The '''NeoSmart Password Model''' is the name of an initiative started by [http://neosmart.net/ NeoSmart Technologies] to introducing [[password]]s built on a basis of complex/foreign characters in an attempt to reach a higher degree of security.
== The Traditional Password Model ==
The current password model employed by the greater majority of today's computer users of all levels of experience revolves around creating a password that is as difficult to crack as possible. In the current model, the strength of a password directly varies with its length, and at first, with its "makeup."
All passwords that fall under this model make use of a common base, built of the sets that include letters, numbers, symbols, and printable markings. Security is achieved by increasing the length and including characters from as many different "makeup" groups as possible.
== What the NeoSmart Password Model attempts to do ==
The NeoSmart Security Model introduces many non-ANSI compliant [[Unicode]] characters to a password, while keeping the password from getting out of hand in terms of length and difficulty.
Instead of only using characters, numbers, and symbols; the NeoSmart model focuses on the usage of non-English characters, specifically the language-independent subset.
Such characters include accented characters, signs, pointers, and other non-ANSI symbols. Examples are ♪, →, Ł, ↨, ♀, and §.
== The Mathematical Reasoning ==
Password strength is measured by [[information entropy]]. The entropy, in bits, of each random character or symbol in a password is the [[binary logarithm|base-2 logarithm]] of the number of possibilities. If all character are selected at random, the entropy of the password is the number of characters times the entropy per character.
The alphabet has 26 letters, giving an entropy of 4.7 bits per letter. If upper and lower case letters are used with 10 digits, there are 62 possibilities, for an entropy per character of 5.9 bits. Adding 32 ASCII special characters to the mix gives 6.5 bits per character. NeoSmart researchers capped the base for non-ANSI unicode characters at 700, giving 9.5 bits per symbol. A larger base of 1500 symbols would give 10.55 bits per symbol. Doubling the number of symbols increases the entropy per symbol by one bit.
== What this means for security ==
NeoSmart Technologies claims such passwords are "uncrackable", based on the assertion that current [[password cracking]] programs do not try the full range of Unicode characters (see their whitepaper [http://www.neosmart.net/forums/index.php?gettopic=10 The Advent of Uncrackable Passwords]). However, password cracking programs have, in the past, quickly adapted to new techniques.
In general, using a wider range of possible symbols increases password security. A three symbol random NeoSmart password, as suggested in their whitepaper, would have 28 bits of entropy, the same strength as six random letters from the Roman alphabet (a through z). To the extent that password cracking programs have not yet adapted to this method, the symbol-based password would be less likely to be cracked.
One problem with this method is that not all programs accept passwords in Unicode. Another problem is entering the symbols. On many operating systems, this can be done by pressing the "Alt" key and entering a code number. However if this is done, there is no reason to restrict oneself to a subset of Unicode; any valid code could be used. One would memorize the code sequence rather than the symbol.
If symbols for new passwords are not presented randomly, there is a high likelihood users will select more familiar symbols, making the cracker's job easier.
== External Links ==
*[http://www.neosmart.net NeoSmart Technologies]
*PDF [http://www.neosmart.net/forums/index.php?gettopic=10 The Advent of Uncrackable Passwords]
This site is not affiliated with or endorsed in any way by the Wikimedia Foundation or any of its affiliates. In fact, we fucking despise them.
|
