If giving out the length hurts anything, there's enough going wrong that you should probably assume it's already compromised.
Unless there's something fundamentally wrong with the password, a public length of n is almost as secure as a secret length of n, and significantly more secure than a secret length of n-1
Never get into the specifics of a password, but explaining the basic structure should be a tiny impact and well within your margin of safety, or you didn't make a good enough password to start with.
While you're correct mathematically, I still think it's a good habit to give zero information about your password. If you attempt to estimate the information leakage with every "hint", sooner or later you'll slip up.
My view is your secrets should be secure even if the attacker knows everything about how they are generated and used.
For example:
My password is 8192 characters long, leveraging only the ASCII character set (except \n\r\t\0)
It is changed every 28days at 11:05am
It is only used on exactly 1 website and the username on that website is also only used on that website and randomly generated as well.
Good luck
(Tell me how and where I can make this stronger)
Telling someone your password is 8 characters long and memorable vs telling them it is 8192 characters long and unrecallable are two entirely different things.
This is a very hilarious post. Bravo, sir, or brava, madam. (Revealing your gender would likely be a security risk - if you leave that unspecified it doubles the space of possibilities!) I don't know what joyless types would downvote you.
Think of it this way: assume someone is trying to brute force your password. For simplicity let's say they know nothing about it, except that its characters are randomly drawn from a 50 character pool. As they guess passwords starting with 1 character, each added character takes 50x longer than all previous guesses put together to guess all possible passwords of that length. Put another way, if they knew the length beforehand, it would only save them from testing about 2% of the overall possible combinations.
Gotcha. I guess I was unclear about what "almost as secure" meant in this context.
So whether providing your length is a tangible security leak or not is essentially a function of the size of your character pool, because if your password is short enough for n-1 to contain a significant percentage of possible combinations then it's probably already short enough to brute force anyway.
That's not right. You can make a secure password using only ABC as your character pool, if you make it 60 characters long. In that case the percentage of combinations covered by n-1 is a full third of the n character combinations, and your attacker can get a 25% speed boost by you revealing the length. But it's still more secure than a 59 character password, and far more secure than a 57 character password, and all of them are extremely secure.
A good way to look at it is to measure the password in bits of randomness. At most, revealing length can shave off one bit. For any reasonable character set it shaves off a small fraction of a bit. And one bit does not make the difference between good or borderline or bad.
What you're missing is that a 59 character password (with secret length) is extremely secure, despite the even larger speed boost.
If you worry about any speedup in password cracking that is less than an order of magnitude, your password was too close to failing to start with. Make your password 5% longer, which will make it at least 20x slower to crack, and then you won't have to care if "20x" gets reduced to "15x".
You may say "It's not harmless to give up 25%. What if I give up 25% several times? That could make even a good password become insecure." but there's a limit to how much speedup someone can get from knowing the structure of your password. And the best way to evaluate the strength of a password is to assume that all the structure is public. So I can say that my typical passwords, being 20 mixed-case letters and numbers, all have a security of 2^119. It's possible that an attacker that uses the wrong algorithm would have to guess even more, but I'm not just worried about a clumsy attacker, I'm also worried about a moderately-high-quality attacker. It's a bad idea to depend on that extra .1 bit I could get with this character set, or that extra .4 bits I could get with a smaller character set. Just assume the length is known.
I'm confused about how that has anything to do with disproving my conjecture that whether whether providing your length is a tangible security leak or not is essentially a function of the size of your character pool, because if your password is short enough for n-1 to contain a significant percentage of possible combinations then it's probably already short enough to brute force anyway. You're just redefining what "secure" means.
I think we disagree about what a "tangible leak" is. I don't see it as tangible because it's eating into a tiny margin that you never should have counted in the first place. You do see it as tangible because it might make the attacker's job faster by several percent.
And that's fine, we can have different opinions on that part.
But "probably already short enough to brute force" is definitely not right. That percentage depends entirely on character set, not the length of your password. If your password is just numbers, then n-1 always has 10% as many combinations, whether your password is 5 characters long or 200. If you meant "probably already weak enough to brute force" that's not true either. Lots of passwords with mixed case and numbers and symbols are very short and pretty weak. Lots of passwords with only letters are very long and quite strong because they're made-up phrases. You can't guess the strength of a password just by knowing the percentage of [length n-1 combos] / [length n combos].
But 10% of 100 is magnitudes different from 10% of 10,000. The smaller the length, the more each percent (in terms of entropy) matters when we're talking about complexity as a function of brute force time.
And by that metric losing 2% of 1000 is a far bigger problem than losing 10% of 100,000. I agree that length is the most important factor, I'm just saying that character pool isn't very important to final security.
You need "sufficient" n no matter what your character pool is, and knowing the character pool of a password doesn't let you reliably predict if n is sufficient.
"a function of the size of your character pool, because if your password is short enough for n-1 to contain a significant percentage of possible combinations then it's probably already short enough to brute force anyway"
This seems to say that a small character pool, aka "n-1 containing a significant percentage of possible combinations", implies that your password is "probably already short enough to brute force".
So small character pool means that "probably" the password is short/weak.
I'm saying that a small character pool does not imply that a password is "probably" short/weak.
And to be very clear: Using the size of the character pool to say it's "probably" weak is a form of "reliably predict[ing] if n is sufficient".
> So small character pool means that "probably" the password is short/weak.
I really don't know how you came to that conclusion. I never claimed any dependence between the character pool length and password length. They're obviously completely separate properties.
You said that if a password of length n-1 "contains a significant percentage of combinations" compared to a password with length n then "it's probably already short enough to brute force".
Right?
That percentage comes entirely from the character pool.
So character pool -> percentage -> probably short enough to brute force.
What am I reading wrong? The only assumption I made is "compared to a password with length n", because what else would you be comparing length "n-1" to. Otherwise it's a direct quote.
We'll take 60 possible characters (alphanumeric with caps and a few special characters). The summation 1...N of 60^x is (60/59) (60^N - 1). Known length is 60^N. If we assume N is big enough that the minus one isn't important, you can see going from known to unknown only increases the guesses by a factor of 60/59!
Unless there's something fundamentally wrong with the password, a public length of n is almost as secure as a secret length of n, and significantly more secure than a secret length of n-1
Never get into the specifics of a password, but explaining the basic structure should be a tiny impact and well within your margin of safety, or you didn't make a good enough password to start with.