Strong password test

PMUSR

How should you set a password that is strong enough that would take even a very long time for a super computer to crack? Diceware password or just passphrase? Which one is better to use for maximum time to crack? Is there a site that you can test a password for how long it would take to crack with a super computer included? What kind of setup/computer does Law Enforcement use to crack a password?

[deleted]

PMUSR unless you are a fugitive on the run, use a 6 digit PIN

boldsuck

PMUSR EFF Dice-Generated Passphrases
Well known CrypTool-Portal Password Meter

Nuttso

https://www.uic.edu/apps/strong-password/

[deleted]

https://twitter.com/GrapheneOS/status/1750572042804482508

Obtaining data from the user accounts on the device requires brute forcing each lock method. The time required depends on the strength of the lock method. Secure element throttling means even a random 6 digit PIN can't normally be brute forced.

You should read grapheneos.org/faq#encryption. If the attacker doesn't have a very sophisticated exploit able to compromise the secure element, they can't bypass secure element throttling to make more than 1 attempt per day after initial ramp up. If they do, 6 digit PIN isn't enough.

There's a key derivation work factor involved too, which makes passphrases stronger than they would be without it. Part of this is also implemented as hardware-bound key derivation to prevent offloading to other machines without extracting a key from the SoC hardware.

A strong lock method such as 7 random diceware words is not possible to brute force even without the hardware security features. A random 6 digit PIN entirely depends on the secure element throttling. There's a large random of choices in between those two where it's more complex.

https://twitter.com/GrapheneOS/status/1745530977261142292

Our recommend for most people tends to be a random 6 digit PIN for regular use and then put particularly sensitive things in a secondary user with a 7-8 random diceware word passphrase. 7 diceware words is ~ 90 bit entropy which is good enough with all hw features bypassed.

JayJay

[deleted]

"https://twitter.com/GrapheneOS/status/1745530977261142292

Our recommend for most people tends to be a random 6 digit PIN for regular use and then put particularly sensitive things in a secondary user with a 7-8 random diceware word passphrase. 7 diceware words is ~ 90 bit entropy which is good enough with all hw features bypassed."

Interesting. Does this mean put your main profile as 6PIN and secondary with sensitive diceware or the opposite?
Shouldn't the main user have the more difficult password?

Murcielago

Interesting. Does this mean put your main profile as 6PIN and secondary with sensitive diceware or the opposite?
Shouldn't the main user have the more difficult password?

JayJay

I'm not quite sure what you mean by "main profile" - the owner profile or your daily driver (which can also be a simple user profile).

But basically, the following applies to all profiles: Each profile has its own encryption keys with which its data is decrypted and no profile has access to another profile's data (in relation to user profiles - it's different using work profiles created with Apps like Shelter or Insular, for example).

Our recommend for most people tends to be a random 6 digit PIN for regular use and then put particularly sensitive things in a secondary user with a 7-8 random diceware word passphrase.

I would assume the essence of the tweet is that sensitive data is packed into a different profile (where its data ist at rest until it is explicitly needed and the corresponding profile is unlocked) more than if you use PIN or diceware password for one or the other.

The peculiarity and - if you like - slight disadvantage of the owner profile regarding storing sensitive data is that it has to be unlocked first (befor being able to access another profile) and it always runs in the background, even if you switch to another profile. Its data - unlike a user profile - also can't be put back at rest (BFU) via "end session" (which is very convenient).

A good overview of how disk encryption is implemented can be found here
https://grapheneos.org/faq#encryption
and additionally for BFU/AFU (not explicitly mentioned in the FAQ) here:
https://discuss.grapheneos.org/d/10108-pixel-afu-vs-bfu-security

A separate subject is the question of password strength. As already posted by others above, both
a) a 6 digit PIN
b) a passphrase consisting of 7 random diceware words

are considered quite secure against brute force attacks.

Both approaches have advantages and disadvantages:
a) is more convenient but is only as secure if the secure element throtteling (Weaver) works
b) is more inconvenient, but offers good protection against brute forcing even without Weaver

This applies to both owner and user profiles.

Blastoidea

Murcielago
Under what circumstances would secure-element throttling not work?

SoulKeeper

I use a 10 digit numeric random PIN.

Tryptamine

Mine is 11 characters, uppercase, lowercase, numbers and symbols.

For my one and only profile!

AspireMan

13 characters upper lower case and digits.
But still on original Google Pixel 6 Rom. Read somewhere that graphene is more secure against obtaining data

GrapheneOS

AspireMan

We provide a bunch of features relevant to this:

1) Our auto-reboot feature automatically getting data back at rest after locking, with the default of 18 hours after locking (you can make it as low as 10 minutes).
2) Our recently added low-level USB-C port control on Tensor Pixels which even disables the data lines in hardware, with the default of disabling USB data in After First Unlock state when the device is locked (you can disable it in Before First Unlock state too along, set it as charging-only or even completely disable USB including charging while the OS is booted to even eliminate the charging protocol attack surface).
3) Our recently added full compacting garbage collection in system_server/SystemUI on the device locks.
4) Our large amount of generic exploit protection improvements including hardened_malloc, hardware memory tagging integrated into hardened_malloc and enabled by default, BTI/PAC and lots of other assorted kernel/userspace hardening along with a minor amount of additional firmware hardening through attack surface reduction. Attack surface reduction features such as Wi-Fi/Bluetooth auto-turn-off are also relevant.

You can see that the first feature gets the data back at rest after a timer elapses after locking if there isn't a successful unlock first, and everything else combines to secure the device against attacks.

Improvements to OS and firmware security are shipping in the stock OS for the April release based on our upstream vulnerability reports / suggestions to make things even better, including reset attack mitigation protection for the firmware fastboot mode by having it zero all memory before activating USB.

GrapheneOS

Blastoidea It always works, but the secure element could theoretically be exploited. A random 6 digit PIN entirely depends on the secure element's throttling. A mediocre passphrase also benefits from the initial scrypt-based key derivation and the hardware-bound key derivation involving a key unavailable to any software or even any firmware if properly implemented, which would prevent an attacker offloading the brute forcing to a server farm unless they can extract the hardware-bound key from the SoC. Most attackers are not going to be able to bypass either the secure element throttling so they'll be stuck brute forcing at 1 attempt per day after it ramps up.

[deleted]

I use 4 digit pin. Key being don't store sensitive data on your daily driver.

Blastoidea

Twelve -character password, with upper and lowercase letters, numbers, and special symbols. No punctuation.