NSA-proof passwords

The Intercept's Micah Lee explains how to use Diceware's to generate a passphrase that can survive the NSA's trillion-guess-per-second cracking attempts — but which can still be easily memorized.

If you're worried about your stored data being attacked by state-level actors like the NSA, you have to contend with the possibility that they'll get a copy of your encrypted data, put it in their own systems, and run a trillion guesses per second against it. That threat model goes for the data on your hard-drive and mobile devices, as well as your cloud-stored data, which is liable to overt exfiltration (through warrants that might include gag-orders) as well as secret capture (through NSA hacking).

By randomly selecting seven English words from a list 7,776 words, your passphrase can survive for 27 million years' worth of trillion-guess-per-second attacks. Lee strongly recommends using actual six-sided dice to choose your words in order to get real randomness in the selection and has hints for memorizing the seven words.

Lee warns that NSA-scale adversaries can use every phrase from every book, article and song ever made in their guessing systems, including simple number-letter substitutions. The good news is that you don't have to worry about trillion-guess/second attempts on your passwords for the services you use, like Gmail, because the services themselves throttle guessing attempts and lock down after a small number of bad guesses.

At The Intercept we run a SecureDrop server, an open source whistleblower submission system, to make it simpler and more secure for anonymous sources to get in touch with us.

When a new source visits our SecureDrop website, they get assigned a code name made up of seven random words. After submitting messages or documents, they can use this code name to log back in and check for responses from our journalists.

Under the hood, this code name not only acts as the source's encryption passphrase, but it's also really just a passphrase generated using the Diceware method, but with a digital cryptographically secure random number generator, rather than rolling dice. SecureDrop's dictionary is only 6,800 words long (the developers removed some words from the original word list that could be considered offensive), making each word worth about 12.73 bits of entropy. But this is still plenty enough to make it impossible for anyone to ever simply guess a source's code name, unless they happen to have massive computational resources and several million years.

Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop. It's a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training.

Passphrases That You Can Memorize — But That Even the NSA Can't Guess [Micah Lee/The Intercept]

(via Naked Capitalism)

(Image: Dice, Steve Johnson, CC-BY)