What is a Safe Password or Private Key?
In this age of information and online assets, having a safe password (or private key) is necessary, unless you want to lose your asset. Many people (and I mean it) are using shitty passwords that are not too complex or too short, or are just too easy to guess. And remember your adversary is not a human, but a supercomputer or a botnet that can brute force any crappy password, so selecting as password some secret phrase that your spouse told you that only you 2 know about, is not a safe password, because a secret phrase is not always secure.
So let's learn what is a safe password or private key. Obviously the password itself should be safely generated, so we assume that the PC you are using is safe, otherwise read this:
Also don't use the passwords that will be shown here, they are already public, you need to generate your own passwords.
Criteria
For a password or private key to be secure, 2 conditions have to be met:
Secret = Meaning that only you know about it. If already 2 people know about it, it's not secret anymore. Now with a password this is unavoidable, because the service that it's tied to also knows about it. But a private key can be perfectly secret, because you don't need to input your BTC private key anywhere, it can be arranged in a way to always keep it offline. Whereas a bitcoin wallet password is useless without the wallet file, so both of them are be needed to spend the money, it's 1 additional layer of security. (so file + password = private key)
Secure = Meaning that it's complex enough that it can't be cracked in reasonable time (millions of years). Password length is not necessarily increasing security. While complexity is hard to measure, if the password is manually created. So the only way to measure a password's security is to look at it's entropy content.
Entropy
The security of a password is measured in entropy. Entropy is the measurement of information. It measures how much information there is in a password, or in other words how complex it is. But it has a few conditions to be met:
The entropy pool has to be consistent, meaning that we have to know what kind of output we are getting
The entropy pool has to create the bits in an uniformly random way
If the entropy pool is not consistent, then we can't measure what kind of security we are getting ,and we risk having a low quality randomness.
If the entropy pool is not uniformly random, then a bias is present, which lowers the entropy of the output, so we may expect
n bits, but if we only getn-10 bits, then we may be fooled.
Measuring Entropy
Now there is no perfect entropy source in the real world, and it's always better to draw more entropy than needed to make up for the possible biases. But getting a good entropy source is another issue, I will talk about it another time. In this example we will assume that if the pool has n bits, it will deliver n bits in the output too.
Measuring entropy is simple, and it can be done with the following formula:
N = Log2(X)Where X is the entropy source, and N is the output. For example
- A random number between 1 and 800 (if it's uniformly distributed) has an entropy of 9.64 bits.
- 9.64 bits would be the security of a password that is just a number from this pool
A better example is a bank PIN code:
- It has 9999 combinations, plus the "0000" empty code, therefore it has 10,000 combinations
- A bank PIN code has 13.28 bits of entropy (of course it has the 3 times chance system, and you need the card too, so it's not as weak in reality)
An N bit of entropy represents 2N combinations , therefore the strength increases exponentially with more bits added.
What is a Safe Password?
Now many cryptographers suggest a minimum 128 bit password, as a 70-80 bit password can already be broken in reasonable time by basic computers, so it's reasonable to assume that supercomputers and hacker botnets can break a little bit more. Some papers suggest that anything above 100 bits is already secure, but since Bitcoin uses 128 bits as basis, it would be OK to assume that a 128 bit password is OK.
How to Get a 128 bit Safe Password?
Well you just create one, uniformly, from a random entropy pool. You need 128 bits of uniformly random 0 and 1 in order to have your safe password. Computers have hardware random number generators built in them, and those supply your operating system with an entropy pool. Whether that is quality entropy or not, that is another issue, but if it is, then 128 bits are 128 bits.
Here is a 128bit password:
001101000100000101010011010011010010110000101111001110010011101101011010001111110010111100110101010100110010000000101100010101110011010101011011010011000011110101011110
This could be used as a password (don't use it because it's public) since it is randomly selected 0 and 1. When you see password boxes asking you to put 1 number and 1 capital letter or symbol in the password, that is nonsense. You see it doesn't matter how you represent the password, if the entropy is what it is.
The same password above could be written as: 4ASM,/9;Z?/5S ,W5[L=^ with symbols, and it has the same strength:
- So as raw password used like this:
001101000100000101010011010011010010110000101111001110010011101101011010001111110010111100110101010100110010000000101100010101110011010101011011010011000011110101011110 - Has exactly the same strength as written like this (with letters and symbols)
4ASM,/9;Z?/5S ,W5[L=^
There is no difference in it's strength. So capital letters/symbols/numbers, doesn't matter. That is just the encoding of the output. But if the entropy is 128 bits, it doesn't matter what form it has.
Encoding
Now the encoding can be anything, with the requirement, that it doesn't loses entropy in the process. So it can be written in binary, text, symbols, audio, video, physical objects. It doesn't matter, until no information is lost.
- The password above
4ASM,/9;Z?/5S ,W5[L=^, can also be encoded in Electrum words (bip39)
promote stuff mercy unlock divert hungry manual glad legal embody ozone village alarm
This word list has exactly the same entropy as 4ASM,/9;Z?/5S ,W5[L=^, because we select 13 words out of 2048 combinations therefore log2(2048)*13 = 11*13 = 143 (the extra bits are due to encoding inefficiency)
Or you could encode the password as sounds, like in a music file, or a picture, or a QR code. It doesn't matter. More bits may be added due to encoding inefficiency, but you must make sure information is not lost, or in other words, that the function is reversible without additional information.
So the encoding doesn't matter, as long as information is not lost. The point is that the 128 bits are mandatory if we want a good security password.
Sources:
https://pixabay.com
How come you don't recommend the usual 80 bits of security for a truly random password?
Because 80 bits is already not secure, and plus there is no way to know that a password has 80 bits of entropy, so it's always better to add more to it. I'd use 128 bits at least.
80 bits is still a pain in the a** to break, even for a State. I agree 128 is better, I wish Ethereum would have chosen that. Nice article .
https://security.stackexchange.com/questions/69374/is-an-80-bit-password-good-enough-for-all-practical-purposes
Some say that governments can crack at 2^40 guesses per second, that would leave 35000 years of strength per password, however that is on average , they might get lucky and break it faster.
Or the 80 bit entropy is not actually 80 but only 60, because your RNG is too weak.
Or quantum computers might speed up the password cracking, and they might start cracking much faster.
So most cryptographers recommend 128 bits, and we should already transition to 256bits, when BTC will add Schnorr signatures:
https://en.wikipedia.org/wiki/Schnorr_signature
thanks for the links. Btw if you want a good article on 128 vs 256 you can check this one: https://blog.agilebits.com/2013/03/09/guess-why-were-moving-to-256-bit-aes-keys/.
What do you thunk about this?
https://steemit.com/security/@profitgenerator/generate-secure-random-passwords-or-private-keys
honestly talking about safe keys, I would love to have my steemit key on a wordlist, rather than this mess. 52 random letters/numbers is a real pain to type and just typing out a few words feels a lot easier.
I honestly doubt you need a password entropy of over 300 bits, especially when this is an online password and steemit could limit logins or use something like bcrypt or argon2 to make hashing expensive as hell.
and even IF 300 bits would be needed, that's just 22 words from an 18450 words long word list (1password) and it's much easier to remember them a few words at a time and type them rather than typing this whole mess where most people probably cant remember more than 2 characters at a time because you dont just have small letters and numbers but also capitals.
but going to the 128 bits mentioned. 9 words are 127,5 bits, which should be more than enough. and that is for speed cracking.
if the password is hashed using something slow, and you would aquire enough power to crack a million of those slow af hashes per second, the you still have over 30 million years for a password of "just" 70 bits and even for 60 bits you still have tens of thousands of years on that assumption.
and as a quick note: 5 words from the mentioned list would already be 70 bits.