23
English type: Plain text
These numbers are very rough estimates but give an idea of what length of passphrase a very powerful adversary like a state-sponsored attacker could guess.
0/1550 · 155
24
English type: Plain text
Even if guessing a passphrase of 3 random words with LUKS1 costs very little energy, any such attack also requires:
0/1150 · 115
25
English type: Plain text
- Physical access to the device - Very expensive computer equipment - Professional hacking skills
0/970 · 97
26
English type: Plain text
You can see the details of our calculations in [[!tails_ticket 19615]] and this [spreadsheet](https://cryptpad.disroot.org/sheet/#/2/sheet/view/KdOJLeuCsc4dS3vq-bHhFw6zByUSRJXsCcAkB-ERxtc/).
0/1900 · 190
27
English type: Plain text
<h2 id="schemes">Other password schemes give too little guarantee</h2>
0/710 · 71
28
English type: Plain text
We recommend using passphrases made of several random words because using randomness is the only way to really guarantee the strength of a password.
0/1480 · 148
29
English type: Plain text
Using other password schemes give little guarantee over the strength of a password, even if it follows complicated password policies and validates on password strength meters.
0/1750 · 175
30
English type: Plain text
For example, a [Dutch hacker logged into Donald Trump's Twitter account *twice*](https://www.washingtonpost.com/world/2020/12/17/dutch-trump-twitter-password-hack/) by guessing his passwords, despite that these passwords included several words, were more than 8 characters, and even had special characters. They were definitely not random enough: "*maga2020!*" and "*yourefired*".
0/3810 · 381
31
English type: Plain text
To understand the maths behind password strength, watch [An information theoretic model of privacy and security metrics](https://media.libreplanet.org/u/libreplanet/m/an-information-theoretic-model-of-privacy-and-security-metrics/). Bill Budington from the EFF explains the concept of entropy and its implication on browser fingerprinting and password safety in accessible terms.
0/3800 · 380
32
English type: Plain text
<h1 id="updating">Keeping your encryption secure</h1>
0/540 · 54
33
English type: Plain text
All users are recommended to upgrade to LUKS2 on all their encrypted devices: Persistent Storage, backup Tails, and other external encrypted volumes.
0/1490 · 149
34
English type: Plain text
Depending on the strength of your passphrase, we might also recommend choosing a different passphrase and migrating to another Tails USB stick:
0/1430 · 143
35
English type: Plain text
- [[If your passphrase has 4 random words or fewer|argon2id#4]] - [[If your passphrase has 5 random words|argon2id#5]] - [[If your passphrase has 6 random words or more|argon2id#6]]
0/1810 · 181
36
English type: Plain text
<h2 id="4">If your passphrase has 4 random words or fewer</h2>
0/630 · 63
37
English type: Plain text
If your current passphrase has 4 random words or fewer:
0/550 · 55
38
English type: Plain text
- Your encryption is insecure with LUKS1.
0/410 · 41
39
English type: Plain text
You have to upgrade to LUKS2.
0/320 · 32
40
English type: Plain text
- Your encryption is more secure with LUKS2.
0/440 · 44
41
English type: Plain text
We still recommend changing your passphrase to be 5 random words or more.
0/760 · 76
42
Persistent Storage (4 words or fewer)
English type: Title ###
Persistent Storage (4 words or fewer)
20/370 · 37