Salt character order should be randomized

[evancg37]

When a salt is generated, the order of the characters is always the same as the order of the salt sources. This makes the salt more predictable.

To demonstrate:

Order is always uppercase, lowercase, digits, symbols, then Latin 1 supplements. Changing the order of the salt sources just changes that order but the characters are still grouped together.

Instead, the salt should be generated with characters from the sources in a random order. So instead of something like "prayers851{?" the password could be "prayers5{18?" and the order of the salt sources wouldn't matter.

[evancg37]

In my opinion, the salt character order should always be randomized. If you think there should be an option to toggle this behavior, I can add that, but I don't know if any users would desire having a salt with a predictable pattern.

[nitz]

This feels like one of those "can't see the forest for the trees" situations. If I may ramble a bit:

The single, most reliable way to make any password more secure from a mathematical standpoint is to make it longer. The original premise of Diceware was to meet a small subset of requirements such as: being long enough to be secure, being easy to type, and being easy to remember.

That said, salting does increase the computational requirements if an attacker was trying to directly target a given passphrase. If nothing else, it increases length (additional character space notwithstanding,) and that's exactly why NIST, Intel, and other similar organizations that offer password guidelines call for increasing length rather than complexity. When comparing the benefit of increasing length vs adding salt (or shuffling the order of salt characters as it were,) it's sorta like rearranging deck chairs on the Titanic. If we're in a situation where the order of salt characters matters, we're in a whole world of problems anyways!

When I originally implemented this plugin, it was nearly a 1-to-1 clone of the functionality found in Strongbox, an iOS KeePass compatible client. Even as I did, I considered dropping the salting option simply because of the knowledge that length is far more powerful in making a passphrase stronger. (And far more memory friendly than random characters to boot!) Salting just has felt more to me over the years as something akin to a security blanket. We probably don't actually need them it all, but it feels wrong not to have it haha.

All of that said, I will admit that I am not opposed to the changes you've made in #42, and appreciate your effort in doing so. (Seriously, it's a wonderful thing when someone steps up to be the change they want to see in projects! 🙂) In response to the need for an option to control that behavior: no, I don't think that's needed. Passphrase generation is already designed to be as nondeterministic as possible, this would just lean into that.

---

P.S.: I do want to be transparent though; I use a salt source with characters unavailable to typical IMEs and thus must be entered by software or copy/paste. I don't think it would help in the case of a target attack, but I do enjoy the knowledge that a random person trying to password stuff would be unable to even type them in. 😂

[evancg37]

Thanks for the quick and awesome response! I love the rearranging chairs on the deck of the Titanic analogy. In situations where I want to use the plugin to generate a memorable password for a website that satisfies its length and complexity requirements (which are usually more like limits 😂) I simply feel better being able to add a few digits and symbols here and there that aren't always ordered the same as the salt sources. Thanks again for your thoughts and very happy to contribute!