force attack not feasible make the character set that the user can choose from large increase the number of characters make the password length large. What's the problem with the password length if I require 15 characters remember 15 character password if I require you for Moodle to enter a 15 character password random what's the problem are you going to be happy are you going to easy be able to log in why not it's hard to remember who remembers 15 character random strings not many people it's hard to type in you make a mistake you hit the wrong key and you have to try again so too long is not very convenient so let's say we cannot increase the password length therefore make the characters set larger lowercase and uppercase allows 52 characters but there are some other characters we've got numbers how many characters do we have available we've got uppercase lowercase numbers so there's 62 what else all those punctuation characters anyone how many in total there's about 90 or 94 on your keyboard if you consider just English if you switch to tie then you have more okay or switch to a different language but on a standard keyboard there's and it differs on some keyboards there's about 94 printable characters so 52 letters 10 numbers so that's 62 and about 32 punctuation characters full stop exclamation mark and so on so let's say it must be a printable character with a normal keyboard then our character set about 94 characters so we have a limit usually we cannot have an arbitrary size cut character set so choose a password length such that 94 to the power of that number if we did a brute force attack it would take too long so there's there's one approach for a password selection algorithm let's try let's say I set the length to 8 then the number of passwords is 94 to the power of 8 in this case which is approximately what 94 to the power of 8 6 by 10 to the 15 okay about if I could break a attack at a rate of 10 to the power of 12 that it would take me about 6,000 seconds now to break still possible okay so make it nine characters if the length was nine characters how many passwords let's slow down let's so people can follow let's calculate again if my attack rate is the same if I as an attacker I have six by 10 to the 15 passwords to try and I can try them at a speed of 10 to the power of 12 per second then I have 6,000 seconds 6,000 seconds is what less than two hours let's say it's less than two hours but let's just approximate let's say it's two hours it's one and a half or one and one and three quarter hours so now an attacker can find my password in less than two hours so what can you do make it harder what are you going to do longer we assuming we cannot increase the character set we were limited to out by a keyboard we want to allow anyone to use their standard keyboard to enter in let's make it nine characters the length to be nine characters that's a nine not a four the time is approximately approximately how many hours 94 times longer okay so with eight characters long is 94 to the power of eight divided by 10 to the power of 12 with nine characters it's 94 to the power of nine which is 94 to the power of eight times 94 so that every character we add we multiply by 94 so now it's up to 180 hours make it 10 characters and times by another 94 to increase the length so adding one more character increases by a factor of about 100 94 to be specific so I think you hook you eventually get to a length that was suitable for your requirements if you know how long an attacker can take now there's a more formal way that we measure the length of the strength of character of passwords we normally don't look at the time so here I said sorry I've lost it the attack rate was 10 to the power of 12 but it depends upon the computer 10 to the power of 12 or is it 10 to the power of 10 it depends upon the computing devices and the system available to the attacker a more general way is to look at how many bits are needed to represent the password let's go back to our first scheme with when we had 26 to the power of six or about 300 million possible passwords how many bits do we need to represent those passwords think if you need to store those passwords in binary how long does the is the password in binary so we have 300 million possible values 300 million possible passwords how many bits do I need to store those to store a value if I need to be able to store one of any 300 million well how would you calculate the number of bits a character is four bits no no not necessarily 64 bits why let's say we're not using ASCII even better yeah we'll come back to that approach of storing as characters maybe think about more of a theoretical approach if we have 300 million possible values think of all right so think 0 1 2 3 up to 300 million or 1 up to 300 million then what length of a binary number do we need to store those values or and how do we calculate that log base 2 of 300 million would tell you the number of bits to store those values let's do it from a simpler perspective so everyone's clear let's say I had eight possible passwords very very simple scheme there's only eight possible passwords how many bits do I need to store a password there are eight possible values so the number of bits needed is just three bits because we could do it as I will not write them all I think you know them if there were eight possible passwords we need three bits at minimum if there were 10 possible passwords how many bits needed four bits correct or where does four come from how do you calculate for what's the algorithm in general now we use the log in base 2 okay the log of base 2 of 8 is 3 log of base 2 of 10 is not 4 but it's 3 point something and assuming we cannot have fractions of bits in computers with them our smallest unit is a bit then we need to round it up we'd need four bits but in general with n possible passwords n possible values you need log base 2 of n bits of course in practice we should round it up the answer okay because log base 2 of 10 is 3 point something we should round it up to four bits but in theory let's just keep it simple log base 2 of the number of possible values coming back I will not go back to the picture but we had a number of about 3 by 10 to the 8 possible passwords how many bits are needed who has a calculator not so many calculator a tablet a phone a computer if we have 300 million possible passwords how many bits do we need to store them log base 2 28 point something is a 28.16 so use your calculator and find the log base 2 of 300 million anyone confirm that anyone else get the same number I don't know the answer 28 point something good two people got the same answer it's about 28.1 28.16 or if we want to be practical we'd round it up to 29 because we cannot have 0.16 bits but in theory we could count like that so what we do to measure the strength of passwords is we convert them we think about them in binary and we know from our analysis of deaths and other block ciphers we know the approximate length of a key in binary that is secure against brute force we did some examples depending upon computer speeds at 128 bit keys generally considered secure because you have 2 to the power of 128 possible attempts a 20 28 or 29 bit key requires 2 by 2 to the power of 28.16 attempts what's 2 to the power of 28.16 300 million okay there's nothing new about this math from high school this is just the log of 300 million okay so 2 to the power of 28.16 is our 300 million the point is that when we talk about the strength of passwords often we talk about them with respect to the bits let's continue on that concept let's say one character long our password and we can choose from a through to z how many bits to represent one character where that character can be lowercase a through to z how many bits do we need and i will let you use decimals okay we'll see that it's if we come useful there are 26 possible values so there is log base 2 of 26 bits needed calculator five point let's give me let's be precise four point seven four point seven zero something good four point seven zero will do okay let's try another one one character and a number there are 10 values how many bits remember the number of possible values log base two of the number of possible values three point i want to know that something three point what it will be useful in a moment three point three two that is log base two of 10 is 3.32 or 2 to the power of 3.32 is 10 okay what about if i allow uppercase well again you have 52 values so 2 to the power of log base 2 of 52 that was with one character let's try another one let's say i have 10 characters the length is 10 and we're allowed to choose from a to z lowercase only how many bits 10 characters now you may have the answer find the shortcut to get it 10 characters they can be a through to z lowercase only how many bits 47 if one letter a through to z is represented in 4.7 bits then 10 letters each letter takes 4.7 bits so 10 letters takes 47 bits okay so a 10 character password where each character can be a through to z or each character needs 4.7 bits then 10 characters 47 bits 4.70 times 10 one more if let's go backwards if i want to allow passwords chosen from numbers only 0 through to 9 and i want the number of possible passwords to be the same as the previous case around 47 bits how many characters how many characters should i use how long should your password be such that we have about 47 bits in in length about 14 let's look one letter requires 4.7 bits 10 letters 47 bits so someone who chooses a 10 character password from letters if they choose randomly is equivalent to about a random 47 bit number someone who chooses numbers for their password and we want to have the same equivalent length in binary 47 bits well one number uses 3.32 bits so how many numbers to get 47 bits 47 divided by 3.32 which is about 14 correct we'll approximate sometimes 14 numbers where each number is stored in 3.32 bits 14 times 3.32 is about 47 so now we can compare the strength of passwords a 10 character password chosen only from lowercase is about the same strength as a 14 character password chosen just from numbers because they're both equivalent to about a 47 bit binary value okay so we can start to compare different password schemes this concept of thinking about the number of bits we need to represent all those values is a measure of how much information is in a particular password which we call entropy so we can talk about the password entropy and often we use that to compare password schemes this password scheme forcing the user to choose 10 letters has the same entropy of this second password scheme that forces the user to choose 14 numbers and the entropy is 47 so the entropy is the number of bits needed to represent it one more before we come to your password schemes and maybe we'll just return to the slides to see that all right you did the right calculations here I've calculated before digits numbers one digit 3.32 bits English letters 4.7 bits of the 94 printable characters log base 2 of 94 is about 6.55 so then you can talk about okay if your password is chosen just from the numbers just digits how many digits do we need to get a password which is equivalent to 64 bits one digit is 3.32 bits so 20 digits is 20 times 3.32 which is what about 66 bits very close to our 64 okay so to get equivalent to 64 bit length binary value we need 20 digits 20 numbers English letters one letter 4.7 bits 14 times 4.7 is about 64 so the equivalent strength printable characters on your keyboard there's 94 of them each one we need 6.55 bits to store so we need to get 64 bits 10 printable characters another way to think of it is that if you choose a random password using the keyboard characters those 94 characters and you choose a password which is 10 characters long your password is about the same strength as a 64 bit random number that's the other way so we can start to compare different schemes so if I chose a 64 bit random number for my password you chose a 10 letter printable string randomly someone else chose the 20 numbers 0's root of 9 in a row then they're all about the same strength so we need some way to compare password strengths okay you have a scheme at the moment we're looking at it from a theoretical perspective of how to compare and always assuming random passwords okay it's not so simple but with the last 10 minutes we'll come back to this and we'll see some examples next week but for the last 10 minutes let's look at your schemes give me your schemes and I'll use a random number generator to select some good ones if you write your name on there then you'll get a penalty for your quiz no no I don't want your name this is supposed to be secret I don't want to know your password scheme because you may have chosen your bank password using this scheme and now I'll break into your bank okay I don't want your names on there it's just some examples anymore random okay take a pic quick okay let's read this one so let's just look at some of them and some of them that are the same will move on so this person said okay characters and I'll interpret what they write because it's not so clear no that one's just copied what I wrote on the screen another one okay well I have to choose here we go use commas and other punctuation characters so use the non letters non numbers so commas exclamation mark and so on I can't read his writing write a simple easy to remember word substitute with letters to the right who said that one explain write a word okay a word hello okay okay so if the word on my keyboard is I think of the word hello I remember that then on my keyboard the the letter to the right of h is j the letter to the right of is r and to the right of l is this semicolon and the right of o is p so I'd get r sorry j r semicolon semicolon and then p okay there's one scheme I'm an attacker I know this scheme so when I do an attack what I do is I find all the words in a dictionary hello is one of them and when I try passwords I try all the characters to the right on the keyboard so I'll find yours in not so much time then I'll try left right up or down and I'll and it will be generally not always but generally faster than brute force okay brute force requires trying all combinations but from an attacker what they do is instead of doing brute force start with some words and if they don't work start some manipulations on those words to the right maybe replacing l's with the number one replacing the letter o with the number zero and different manipulations so that's what attackers do so we just try some this one looks very long here we go if I have to choose the password I'll have I would choose it from something that that is around me something that I like and I'm familiar with and I'll use digits and numbers okay using digits and numbers digits and numbers what's the difference uh we're fine um but maybe let's give them they say digits and letters as well uh but and the idea is to choose something that they can remember so something they're familiar with but what are you familiar with you're familiar with words you're familiar with people's names you're familiar with names of other things like brand names and so on but again as an attacker what I do as an attacker is that I build up a database of all the words all people's names there's not so many and when I try and guess your password that's what I try first if there are a million words plus names plus places just a list of a million then all I need to do is try those one million values before I get your password maybe it's a variation shift to the right all right four million because I need to try a shift each direction and therefore much easier than brute force attack so even though these schemes may be okay it's still very easy for the attacker let's try a few more password with a length between six to ten well maybe after their analysis let's say password with a length of ten password would not have any meaning what's a word that has no meaning sorry not in the dictionary okay sometimes we may say a random set of characters okay that it has no structure because doesn't have to be truly random but close to random that is for example a word with no meaning in English is probably a word if you choose the letter q then the next letter let's say if the next letter is t then it's very unlikely for that word to be a word that has meaning because there are not many words in the English language that have the pairs of letters q t okay so there are some combinations of letters that will definitely produce words which are not in a particular language okay so choose something that doesn't have any meaning passwords with letters and numbers capital and lowercase uppercase and lowercase again what's the problem with choosing something with no meaning ten characters long so it's effectively like remembering a ten character random string the the idea of choosing a word with meaning is that it's easy to remember okay so let's see if we can find some other schemes of converting like your keyboard one but let's find others make up letters with no meaning okay well this is a long one let's see if we can cover it in the last few minutes rules include a special character at dollar sign exclamation mark in so the point here is that maybe you choose a word something you remember but you modify it by including some other characters so make sure you include a special character that is a non letter or number include numbers include normal characters split half for lowercase and uppercase okay so a mix between case so even if you choose a word like hello don't just do all in the same case so have a a mix such that you can remember the word you just need to now remember the the case for each characters make sure it's easy to remember your name your lover's name your birthdate remove slash from your birthdate okay but again now we have an attack what if someone knows you and they're trying to guess your password then there's a much smaller set to choose from if I know you and I'm going to try and break your password I find the list of your friends from Facebook and use all their names and from Facebook I get all of their birthdates so I use them in my attack so we'll need to look later at different ways to prevent that almost one more the previous one said use your birthdate this one says don't use your birthdate use passwords using lowercase uppercase and numbers fine that's good don't reuse passwords across systems already said that last time password should be 15 characters all right and I think we did a hands up last lecture and we saw that only one person had more than 12 characters if they remember or one or two people so not many people use 15 characters so if you suggest this to me I would most likely if I must use this scheme what would I do I would write it down that is let's say SIT forces me to use a 15 character password for my login I cannot remember it so what do I do I save it in a file or I write it on a post-it note and stick it on my monitor and then everyone who walks into my office knows my password so we need to make sure that we don't force people to use two secure passwords that are too inconvenient 15 characters is nice for security but bad for convenience and therefore forces the person to make poor usage of how to store that password one more anyone got a better one that I'm not going to find in here something rememberable okay different mix of letters what about longer passwords which are easy to remember so user good user a long phrase I love SIT and CSS 322 is the best and then take and I can't remember now but take the first letter for each word from that phrase and that becomes your password okay so choose a phrase a song name a movie or some quote that you easily remember and those first letters of each word in that phrase are used to make up your password so that way you can get a longer if you have a long enough phrase you can get a longer password still easy to remember and makes it difficult because the set of characters that you produce are most likely not in a dictionary okay I think we're out of time think about better schemes some of them here okay think about different schemes that you could come up with that now consider some of the analysis that we've done okay what we'll do on Tuesday is just finish on entropy and look at how do we store passwords and that will finish this topic and finish this course okay so hopefully on Tuesday we'll finish this topic on storing passwords if not finalize on Thursday let's continue then