Could use more salt configuration

[malikoth]

I don't need my salt to be very complex, I'd mostly like to use it to append characters to make my passwords fulfill (outdated) complexity requirements, i.e., numbers and symbols. So I have numbers and symbols selected as salt sources. But the salt doesn't necessarily actually contain a character from every salt source in every password.

Now, I'm familiar with a salt as used in storing passwords to a database, but those are implemented in the application, not as something the user sees. I'm not completely sure what the purpose of including a salt into the end user's actual password is. Because I'm not familiar with this use, I acknowledge that my use case may not match the intended case.

That being said, it would be nice if I could specify the number of characters to draw from each character source. I could set this to 1, and get one number and one symbol at the end of every password. Just a thought.

[nitz]

Let me start with: I like this idea, and definitely think I will add something like this, because I agree it seems quite useful.

And now for history: to give you a bit of why it is the way it is, ha! In a word: entropy.

I implemented this plugin as almost a carbon copy of the functionality from the iOS KeePass compatible app, StrongBox. My understanding of the logic behind the salting is to prevent the ability for an attacker to potentially re-create passwords from the lists if they knew what settings you'd used to generate them in the first place. (As in, perhaps one password was leaked by a service, revealing your 'pattern'.)

A random value added at some point(s) in the generated phrase would render attempted recreation nearly moot, as they wouldn't be able to attack every possible permutation. As well, drawing from non-dictionary sources gives the passphrase an extra bit of entropy by widening the surface area of characters used, especially when using characters that aren't "typical keyboard" characters.

The best way to increase an individual password's strength is definitely to increase its length. Increasing it's character set is likely the second!

You're not wrong in that it's very similar to how salting would be used to protect password hashes in a database, it just is an attempt to protect the other side of the equation in a targeted attack.

Okay, enough with all that, back to the topic at hand here's what I'm thinking:

I like the idea a lot of being able to tell it a number of characters to pull from each source. (Especially for cases like you say, to meet arcane requirements when they insist 'must include number' or the sort.) I also think it would be nice to have custom sets of sources. I've hardcoded ones that matched StrongBox's, but it would be nifty to allow user-defined sets as well, I think. This goes a little bit hand in hand with #1 (custom wordlists), which I plan to do as well at some point.

[malikoth]

I have nothing substantive to add regarding the actual ticket. I just have to take a second to say I still don't think this is actually a salt. :) Widening the character set is a great thing IMO. But the purpose of the salt is to make it so that if I use the same password on two sites, each one is salted randomly and then stored with that salt so that the hashes are not going to be something you can look up on a rainbow table. The hashes in the databases on those two different websites, were they to be hacked and publicly exposed, are going to be completely different, and there will be nothing connecting them. An attacker will have to just rely on brute force, and won't be able to use any kind of reverse lookup.

The point you made about recreating passwords from wordlists knowing the settings at the time of generation doesn't make sense. If you know the initial settings, that includes settings about salt sources, and the "salt" characters being added are just as random as the words selected for the rest of the password. It's adding more entropy, and widening the character set as you said which are both good, but I don't think it changes the cryptographic nature of the password at all, at least that I can see.

[malikoth]

I like the idea a lot of being able to tell it a number of characters to pull from each source

And maybe it's worth considering that you keep the "salt" functionality exactly as it is for parity with StrongBox, and you add this other feature whose sole purpose is fulfilling arbitrary complexity requirements.

[djlongy]

I was about to request the same thing, but you've already beat me to it!
I echo the same thoughts.

[nitz]

Hey @djlongy and @malikoth

I had some time to day to work on this. I don't want to push a new version out until I get a few more eyes on it and make sure it's working as expected, but I thought perhaps you two would want to be the first to have a go at it!

Here's a build (marked as v1.3.0.0-b0):
KeePassDiceware-b0.zip

Let me know what you think or if you run into any issues/crashes! (As well, the 'usability' is probably a bit odd without tooltips or hint text, so any feedback in that arena would be greatly appreciated as well.)

Already found one, the fallback options handling caused empty salt sources. Fixed that, and added a button to restore the default sources in the editor.

New build:
KeePassDiceware-b1.zip

[djlongy]

Testing now and it looks good.
Only additional feedback is it would be nice to not include the additional separator before the salt.

e.g. word1-word2SALT instead of word1-word2-SALT
:)

[nitz]

Fantastic, glad to hear it!

I can certainly add an option for the salt to be separated or not!

[djlongy]

This now works and looks beautiful! Thank you for your work!