Feature Request: Diceware Password Generator

edited March 2014 in Lounge

@jpgoldberg‌

I was just reading the thread on Diceware:
http://discussions.agilebits.com/discussion/10684/password-with-real-words-like-diceware-really-safe/p2

I understand the issues with trusting software to generate randomness. However, we trust 1Password's RNG for the security of our keychains. Is it in some way "more bad" to trust it to generate diceware numbers?

If not, then can we please have a new feature in the 1P Password Generator to generate a diceware password? Options for English only and multilingual lists would be nice.

«13456

Comments

  • khadkhad Social Choreographer

    Team Member

    Is it in some way "more bad" to trust it to generate diceware numbers?

    Nope.

    If not, then can we please have a new feature in the 1P Password Generator to generate a diceware password? Options for English only and multilingual lists would be nice.

    I think this would be a fine addition to 1Password. Thanks for letting us know you are interested in it as well. :)

    For now, as I'm sure you are well aware, there is a "pronounceable" option which is fits similar use cases (i.e. easier to type or pronounce over the phone), but a Diceware option would be great.

    You can be sure I am advocating on your behalf for this.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    I would like to solicit opinions on "pronounceable" versus "diceware". I'm not sure that we would keep both if we introduced Diceware into the Strong Password Generator.

    Pronounceable, by the way, is based on a fairly old NIST standard, FIPS-181 (PDF, 4.8MB)

  • For now, as I'm sure you are well aware, there is a "pronounceable" option

    There is no "pronounceable" option in Windows.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    Well then consider either pronounceable or Diceware as a feature request for Windows. Note that when Diceware is done by computer, we don't need to limit the list to 7776 items. Nouns and adjectives are easier to remember. I'll try to construct a list. [Note to self: Remember to remove profanity, just as in pronounceable, we never let "f" start a syllable]

    Perhaps I should also try to put together a list for Hungarian, but there removing the profanity would leave nothing left of the language.

    Perhaps I shouldn't be posting this late at night.

  • I would like to solicit opinions on "pronounceable" versus "diceware". I'm not sure that we would keep both if we introduced Diceware into the Strong Password Generator.

    Personally I don't see the need for both as they both cover the same need; to produce a password that a human can remember. Since Diceware is the recommended technique, I'd suggest simply going with that.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    I need to do the math on FIPS-181 (or find someone who has). It may be that "pronounceable" are significantly stronger than Diceware. And advantage of Diceware is that it doesn't need a computer. But if you have a computer, it may make sense to avoid tying yourself to the non-computer constraint.

  • ah ok, that makes sense.

    I've written a little utility for generating diceware passphrases. There's a command line and gui tool.

    https://github.com/Richard-Payne/DiceWarePasswordGenerator

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    Cool. I'm now fetching mono, and hope I can figure out how to build C#/.NET stuff on Mac. (Yes, I really should learn how to use dev tools on Windows).

  • lol, it should work on Mono. I don't think I've used any Windows specific code. That's why there's two separate project for gui and console. If you set it as a gui project, you can't access the console and if you set it as a console project there's no way to close the console window after you've start the gui. The only solution I found was to directly call the FreeConsole API function, but that was unlikely to be portable.

  • I vote for diceware support.

    It's easy to understand for non-nerds, and the correct-horse-battery-staple story is everywhere. The key is getting the randomeness right, and that's where 1password saves the day. (Otherwise we end up with unique inventions like messy-keyboard-chair-plant, or song lyrics or whatever.) Might want to strongly discourage passphrases shorter than 4 words.

    Regarding the "pronoucable" math, I wish I had a better sense of how long those should be. It would be awesome if 1password provided an entropy calculator for all its various types of generated passwords. Maybe as a power user option.

  • Someone is a bloody genius. Diceware option was added in beta-452. Thanks!
    Note to self: Must pay more attention to the release notes from now on. :)

  • But really, ROFPML at the size range you allow! 64 word phrases; good luck remembering those.

    Also, you might want to consider a revision to the strength gauge. A single word phrase "beware" rates as Fair which seems somewhat generous to me.

  • @jpgoldberg Is there any benefit to capitalising 1 letter and adding a punctuation symbol somewhere. My gut says yes but that's rarely a good guide to reality.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    There is, of course, an advantage to adding additional variance, but the question is whether that gain is worth the cost in memorability/typeability.

    The word list used in the current 1Password for Windows beta has 17679 words on it, so that is approximately 14 bits per word. A password that is four words long will then have 56 bits of entropy. This is enormous for a password. (It's small for an encryption key.) At 20,000 guesses per second, that would take more than 300,000 years to get half way through.

    If we say that one of the four words will be capitalized than we add 2 bits. Sure that is something (indeed, it changes things from 300,000 years to 1.2 million years), but is it worth having to shift from lowercase to uppercase on a mobile keyboard? That is a choice you have to make for yourself. You might reasonably say that yes it is.

    When it comes to playing with punctuation, you have to ask whether the increased typing and memory difficulty is better than just adding another word. Again, you have to decide that for yourself.

    I would recommend that if you do something like this you should decide beforehand what kinds of changes you would make. Then you should pick at random (not out of your head) which specific change. For example, you might say that you will capitalize one word first. Then you will flip coins or roll a die to pick which word,

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    @grgz wrote:

    The key is getting the randomeness right, and that's where 1password saves the day. (Otherwise we end up with unique inventions like messy-keyboard-chair-plant, or song lyrics or whatever.)

    Yep. Even when people know that should pick randomly they fail. For example, if you ask people to pick these things randomly and stress that they should avoid things like what you describe, they will still tend to pick concrete nouns for almost all the words and perhaps a simple adjective.

    This is the problem with the XKCD comic. Those who already understand the issue didn't need, and almost everyone else thinks that they should pick words from their heads.

    Regarding the "pronoucable" math, I wish I had a better sense of how long those should be. It would be awesome if 1password provided an entropy calculator for all its various types of generated passwords.

    Yep. This is something I would like to see as well, but it isn't something I can promise that we will do. One of the issues with this is that as soon as someone manually edits a generated password, we have to treat it as human created. So if you generate a password like j=CA4freo;2MEemM*G and discover that the service you use won't accept an "=" so you change it to a "/", we would have to treat the original as generated and the modified as not-generated. The calculated strength of a generated password would be based only on the recipe used for its creation and would never need to know the password.

  • I would recommend that if you do something like this you should decide beforehand what kinds of changes you would make. Then you should pick at random (not out of your head) which specific change. For example, you might say that you will capitalize one word first. Then you will flip coins or roll a die to pick which word,

    @jpgoldberg Where I was going with this was that if the increase in entropy was worthwhile then an option on the generator to do random capital and punctuation would be good. However, from what you said, it sounds like the practical benefit would be negligible. @DBrown might do me harm if I keep suggesting more option without it being absolutely vital! ;)

  • Maybe replace the entropy bits indicator with ??? if the user edits the password?

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    Ah @RichardPayne‌, I misunderstood.

    I could imagine offering symbol separators and randomly chosen initial capitalization as options, but @DBrown is absolutely correct. One reason why 1Password works so well for so many people is that we are very cautious about adding options. There is always room for "one more option", but when you start thinking that way, you end up with dozens of advanced options that just scare people away. So this needs to be done cautiously.

    @grgz, We still want to offer some guidance on password strength for human created passwords, so we have to find a way to do this which doesn't add to confusion. But I definitely like the idea of offering exact entropy in those cases where we can. Like you, I hope to see it happen, but I can't promise anything.

  • Yeah it's a tricky usability problem. I think the average person is in dire need of better, more-current advice about how strong to make their passwords/passphrases. There's a ton of voodoo advice on the internets. But you don't want to scare them off with too much complexity.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    Exactly so, @grgz! Sure, I would like people to have perfect Master Passwords, but we don't want to make picking a Master Password so burdensome that people just give up.

  • benfdcbenfdc Perspective Giving Member

    Checkboxes for no spaces, include digit, include symbol, and include uppercase will facilitate generation of passwords for finicky sites.

  • benfdcbenfdc Perspective Giving Member

    I see that "Mr. Diceware" has just updated his recommended pass phrase length. Also that @jpgoldberg has commented on the thread that context matters.

  • I am loving this in the Windows version - will it be coming to Mac any time soon?

  • mayahopemayahope Junior Member

    What makes "pronounceable" passwords pronounceable in 1Password? I can't pronounce any of them or remember any of them, especially when I get to the length of the ones I have them set to (12-20 characters). The Apple keychain password helper has real pronounceable, memorable passwords. Also, when I use my "recipes" window, I have a problem when the website limits the kinds of symbols that I can use because 1Password doesn't allow me to do anything about it. I have to keep on futzing around with the slider until I finally get to the password that works. Meanwhile, I'm usually logged out several times. Anything to do about that?

  • khadkhad Social Choreographer

    Team Member

    @mayahope‌, from @jpgoldberg‌'s post above:

    Pronounceable, by the way, is based on a fairly old NIST standard, FIPS-181 (PDF, 4.8MB)

    We're looking at adding a Diceware option in 1Password for Mac like the one in 1Password 4 for Windows (currently in beta and referenced by John in his post directly preceding yours). It sounds like that would be something you would appreciate. :)

    We don't normally discuss future plans, but thank you for letting us know you too are interested in this. If we can be of further assistance, please let us know. We are always here to help!

  • DavidBDavidB Senior Member

    mayahope wrote:

    What makes "pronounceable" passwords pronounceable in 1Password? I can't pronounce any of them or remember any of them, especially when I get to the length of the ones I have them set to (12-20 characters).

    Yes--that is partly why I vote for Diceware. Generally more pronounceable and more easily memorized, for me at least. I would be satisfied with a random generator for just the regular Diceware word list.

    David

  • khadkhad Social Choreographer

    Team Member

    Thanks for the feedback, @DavidB. I think we are in full agreement! :)

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    Thanks all. Note is being taken of all of your excellent comments and input.

  • 1Password should offer a password-generation option of "pseudo-Diceware," driven by cryptographically-secure pseudo-random numbers. This would cover those passphrases used both from memory and from 1Password.

    (Reference, for anyone needing a brush-up on Diceware: the perennial discussion Password with real words (like Diceware) really safe? and Toward Better Master Password ).

    The upshot of those two discussions is, roughly, that there are two kinds of passwords:

    1. Ones you have to memorize, for which a careful, doctrinaire Diceware approach is good
    2. Ones 1Password saves you from having to memorize, so let it generate un-memorable goop

    In theory, 1Password reduces group #1 to solely the 1Password "Master Password."

    But "the difference between theory and reality is less in theory than in reality." In my world there is a third class of passwords: ones I have to use at several access points, some with 1Password available, some not. I need these memorable for the inaccessible times (like logging into my laptop), but can, must, and do use them through 1Password at other times (like logging into company websites). Call these "class 1.5". I do in fact use Diceware to generate class-1.5 passwords (passphrases), type them from memory for the class-1 uses, and load them into 1P for the class-2 uses.

    But a pseudo-Diceware system, with cryptographically-secure pseudo-random numbers in place of the dice, would be very strong, and more convenient than messing with dice.

  • khadkhad Social Choreographer

    Team Member

    This is a great suggestion, @jackr‌! In fact, Diceware is already an option in the 1Password 4 for Windows Beta. I'll make sure your vote is tallied to see it on other platforms as well. I've also merged your post with this existing thread, so we can keep the discussion in one place.

    Please keep the feedback coming! :)

This discussion has been closed.