A new take on autogenerated passwords
August 11, 2011
Today’s XKCD got me thinking about the strength of my own passwords again. Some time ago, XKCD already hit on the topic of password reuse.
A major argument for reusing passwords is that one can’t remember dozens of passwords for all services one uses. The typical counter-argument then is that one can use a password storage, be it a local application like KWallet or an online service. Such services allow you to protect multiple different passwords with one master password, which is the only one which you have to remember.
I am personally a user of KWallet, and must agree that it’s a great relief to have a backup for this crucial data available anytime. (Currently, KWallet stores over 200 passwords on my notebook alone, and there are probably unmerged passwords over at my desktop.)
But alas, both kinds of password storage solutions have a big problem: KWallet and friends are useless when you don’t have the wallet file around on the computer which you are currently using, you’re stuck. If the only computer carrying the wallet file gets broken, you’re totally lost. On the other hand, online storage solutions require a big deal of trust towards the provider running the service. As we saw earlier this year with LastPass, this trust is in general not justified.
So what can be done? I just had an idea which I did not see before anywhere. (Might be that I did not look closely enough. Please tell me if this idea has already existed before.)
If we don’t want to store passwords (because that requires both the availability of the storage and trust with a provider of this available storage), we need to generate them based on an algorithm. In other words,
#!/usr/bin/env python2
import base64, getpass, hashlib, subprocess, sys
def doHash(x):
return base64.b64encode(hashlib.sha512(x).digest())
def sendToXClipboard(x):
subprocess.Popen(["xsel", "-i"], stdin=subprocess.PIPE).stdin.write(x)
try:
site = sys.argv[1]
except IndexError:
sys.stderr.write("Usage: %s [domain]\n" % sys.argv[0])
else:
masterPassword = getpass.getpass("Password: ")
sitePassword = doHash(doHash(site) + doHash(masterPassword)) # variant 1
sitePassword = doHash(site + masterPassword) # variant 2
sendToXClipboard(sitePassword)
This Python script reads the name of a website, and prompts for a master password. It then combines both using a considered-secure hashing algorithm (SHA-512 in this case), and sends the Base64-encoded result of that to the X clipboard (so the password won’t be displayed on screen). Base64 is the best compromise between printability and string size.
The code shows two incompatible variants of obtaining the sitePassword. I won’t debate over which is better. The extra hashes in variant 1 are, strictly speaking, security by obscurity, as they don’t help when the attacker knows the algorithm. However, that’s not the main security feature. As far as I can see, this algorithm relies solely on the strength of the SHA-512 algorithm, which is (as of August 11, 2011) considered secure, and (if the attacker is brute-forcing) on the strength of your master password. So don’t choose “correcthorsebatterystaple”. 😀
The Geek Shall Inherit The Earth 
August 11, 2011 at 18:09
Personally, I generate my password phrases from the name of the site/service, using a hash function only I know (in memory) to look up words in a poem only I know (also in my memory).
August 11, 2011 at 18:10
Password hashing has already been around for years, it just isn’t terribly well known. I make use of a browser plugin provided by http://crypto.stanford.edu/PwdHash/ for my password hashing needs. Actually, to be honest, I haven’t really made the switch yet. I still have a lot of old passwords.
August 11, 2011 at 18:34
“This Python script reads the name of a website, and prompts for a master password. It then combines both using a considered-secure hashing algorithm (SHA-512 in this case)…The extra hashes in variant 1 are, strictly speaking, security by obscurity, as they don’t help when the attacker knows the algorithm. However, that’s not the main security feature. As far as I can see, this algorithm relies solely on the strength of the SHA-512 algorithm”
Not quite. You’re doing a keyed hash: look at HMAC, and consult e.g. http://www.schneier.com/book-ce.html to see why it doesn’t just do H(m||k) or similar, as you’re doing. (Don’t roll your own crypto: just use HMAC-SHA256 or HMAC-SHA512.)
August 12, 2011 at 02:23
Well, it exists. i have a similar alogoritm mixing sha1 and md5 to get an unicode ascii mix. Actually, i’m porting to a PIC for hardware support, listening to a keyboard shortcut it can emulate keys so u don’t need to type anymore.
(sorry for my bad english)
August 12, 2011 at 02:41
If only it could work. Most password fields limit you to short passwords, and have limits. Some won’t allow spaces. Some require a special symbol (%@$#& type time), some don’t allow them. Some require both upper and lower case, some only one case, and some are case insensitive…
August 14, 2011 at 11:13
My software permits you to change the length and have some rules like “special-symbols-safe” and “start with a letter”.
August 12, 2011 at 06:33
Personally I think all password storage and/or generating solutions are plainly missing the point. The point being – too friggin many passwords. Spammers made the web a hell for the rest of the world, where you need to register for an account on nearly every single website just to post a comment.
Solutions like storage/generators or login providers (OpenID etc) are just ugly hacks on the real problem. The solution IMO would be to get rid of a login/password authentication. One of possible alternatives would be a public/private (optionally hardware) key. You give the website your public key, and to login you use your private one. If you lose them there’s no option to get them back, you need to get new ones (generate if software or buy a new crypto card/usb stick if hardware).
That’s the downside, but the upside is you don’t need to remember anything, or at most a single password. The keys can be as long as needed. And you would need to take care of them just like you take care of your house or car keys, so everybody would keep them secure knowing it’s all or nothing.
PGP Smartcards are available already, so they could be used, but they need to be universally implemented first, which is the worst problem.
August 12, 2011 at 08:28
Have you checked Firefox Sync? A syncing storage for (among others) passwords and you don’t need to trust the server (and you can even provide your own).
August 15, 2011 at 09:12
> As we saw earlier this year with LastPass, this trust is
> in general not justified.
When did we ever see a problem with LastPass. The incident that you are referring to was a non-issue that the LastPass devs made public to be prudent about. The data was never in any danger of being compromised.
You should be praising the LastPass devs for their behaviour, not criticizing the service.