You are here >  theory >  passwords

Pass-phrase 101



Passphrases are nothing but long-lines or sentences that are used in the place of passwords. Some applications that requires authentication allow people to type passphrases, instead of passwords. Example. PGP [Pretty Good Privacy] asks for passphrases for an user to authenticate the usage of his private key to decipher/decrypt the encrypted message. Is a passphrase more secure than a password? Well, everything is relative. What we mean by relative is that, a password that is highly randomized with alpha-numeric and special characters could be stronger than a passphrase with 2 words (all in lower case with no space). Does this mean passwords are more secure than passphrases? The answer is "its relative". I mean, there are good and bad passwords, and good and bad passphrases. The advantage of a passphrase over a password is that, simple sentences that are easy to remember are hard to guess due to:

  • Length of the passphrase.
  • Number of combination's possible.
  • Distribution of the characters.



Pass-phrases has its advantage over passwords, in terms of simplicity. Even though it is really simple to remember, it is relatively hard to crack. Let us consider an example:

  • Step 1: Think of a simple sentence: "I am now at DigitOnto LLC.".
  • Step 2: Change the cases of first letter to CAPS: "I Am Now At DigitOnto LLC.".
  • Step 3: Add numbers/special char(s): "I Am 2; Now @3(At): DigitOnto4 LLC5.".

In the above three steps, we saw how to pick a sentence and change it. If the example that we chose in Step 1 is used as the real-world passphrase, that by itself is good enough. We just wanted to make it more complicated in Step 2 by changing all the starting letters to CAPS. In Step 3, we make it even more complicated by sprinking/adding numbers and special characters. The reason for us to use the word "sprinkle" is because if you "append" the numbers and special characters at the end, the distribution is not done really well or across the passphrase. Hence, in essence it is good to spread the random special-characters and numbers across the passphrase, instead of accumulating it at the beginning or in the end. Passphrase is one good example for "Easy to remember, hard to guess" concept, which is why we decided to talk about passphrases in Password Analytics.

EvilFingers Arsenal

Socialize with RootkitAnalytics

Twitter Feed Blogspot

Socialize with EvilFingers

Twitter Feed Blogspot LinkedIn Delicious Google