Editing Passphrase

{{Use American English|date = March 2019}}
{{Short description|Sequence of words used to gain access}}
{{Use mdy dates|date = March 2019}}
[[File:Bitwarden Desktop 2024.12.1 passphrase generator screenshot.webp|thumb|upright=1.2|Passphrase generator in [[Bitwarden]]]]
A '''passphrase''' is a sequence of words or other text used to control access to a [[computer]] system, program or [[data]]. It is similar to a [[password]] in usage, but a passphrase is generally longer for added security. Passphrases are often used to control both access to, and the operation of, [[Cryptography|cryptographic]] programs and systems, especially those that derive an [[encryption]] key from a passphrase. The origin of the term is by analogy with ''password''. The modern concept of passphrases is believed to have been invented by Sigmund N. Porter in 1982.<ref name="w755">{{cite journal | last=Porter | first=Sigmund N. | title=A password extension for improved human factors | journal=Computers & Security | volume=1 | issue=1 | date=1982 | doi=10.1016/0167-4048(82)90025-6 | pages=54–56}}</ref>

==Security==
Source:<ref>{{Cite journal |last=Nosenko |first=Alex |last2=Cheng |first2=Yuan |last3=Chen |first3=Haiquan |date=2022-08-27 |title=Password and Passphrase Guessing with Recurrent Neural Networks |url=http://dx.doi.org/10.1007/s10796-022-10325-x |journal=Information Systems Frontiers |doi=10.1007/s10796-022-10325-x |issn=1387-3326|url-access=subscription }}</ref>

Considering that the [[information entropy|entropy]] of written English is less than 1.1 bits per character,<ref name=entropy>{{cite web | url = http://cs.fit.edu/~mmahoney/dissertation/entropy1.html | title = Refining the Estimated Entropy of English by Shannon Game Simulation | publisher = Florida Institute of Technology | author= Matt Mahoney | access-date = March 27, 2008 | archive-url=https://web.archive.org/web/20240620063221/https://cs.fit.edu/~mmahoney/dissertation/entropy1.html | archive-date=2024-06-20 }}</ref> passphrases can be relatively weak. [[NIST]] has estimated that the 23-character passphrase "IamtheCapitanofthePina4" contains a 45-bit strength. The equation employed here is:<ref name=NIST>{{cite web | url = http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-2.pdf | title = Electronic Authentication Guideline | publisher = NIST | access-date = September 26, 2016}}</ref>

: 4 bits (1st character) + 14 bits (characters 2&ndash;8) + 18 bits (characters 9&ndash;20) + 3 bits (characters 21&ndash;23) + 6 bits (bonus for upper case, lower case, and alphanumeric) = 45 bits

(This calculation does not take into account that this is a well-known quote from the operetta [[H.M.S. Pinafore]]. An [[MD5]] hash of this passphrase can be cracked in 4 seconds using crackstation.net, indicating that the phrase is found in password cracking databases.)

Using this guideline, to achieve the 80-bit strength recommended for high security (non-military) by [[National Institute of Standards and Technology|NIST]], a passphrase would need to be 58 characters long, assuming a composition that includes uppercase and alphanumeric.

There is room for debate regarding the applicability of this equation, depending on the number of bits of entropy assigned. For example, the characters in five-letter words each contain 2.3 bits of entropy, which would mean only a 35-character passphrase is necessary to achieve 80 bit strength.<ref name=entropy2>{{cite web | url = http://www.microsoft.com/technet/security/secnews/articles/itproviewpoint100504.mspx | title = The Great Debates: Pass Phrases vs. Passwords. Part 2 of 3 | publisher = Microsoft Corporation | author= Jesper M. Johansson | access-date = March 27, 2008 | archive-url=https://web.archive.org/web/20080408164744/https://www.microsoft.com/technet/security/secnews/articles/itproviewpoint100504.mspx | archive-date=2008-04-08 }}</ref>

If the words or components of a passphrase may be found in a language dictionary—especially one available as electronic input to a software program—the passphrase is rendered more vulnerable to [[dictionary attack]]. This is a particular issue if the entire phrase can be found in a book of quotations or phrase compilations. However, the required effort (in time and cost) can be made impracticably high if there are enough words in the passphrase and if they are [[random]]ly chosen and ordered in the passphrase. The number of combinations which would have to be tested under sufficient conditions make a dictionary attack so difficult as to be infeasible. These are difficult conditions to meet, and selecting at least one word that cannot be found in ''any'' dictionary significantly increases passphrase strength.

If passphrases are chosen by humans, they are usually biased by the frequency of particular words in natural language. In the case of four word phrases, actual entropy rarely exceeds 30 bits. On the other hand, user-selected pass''words'' tend to be much weaker than that, and encouraging users to use even 2-word passphrases may be able to raise entropy from below 10 bits to over 20 bits.<ref>Joseph Bonneau, Ekaterina Shutova, [https://www.cl.cam.ac.uk/~jcb82/doc/BS12-USEC-passphrase_linguistics.pdf Linguistic properties of multi-word passphrases], University of Cambridge</ref>

For example, the widely used cryptography standard [[OpenPGP]] requires that a user make up a passphrase that must be entered whenever decrypting or signing messages. Internet services like [[Hushmail]] provide free encrypted e-mail or file sharing services, but the security present depends almost entirely on the quality of the chosen passphrase.

==Compared to passwords==
Passphrases differ from passwords. A [[password]] is usually short&mdash;six to ten characters. Such passwords may be adequate for various applications if frequently changed, chosen using an appropriate policy, not found in dictionaries, sufficiently random, and/or if the system prevents online guessing, etc.{{Citation needed|date=January 2024}}, such as:
* Logging onto computer systems
* Negotiating keys in an interactive setting such as using [[password-authenticated key agreement]]
* Enabling a smart-card or PIN for an [[ATM card]] where the password data (hopefully) cannot be extracted

But passwords are typically not safe to use as keys for standalone security systems such as encryption systems that expose data to enable offline password guessing by an attacker.<ref>{{Cite news|last=Urbina|first=Ian|date=November 19, 2014|title=The Secret Life of Passwords|work=The New York Times Magazine|url=https://www.nytimes.com/2014/11/19/magazine/the-secret-life-of-passwords.html}}</ref> Passphrases are theoretically stronger, and so should make a better choice in these cases. First, they usually are and always should be much longer&mdash;20 to 30 characters or more is typical&mdash;making some kinds of brute force attacks entirely impractical. Second, if well chosen, they will not be found in any phrase or quote dictionary, so such dictionary attacks will be almost impossible. Third, they can be structured to be more easily memorable than passwords without being written down, reducing the risk of hardcopy theft. However, if a passphrase is not protected appropriately by the authenticator and the clear-text passphrase is revealed its use is no better than other passwords. For this reason it is recommended that passphrases not be reused across different or unique sites and services.

In 2012, two Cambridge University researchers analyzed passphrases from the [[Amazon PayPhrase]] system and found that a significant percentage are easy to guess due to common cultural references such as movie names and sports teams, losing much of the potential of using long passwords.<ref>{{cite web|last1=Godwin|first1=Dan |date=March 14, 2012 |title=Passphrases only marginally more secure than passwords because of poor choices |url=https://arstechnica.com/business/2012/03/passphrases-only-marginally-more-secure-than-passwords-because-of-poor-choices/|access-date=9 December 2014}}</ref>

When used in cryptography, commonly the passphrase protects a long machine generated [[key (cryptography)|key]], and the key protects the data. The key is so long a brute force attack directly on the data is impossible. A [[key derivation function]] is used, involving many thousands of iterations ([[Salt (cryptography)|salted]] & hashed), to slow down [[password cracking]] attacks.

==Passphrases selection==

Typical advice about choosing a passphrase includes suggestions that it should be:<ref name="SS2">{{cite web| last=Lundin|first=Leigh |title= PINs and Passwords, Part 2 | url=http://www.sleuthsayers.org/2013/08/pins-and-passwords-part-2.html |work=Passwords| publisher=SleuthSayers| location=Orlando| date=2013-08-11}}</ref>
* Long enough to be hard to guess
* Not a famous quotation from literature, holy books, et cetera
* Hard to guess by intuition—even by someone who knows the user well
* Easy to remember and type accurately
* For better security, any easily memorable encoding at the user's own level can be applied.
* Not reused between sites, applications and other different sources

==Example methods==

One method to create a strong passphrase is to use [[dice]] to select words at random from a long list, a technique often referred to as [[diceware]]. While such a collection of words might appear to violate the "not from any dictionary" rule, the security is based entirely on the large number of possible ways to choose from the list of words and not from any secrecy about the words themselves. For example, if there are 7776 words in the list and six words are chosen randomly, then there are ''7,776<sup>6</sup>&nbsp;= 221,073,919,720,733,357,899,776'' combinations, providing about 78 bits of [[entropy (information theory)|entropy]]. (The number ''7776'' was chosen to allow words to be selected by throwing five dice. ''7776&nbsp;=&nbsp;6<sup>5</sup>'')   Random word sequences may then be memorized using techniques such as the [[memory palace]].

Another is to choose two phrases, turn one into an [[acronym]], and include it in the second, making the final passphrase. For instance, using two English language typing exercises, we have the following. ''The quick brown fox jumps over the lazy dog'', becomes ''tqbfjotld''. Including it in, ''Now is the time for all good men to come to the aid of their country'', might produce, ''Now is the time for all good tqbfjotld to come to the aid of their country'' as the passphrase.

There are several points to note here, all relating to why this example passphrase is not a good one.
* It has appeared in public and so should be avoided by everyone.
* It is long (which is a considerable virtue in theory) and requires a good typist as typing errors are much more likely for extended phrases.
* Individuals and organizations serious about cracking computer security have compiled lists of passwords derived in this manner from the most common quotations, song lyrics, and so on.

The [[Pretty Good Privacy|PGP]] Passphrase FAQ<ref name="passphrasefaq">{{cite web |date=1997-01-13 |author=Randall T. Williams |title=The Passphrase FAQ |url=http://www.iusmentis.com/security/passphrasefaq/ |access-date=2006-12-11}}</ref> suggests a procedure that attempts a better balance between theoretical security and practicality than this example. All procedures for picking a passphrase involve a tradeoff between security and ease of use; security should be at least "adequate" while not "too seriously" annoying users. Both criteria should be evaluated to match particular situations.

Another supplementary approach to frustrating brute-force attacks is to derive the key from the passphrase using a [[key derivation function|deliberately slow hash function]], such as [[PBKDF2]] as described in RFC 2898.

{{main|Key stretching}}

==Windows support==
If backward compatibility with [[Microsoft LAN Manager]] is not needed, in versions of [[Windows NT]] (including [[Windows 2000]], [[Windows XP]] and later), a passphrase can be used as a substitute for a Windows password. If the passphrase is longer than 14 characters, this will also avoid the generation of a ''very'' weak [[LM hash]].

==Unix support==
In recent versions of [[Unix-like]] operating systems such as [[Linux]], [[OpenBSD]], [[NetBSD]], [[Solaris (operating system)|Solaris]] and [[FreeBSD]], up to 255-character passphrases can be used.{{Citation needed|date=January 2024}}

==See also==
*[[Keyfile]]
*[[Password-based cryptography]]
*[[Password psychology]]

==References==
<references />

==External links==
* [http://www.diceware.com Diceware page]
* [http://xkcd.com/936/ xkcd Password Strength] common-viewed explanation of concept

[[Category:Cryptography]]
[[Category:Password authentication]]