A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs and systems. Passphrases are particularly applicable to systems that use the passphrase as an encryption key. The origin of the term is by analogy with "password". The modern concept of passphrases is believed to have been invented by Sigmund N. Porter (1) in 1982. In security, specifically location security, the term access control refers first to the practice of restricting entrance to a facility or property to authorized persons, and secondly to the mechanisms which keep track of entries and exits (i. ... A password is a form of secret authentication data that is used to control access to a resource. ... Cryptography (from Greek kryptós, hidden, and gráphein, to write) is, traditionally, the study of means of converting information from its normal, comprehensible form into an incomprehensible format, rendering it unreadable without secret knowledge — the art of encryption. ... A key is a piece of information that controls the operation of a cryptography algorithm. ...

Security

The words or components of a passphrase need not all be, but often are, found in a language dictionary -- most particularly one available (on or off line) as input to a dictionary attack program. If findable in such a dictionary (and especially if the entire phrase can be found in a quotation or phrase compilation), an attacker has some chance of discovering the pass phrase by an automated dictionary attack. However, the required effort (time, cost, ...) can be made impracticably high if there are enough words in the passphrase. How many depends on the size vocabulary from which they are chosen and if those words are selected randomly. The number of combinations which would have to be tested under such conditions make a dictionary attack so difficult as to be infeasible. These are difficult conditions to meet, and selecting at least one 'word' for a pass phrase which cannot be in any dictionary is still more effective. In cryptanalysis, a dictionary attack refers to discovering a password by running through a list of likely possibilities, often a list of words from a dictionary. ... In ordinary language, the word random is used to express apparent lack of purpose or cause. ...

For example, the widely used crypto system (PGP) requires each user to make up a passphrase that you must enter whenever you sign or decrypt messages. So does the newer Internet standard (OpenPGP) compliant version, GPG. An Internet service called Hushmail provides free encrypted e-mail service, but its security depends almost entirely on the quality of the passphrase you choose. You should have your passphrase ready before creating your PGP or GPG key or opening a new Hushmail accountas 'inventing' a passphrase whilst entering it is a poor practice, very likely to lead to poor passphrases, and so to poor security. A cryptosystem (or cryptographic system) is the package of all procedures, protocols, cryptographic algorithms and instructions used for encoding and decoding messages using cryptography. ... PGP is a computer program which provides cryptographic privacy and authentication. ... In internetworking and computer network engineering, Request for Comments (RFC) documents are a series of memoranda encompassing new research, innovations, and methodologies applicable to Internet technologies. ... An Open Specification for Pretty Good Privacy (openpgp) OpenPGP is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 2440. ... The GNU Privacy Guard (GnuPG or GPG) is a free software replacement for the PGP suite of cryptographic software, released under the GNU General Public License. ... Hushmail is a free webmail service which offers PGP-encrypted email, file storage, vanity domain service, and an instant messenger (Hush Messenger). ... A key is a piece of information that controls the operation of a cryptography algorithm. ...

Compared to passwords

Passphrases differ from passwords. A password is usually short — six to ten characters. Such passwords may be adequate for various applications (if frequently changed, if chosen using an appropriate policy, if not found in dictionaries, if sufficiently random, and/or if the system prevents online guessing, etc.) such as: A password is a form of secret authentication data that is used to control access to a resource. ...

• Logging onto computer systems
• Negotiating keys in an interactive setting (e.g. using password-authenticated key agreement)
• Enabling a smart-card or PIN for an ATM card (e.g. where the password data (hopefully) cannot be extracted)

But passwords are typically not safe to use as keys for standalone security systems (e.g., encryption systems) that expose data to enable offline password guessing by an attacker. Passphrases are generally stronger, and a clearly better choice in these cases. First, they usually are (and always should be) much longer — 20 to 30 characters or more is typical, making some kinds of brute force attacks entirely impractical. Second, if well chosen, they will not be found in any 'phrase or quote dictionary', so such dictionary attacks will be impossible. Third, they can be so structured as to be more easily rememberable than passwords without being written down, reducing that risk as well. They can be, thus, considerably more 'secure'. In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more partys knowledge of a password. ...

Passphrase selection

Typical advice about choosing a passphrase includes suggestions that it should be:

• Long enough to be hard to guess (eg, automatically by a search program, as from a list of famous phrases).
• Not a famous quotation from literature, holy books, et cetera
• Hard to guess by intuition -- even by someone who knows the user well
• Easy to remember and type accurately

Example methods

One reasonable way to create a passphrase is to use dice to select words at random from a long list, a technique often referred to as diceware. While such a collection of words might appear violate the "not from any dictionary" rule, the security is based entirely on the large number of possible ways to choose from the list of words and not from any secrecy about the words themselves. If there are 7776 words in the list (as is the case with the Diceware word list), and six words are chosen randomly, then there are 7776 X 7776 X 7776 X 7776 X7776 X 7776 = 221073919720733357899776 possibilities, providing about 78 bits of entropy. (The number 7776 was chosen to allow words to be selected by throwing five dice. 7776 = 6⁵) Rolling dice A die (Old French de, from Latin datum something given or played [1]) is a small polyhedral object (usually a cube) suitable as a gambling device (especially for craps or sic bo). ... Diceware is a method for creating passphrases, passwords and other cryptographic variables using ordinary dice as a hardware random number generator. ... Entropy of a Bernoulli trial as a function of success probability. ...

Another is to choose two phrases, turn one into an acronym, and include it in the second, making the final passphrase. For instance, using two English language typing exercises, we have the following. The quick brown fox jumps over the lazy dog, becomes tqbfjotld. Including it in, Now is the time for all good men to come to the aid of their party, might produce, Now is the time for all good tqbfjotld to come to the aid of their party as the passphrase. Acronyms and initialisms are abbreviations formed from the initial letter or letters of words, such as NATO and XHTML, and are pronounced in a way that is distinct from the full pronunciation of what the letters stand for. ...

There are several points to note here, all relating to why this example pass phrase is not a good one.

• it has appeared in public and so should be avoided by everyone.
• it's long (which is a considerable virtue in theory) and requires a good typist (which is an overwhelming problem for most folks in actual practice). (Whatever software is accepting the passphrase for testing should never echo it to your display, lest shoulder surfers take advantage.) Typing errors are much more likely under such conditions, especially for extended phrases.
• it doesn't contain any non-alphabetic characters. Converting, say, the 'l' (Latin small letter L) in the acronym to a '1' (digit one) would be an improvement.
• individuals and organizations serious about cracking computer security have compiled lists of passwords derived in this manner from the most common quotations, song lyrics, and so on.

The PGP Passphrase FAQ by Randall T Williams suggests a procedure that attempts a better balance between theoretical security and practicality than this example. All procedures for picking a passphrase involve a tradeoff between security and ease of use; security should be at least 'adequate' while not 'too seriously' annoying users. Both criteria should be evaluated to match particular situations. // Security Analysis Shoulder surfing is using direct observation techniques, such as looking over someones shoulder, to get information. ...

Another supplementary approach to frustrating brute-force attacks is to derive the key from the passphrase using a deliberately-slow hash function, such as PBKDF2 as described in RFC 2898. A Key derivation function or key stretcher is a cryptographic hash function which is designed to make a key or password harder to attack using a precomputed dictionary attack or brute force attack. ...

Windows support

If backward compatibility with Microsoft LAN Manager is not needed, in versions of Windows NT (including Windows 2000, Windows XP and later), a passphrase can be used as a substitute for a Windows password. The LAN Manager was an advanced Network Operating System (NOS) from Microsoft developed in cooperation with 3COM. It is based on the Operating System/2 (OS/2) and NetBEUI protocol similar to its predecessors MS-NET for MS-DOS and Xenix-NET for MS-Xenix. ... Windows NT is a family of operating systems produced by Microsoft, and was succeeded by Windows 2000 (still based on Windows NT). ... Windows 2000 (Codenamed Cairo, also referred to as Win2K, W2K or Windows NT 5. ... Windows XP is a major revision of the Microsoft Windows operating system created for use on desktop and business computer systems. ...

References

1. Sigmund N. Porter. "A password extension for improved human factors". Computers and Security, 1(1):54-56, January 1982.

External links

• Diceware page
• Passkool - A deterministic "pronounceable" password generator
• Passphrase FAQs