Add generator for high-entropy Diceware-like passphrases#181
Add generator for high-entropy Diceware-like passphrases#181micahflee wants to merge 7 commits intokeepassx:masterfrom
Conversation
…d PassphraseGeneratorWidget, and the code to make them appear in the GUI
|
Really!? What is KeePassX? A password/passphrase/string manager. It's purpose? Allow me to NOT memorize these strings, which need to be random. Strong 128 bits can be achieved with 23 chars (Aa0). With Diceware I need ~ 70 chars. In my opinion it is nether worth to memorize nor type sometimes. But, done with the idea critique, I value a good job. The interface implementation seems to be good. A super plus to you. |
|
This would be a great feature, and KeePassX really needs it! |
|
@juliomaranhao I agree the primary purpose is to create passwords that don't require memorization, but some passwords do. This is a handy addition and promotes a good security practice for passwords that require memorization. @micahflee Seven words is a great default. But assuming a wordlist of 7776 the user will only ever need 6-8 words. Nine is obscene paranoia and five is too few. Does it make sense to limit to those options for creation? Correct me if I'm wrong but it looks like this is using the standard slider implementation? A few pixels either way on the slider makes it unusable for security reasons or for usability ones (if it shifts less than 5 or more than 8). I assume messing with the slider UI for this was out of the question? |
|
@juliomaranhao if you need to generate a password that you'll never need to memorize, type, say out loud, etc., then just click "Gen Password" instead of "Gen Passphrase". One of the reasons I like KeePassX is because it's offline, isn't stored in the cloud, and I'm able to restrict my password database to a specific secure device. But this means that if I need to login to a service on a separate computer, or on a phone, then I need to open KeePassX on one device, look up a password, and type it into another device. It is SO MUCH more frusturating to type something like @curenando It's easy to change the max number of words allowed in the slider. Right now it's set to 40 (which would provide a staggering 516.99 bits of entropy), which I admit is a bit high. Maybe a better max would be 10 words (129.24 bits of entropy). I don't see a need to set the minimum words. The minimum on the password generator is limited by the number of different character types (so if you use Should I change the max word count from 40 to 10? 10 words is basically equivalent security to 128-bit crypto key. If you want a passphrase with equivalent security to a 256-bit crypto key, the max would need to be 20 words. |
|
@micahflee Minimum makes sense, thanks for the clarification there. Is there a scenario in which it would make sense to use a 10-20 word diceware passphrase? I suppose there's no real harm in allowing more words but realistically your own article makes the point that seven words with a 3TR Guess/Sec threat model is plenty - https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/ Maybe there are other cases here in which 3 trillion guesses per second is naive? Otherwise I think eight words is plenty, but ten would be reducing it enough to meet the UI aspect that I brought up. |
|
@micahflee @curenando Please, don't try to limit password size based in "usefullness" or "no one will ever use it". I remember the days where it was common to limit a password to 8 chars. Do you remember? So, if the UI/UX can handle it (any usability complain?) them make a very high limit. It seems @micahflee already did it (40 words). |
|
You're right, 8 characters were naive. We never expected computation power to get to the point it is now. Even assuming Moore's Law continues and nation states make a point to make dedicated attacks against diceware you really just don't need more than eight words because of the scaling possibilities per word. If my math is wrong please let me know, but 7776 ^ 10 possibilities seems appropriate. Twenty is fine too from my usability perspective, but realistically I'm still not sure what kind of situation you need a passphrase that long. The universe will have ceased to exist by the time a nation state would be able to guess your password from 7776 ^ 10 possibilities. Edit - You really do have to think about 'usefulness' because if you want people to use something it has to be useful. I admit there is often a security trade off between security in usability that security suffers from, but this isn't a case like that. |
|
@micahflee said:
Typing and memorization abilities are really personal. Taking your example
After reviewing my first post, I need to apologize for being somehow rude. I think it is the effect of not seeing any development to implement my list ;-) (comprehensive global auto-type, keyboard injection and not copy-paste, database merge, etc). I stick with KP2/Linux because of these missing features. Anyway I am happy to see someone doing a good job. Even it's a low priority in my personal list. |
|
As for the maximum length I'd argue for 20 words. As it already has been suggested this equals 256bit and this is the current recommendation for long-term-security. Additionally I have on other request: What about making this feature multi-language? This means offering different wordlists for different languages and allowing the user to choose one. Preferably users should be able to choose more than one list as they may speak more than one language. 😃 |
|
Let me see if I can put this in context here. I think there are about 94 character possibilities with a standard password created in KeePass upper/lowercase letters, numbers, and special characters I see on a standard english keyboard. If you take away special chars then just 26 + 26 letters and 10 numbers (62). Here are the numbers of possibilities: Please check my math above but I think this indicated 20 words is plenty. In most cases that diceware passwords are used they really don't require the same entropy of a 256 bit key because they will either be key stretched or hashed. The main thing I'm trying to get across here is that In any attack scenario I don't think there is a security benefit of increasing past eight words. Additionally there can be a usability detriment you have to take seriously because then you increase risk of password reuse, poor password creation schemes etc. @micahflee I'd be interested to know what you think would require more than 8 words. Especially given your well reasoned article on the subject. |
|
@rugk Agreed :) Multiple word lists, or the ability to import/edit a custom word list would be great. I assume that a random dictionary attack would be centred around english words, so having the ability to use e.g. swedish or spanish words would be great. |
|
@curenando If I were to lower to maximum word length I think I'd go for 20 rather than 10, just in case people have crazy use-cases that I don't anticipate, or just want to be paranoid. Personally, for what I use passphrases for, I don't think there's any reason to use more than 10 words. @rugk @Oter2k I designed it so it should be simple to add more wordlists in the future. There's a And the GUI would need to have a dropdown as well. I was thinking about multiple wordlists, but I think just English is a good first start. I think the largest challenge is that there aren't any very good non-English wordlists yet. The original English Diceware wordlist had many issues, and the non-English ones were even worse. I think it would be excellent if academics build wordlists in other languages using similar methodology that Joseph Bonneau did with the English one: https://www.eff.org/deeplinks/2016/07/new-wordlists-random-passphrases |
|
@micahflee Fair enough. Either way this will be a great feature, especially for mobile passwords. |
|
@micahflee Consider sending a pull request to this repo instead https://github.com/keepassxreboot/keepassx |
|
What is KeepasReboot? |
|
A new fork that is in active development |
|
It will be useful when you can't be able to run KeePassX on device. For example, I was in my friend house's to play Xbox. I had to look in my smartphone to check the my Xbox account password. In Diceware would be much more easier to write. |
|
@micahflee thanks for the work you have done on this. This would completely satisfy the request I made at https://forum.keepassx.org/viewtopic.php?f=2&t=4045 |
Randomly generated passwords can be great sometimes, but they're often very hard to memorize (for when you want a memorable passphrase) and also hard to type, especially on mobile devices. I've been wishing KeePassX would support secure passphrase generation for some time, so I decided to take a stab at making it myself.
This PR changes the "Gen." button to separate "Gen Password" and "Gen Passphrase" buttons. If you click "Gen Passphrase" you get a totally different type of password generator that simply asks how many words.
It generates secure high-entropy passphrases using the excellent wordlist published by EFF which has many improvements over the original Diceware wordlist. There are 7776 words in it, which means 12.92 bits of entropy per word. A 7-word passphrase has 90.47 bits of entropy, which should be secure enough for encryption passphrases, for disk encryption, secret keys stored on disk, other password databases, etc.