Skip to content

Instantly share code, notes, and snippets.

@ooola

ooola/password_strength.md

Forked from atoponce/password_strength.md
Created December 28, 2016 18:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ooola/bb0965f412759357b3ada0b655fbe635 to your computer and use it in GitHub Desktop.
Save ooola/bb0965f412759357b3ada0b655fbe635 to your computer and use it in GitHub Desktop.
Download ZIP
A document evaluating different open source password generators and password strength testers. See the other Gists at the end of the document for the password results.
Raw
password_strength.md

Open Source Password Generator / Strength Meter Testing

This is a collection of password generators and strength meter testing. Each generator produces a different array of passwords, of which are then tested against each of the strength meters. The defaults are used where possible, otherwise sane options are provided.

The Results

The following results are tables showing the generators, passwords, and strength testers described below.

  1. Randomly generaterd passwords: atoponce/random_results_table.md
  2. Top-500 most commonly used passwords: atoponce/top500_results_table.md

Generator Explanations

The password generators tested are:

Nodepassgen

This is a Nodejs utility I wrote as a command-line version of https://github.com/atoponce/webpassgen installed at https://ae7.st/g/. The generators are identical, other than the minor differences between browser-based JavaScript and Nodejs.

Nodepassgen defaults to generating passwords of at least 70-bits of entropy using a CSPRNG. Knowing that most people don't generate passwords of that strength, one password of each of the following were generated, of 50-bits, 55-bits, 60-bits, 65-bits, and 70-bits:

  • Diceware (hyphenated)
    • English
    • Spanish
  • Eff (hyphenated)
    • Short
    • Long
    • Distant
  • Alternate
    • PGP (hyphenated)
    • RockYou
    • Simpsons
  • Pseudowords
    • Bubble Babble
    • Secret Ninja
  • Base94
  • Base64
  • Base32
  • Base16
  • Base10

This creates a total of 75 passwords to test.

passwdqc

The pwqgen(1) utility is written by Solar Designer, of OpenWall and John the Ripper fame. By default, with the pwqgen(1) utility, it creates passwords that default to at least 47-bits of entropy. This is configurable from a min of 24-bits to 85-bits.

Like with Nodepassgen, 5 passwords of 47-bits entropy (default), 50-bits 55-bit,s 60-bits, 65-bits, and 70-bits are generated. This provides 25 passwords to test.

APG

APG uses complex options to produce either pronounceable or random passwords. It defaults to a minimum of 8 characters in length and a maximum of 10 characters. It defaults to suggesting that special symbols, numerals, uppercase, and lowercase characters are provided. It defaults to 6 of each.

Because it's not based on entropy, but character length, 6 pronounceable passwords of 8-10, 10-12, and 12-14 characters are generated, then 6 random passwords of 8-10, 10-12, and 12-13 characters are generated. This provides 36 total passwords to test.

PWGen

The current PWGen implementation was written from scratch by Theodore Ts'o. It defaults to generating 160 pronounceable passwords to 8 characters each. Like APG, entropy isn't the primary focus, but length. Also, by default it generates pronounceable passwords, but supports random strings.

Five prounceable passwords and five random strings are created of 8, 10, 12, and 14 characters in length. This produces a total of 40 passwords to test.

libpwquality

The libpwquality software package was developed at Red Hat to replace the pam_cracklib and pam_passwdqc PAM modules. It's goal is to provide common functions for password quality checking and generation. The software provides a pwmake(1) password generator, based on entropy from /dev/urandom.

The default entropy provided is 54-bits. The pwmake(1)1 manpage describes that 54-bits of entropy is usable for passwords on systems/services to protect against online brute-force attacks, 64-bits for adequate security where the attacker does not have direct access to the password hash, and 80-128-bits where demanding security is needed.

Five passwords of 56-bits, 64-bits, 72-bits, and 80-bits are generated, providing a total of 20 passwords to test.

Strength Meter Explanations

The password strength meters are:

pwqcheck

The pwqcheck(1) utility is also provided by the passwdqc software from Solar Designer. This gives both a generater and a strength meter tester in a single software package. It acts as an alternative to the pam_cracklib and pam_pwquality PAM modules (pam_passwdqc).

It takes a password from STDIN, and outputs the following informational messages:

  • "OK"
  • "check failed"
  • "is the same as the old one"
  • Is based on the old one"
  • "too short"
  • "too long"
  • "not enough different characters or classes for this length"
  • "not enough different characters or classes"
  • "based on personal login information"
  • "based on a dictionary word and not a passphrase"
  • "based on a common sequence of characters and not a passphrase"

cracklib-check

Cracklib was originally written by Alec Muffett, but the torch has since been passed on. It provides a PAM module for enforcing password security when users on the system are changing their passwords, through pam_cracklib.

It takes a password from STDIN, and outputs the following informational messages:

  • "OK"
  • "it is based on your username"
  • "it is based on your password entry"
  • "it is derived from your password entry"
  • "it is derivable from your password entry"
  • "memory allocation error"
  • "you are not registered in the password file"
  • "it is way too short"
  • "it is too short"
  • "it does not contain enough DIFFERENT characters"
  • "it is all whitespace"
  • "it is too simplistic/systematic"
  • "it looks like a National Insurance number."
  • "it is based on a dictionary word"
  • "it is based on a (reversed) dictionary word"
  • "error loading dictionary"

zxcvbn

ZXCVBN is probably the most mathematically advanced password strength checker in the bunch. It is developed by Dropbox to make as close to a real-world attempt at estimating the complexity of a password with real-world scenarios on the success a password cracker would have in discovering the password from a hash. It uses a number of different dictionaries, spatial keyboard aptterns, repeats, sequences, years and dates, and a number of different substitution patterns.

ZXCVBN is completely entropy-based, and searches for the minimum amount of entropy, and intentionally under-estimates the entropy of the password structure, for a conservative approach.

There is no default binary to estimate password security with the default ZXCVBN source code by Dropbox, but implementing it in JavaScript, the native language, is trivial.

Rather than displaying the estimated entropy of each password, ZXCVBN provides a score from 0-4, with feedback for improvement.

  1. Too guessable. Crack time is less than 10^3 seconds.
  2. Very guessable. Crack time is less than 10^6 seconds.
  3. Somewhat guessable. Crack time is less than 10^8 seconds.
  4. Safely unguessable. Crack time is less than 10^10 seconds.
  5. Very unguessable. Crack time is greater than 10^10 seconds.

Feedback is provided only when the score is 2 or less.

Other results are also given, such as:

  • Online throttled attack.
  • Online unthrottled attack.
  • Offline slow hashing of 10^4 guesses per second.
  • Offline hash hashing of 10^10 guesses per second.

These results are not provided in this document.

libpwquality

libpwquality also provides a password checker that can be implemented as a PAM module through pam_pwquality. However, it also offers a command-line password checker with pwscore(1). It takes a password from STDIN, and provides a value between 0 and 100. According to the manpage, a score of 50 or below should be treated with moderate security, and a value above 50 with fairly strong quality.

For password check errors, feedback is provided as to why the score failed with the following strings:

  • "Bad integer value of setting"
  • "Bad integer value"
  • "Cannot obtain random numbers from the RNG device"
  • "Fatal failure"
  • "Memory allocation error when setting"
  • "Memory allocation error"
  • "No password supplied"
  • "Opening the configuration file failed"
  • "Password generation failed - required entropy too low for settings"
  • "Setting is not of integer type"
  • "Setting is not of string type"
  • "The configuration file is malformed"
  • "The password contains forbidden words in some form"
  • "The password contains the user name in some form"
  • "The password contains too few digits"
  • "The password contains too few lowercase letters"
  • "The password contains too few non-alphanumeric characters"
  • "The password contains too few uppercase letters"
  • "The password contains too long of a monotonic character sequence"
  • "The password contains too many characters of the same class consecutively"
  • "The password contains too many same characters consecutively"
  • "The password contains words from the real name of the user in some form"
  • "The password differs with case changes only"
  • "The password does not contain enough character classes"
  • "The password fails the dictionary check"
  • "The password is a palindrome"
  • "The password is just rotated old one"
  • "The password is the same as the old one"
  • "The password is too short"
  • "The password is too similar to the old one"
  • "Unknown error"
  • "Unknown setting"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment