Feature Request: Diceware Password Generator

2456

Comments

  • benfdcbenfdc Perspective Giving Member

    Diceware is already an option in the 1Password 4 for Windows Beta.

    Not just the beta any more! As a full-time user of 1P/Mac, and an occasional user of and "family tech support person" for 1P/Win, I can truthfully say that this is the first time I have ever experienced feature envy going in this direction.

    Considering how many years your loyal 1P/Mac users have been requesting and waiting for this feature, this is an infuriating state of affairs.

  • khadkhad Social Choreographer

    Team Member

    Since the time of my post 1Password 4 for Windows has indeed seen public stable release. It would be nice to see a Diceware option on the Mac as well. I agree. Thank you for confirming your views on this, @benfdc!

  • Like jackr I also have several "1.5" passwords, i.e. diceware passwords for use on machines where 1P is not available. Please bring this feature to the mac and ios!

  • khadkhad Social Choreographer

    Team Member

    Vote added! :)

  • PiratePirate
    edited July 2014

    Note that when Diceware is done by computer, we don't need to limit the list to 7776 items

    Surely, having the 7776 diceword word list made publicly available would make it easier for crackers to make a highly efficient script that just goes through all the combinations of the dicewords?
    Maybe instead of a generator that rolls dice and assigns these predefined dicewords to the list, a generator that first off generates words themselves (following easy to pronounce english- making up a random pronouncable word such as 'hontup'), then rolling the dice on these new made-up words?

    Additionally, for every new password, it makes up 7776 new dicewords (and discards the previous diceword list?)

  • @Pirate‌
    Having made up words defeats the point. The reason that diceware passwords are easier to remember is that the vocabulary is already embedded in the brain, assuming you can spell of course ;)

    Saying that having a defined list of words makes it easier for crackers is like saying that having a defined alphabet makes it easier to defeat normal passwords. If the word list x the number of words used is large enough then it becomes statistically impossible to crack anyway. This applies to both diceware and regular passwords.

  • PiratePirate
    edited July 2014

    @RichardPayne a lot of the words in the diceware list already look made up- even if they are not, they are not words I would have known about.
    Just flipping through the actual list (and not looking them up on dictionary.com), had the dice rolled me "fahey flattus rajah hokan hettie doric" I can safely say these words, for all intents and purposes, might as well have been made up. I dont think the 7776 words are all in my vocabulary, and I think of myself as having a decent vocabulary.

  • I don't disagree with you. I dislike the standard diceware list for that reason. That doesn't negate my point though.
    I think @jpgoldberg‌ agrees so it would be interesting to know 1Password's extended list excludes these silly non-words.

  • PiratePirate
    edited July 2014

    @RichardPayne Doesn't having the diceware list made available allow for targetted 1Password dictionary attacks, if the user knows that 1Password favors dicewords?

    @jpgoldberg I feel random made-up words would both protect against dictionary attacks made using the diceword list, AND a character by character brute force- no matter what method the attacker uses, the more randomness, the better.

    The more the attacker knows about the password format, the less iterations they have to do- for example, I saw posted on this forum the concern that a random generated 1Password password only has 10 numbers, 10 symbols, and 30 letters (I assume this is when 1Password had a cap of 50, rather than the current 64?). Wouldn't removing these caps increase randomness (or are these caps there to increase entropy due to there being more letters than there are numbers/symbols)?

    Regarding the caps and entropy- although a letter has more entropy than a number, the fact that the cracker doesn't know whether the character is a letter, number, or digit means it has actually the same entropy as the length of numbers+digits+symbols (Schroedinger's cat- the cat is both dead and alive, and the character is both a number and a digit and a symbol). By capping how many numbers are in a password, you run the risk of the cracker making specific rules stating that after the 10th number in the password, do not make any more characters in the password a number. This would reduce the remaining iterations significantly.
    For example, if they know that I use 1Password and probably maxed out the numbers bar, a valid guess would be
    0000000000aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    But they would never ever guess
    000000000000000000000000000000000000000000000000000000000000
    which will reduce the potentional number of iterations.

    In fact, this might even make RANDOMIZING the number of digits in a password better than always using all 10 digits? (Obviously, true randomness doesn't exist, but a fairly accurate randomizer suffices of course).

    LastPass's implementation of this has an option of the MINIMUM amount of numbers, but no option of the maximum amount of numbers.

    Off-topic, and I know this has been addressed, though I still like it, I do enjoy their ability to generate 100 character random passwords, while 64 (1Password's current cap), though still impossible to guess, is not as strong (though I do understand effectively zero vs effectively zero, maybe it is a psychological thing. Of course, as computers get stronger, passwords must get stronger too, why not just make them 100 length now and future-proof it, instead of in 10 years, having to go and strengthen all your shorter passwords? I'm talking, of course, about sites in which you never have to type the password in, and that it isn't memorized- just a random garble of letters, numbers, and symbols.)

    Sorry- this diceware generator post kind of evolved organically into a more general generator post.

  • khadkhad Social Choreographer

    Team Member
    edited July 2014

    @RichardPayne Doesn't having the diceware list made available allow for targetted 1Password dictionary attacks, if the user knows that 1Password favors dicewords?

    As stated in our "Toward Better Master Passwords" blog post:

    The strength of a password creation system is not how many letters, digits, and symbols you end up with, but how many ways you could get a different result using the same system.

    The great thing about Diceware is that we know exactly how secure it is even assuming that the attacker knows the system used. The security comes from the genuine randomness…

    You can find a comparison between Diceware and 1Password's generator in my post #9 in another thread.

    If you haven't already read it, you can read more about the math behind all this in our "Better Master Passwords: The geek edition" blog post.

    The more the attacker knows about the password format…

    To some extent, yes, but relying on security through obscurity is not a longterm viable solution. Again from the aforelinked blog post:

    What makes [choosing a Master Password] a particular challenge is the fact that the bad guys know at least as much about how people pick passwords as we do. They are not only reading the same password picking advice that gets posted in places like this, but they have studied millions of stolen passwords.

    Eventually the cat is out of the bag, and relying on solid math rather than obscurity is a proven solution.

    For example, if they know that I use 1Password and probably maxed out the numbers bar, a valid guess would be
    0000000000aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    But they would never ever guess
    000000000000000000000000000000000000000000000000000000000000
    which will reduce the potentional number of iterations.

    I'll leave the math there to @jpgoldberg‌ when he is back in the office, but I suspect we're dealing with a difference in entropy that would not materially affect cracking times. Perhaps the math is different enough, but I'm thinking of the old "exactly N digits vs. at least N digits" discussion.

  • +1. I would LOVE a diceware generator!

  • MeganMegan 1Password Alumni

    Hi @dagud,

    I'd love one too! I've added a vote for you, and a vote for me. :)

  • Simple. Just install Windows. :p

  • benfdcbenfdc Perspective Giving Member
    edited September 2014

    Simple. Just install Windows.

    Or install 1P/Win on your Mac via Wine or CrossOver. It's working for me!

  • MeganMegan 1Password Alumni

    Hi @RichardPayne‌ and @benfdc‌

    You're right - this is one example of where 1Password 4 for Windows is a bit ahead on the 1Password 4 feature curve. I still think it would be wonderful if people didn't have to dash into a virtual machine on their Macs to get a dice ware password ... but what can I say, I'm a dreamer! ;)

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    Some of us just keep a bucket full of dice around.

    (see http://blog.agilebits.com/2014/09/04/getting-chilly-for-charity/ for details)

  • benfdcbenfdc Perspective Giving Member

    A bucket of dice will do you little good unless you also have a word list nearby that is numbered in base 6.

  • MeganMegan 1Password Alumni

    Hi @Fairgame,

    Thanks for including those links.

    As far as the buckets of dice goes, I've recently gotten into role-playing games, and as such have developed a need to horde all kinds of dice. I could provide you with a long list of URLs for sites that provide the loveliest dice around: colourful, sparkly, 3D-printed ... sometimes available in near bucket-like quantities. ;)

  • I have been following this thread but there is something that is still not clear to me:
    The diceware word generator is not there, I think, primarily to generate 1password master passwords, but to generate easily remembered passwords for other sites where perhaps we may not always have 1password available to help us. But these may be sites that allow infinite numbers of guesses or sites that are not slowing down the rate of attack by implementing a scheme such as PBKDF2. So my question is (sorry if I have missed the answer somewhere), given the current advanced state of hashcat etc. how safe is (= how long to crack) e.g. a seven word diceware password (90 bits of entropy), on a non PBKDF2 protected system?

  • Any system being attacked over the internet is inherently rate limited by the network between attacker and target. It is also very rare, although certainly not impossible, for online services to allow unlimited authentication attempts.

    The reality is that it's far more likely for your password to be compromised for some other security flaw in the server configuration than it is for someone to brute force a password remotely.

    Of course, if someone gets a copy of a site's authentication database then all bets are off. Mind you, if that happens then any data that was on the server has likely already been compromised.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    As @benfdc‌ noted,

    A bucket of dice will do you little good unless you also have a word list nearby that is numbered in base 6.

    Point taken.

  • For what it's worth, I have the Diceware word list saved as a pdf and it's always accessible on any of my devices, on- or offline.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    Hi @chrisko‌!

    We do recommend dice-ware like passwords for a 1Password Master Password despite the fact that we don't (yet) offer a generator for them.
    With respect to your comment about brute force guessing on an online system, @RichardPayne‌ is correct that any "on line attack" is going to be slower than a corresponding off-line attack. For an off-line attack, you are using your own highly specialized hardware and software to process a password guess. For an online attack, you are waiting for someone else's server to report back for each guess.

    how safe is a seven word diceware password (90 bits of entropy) on a non PBKDF2 protected system?

    Even if hashing is a simple MD5 or SHA1 hash, that would be safe from even an offline attack by the likes of the NSA. Most people consider 90 bits (even just for an encryption key that can be tested extremely quickly) to be unreachable by the NSA. Of course, we all like to have some extra room and accommodating for growth of attack speeds, which is why minimum key size for symmetric cryptographic keys is recommended to be 112 bits (and most systems are designed with 128 bit strength).

    Password testing is always going to be slower than key checking, so a seven word diceware password is more than sufficient.

    To get a sense of these numbers, take a look at our article on 128 bit versus 256 bit keys.

    http://blog.agilebits.com/2013/03/09/guess-why-were-moving-to-256-bit-aes-keys/

  • edited September 2014

    It would be an interesting addition to have a pseudo diceware passphrase generator as part of 1Password. I however, still think it is way more interesting to use real dice. For one, I force myself to use the first phrase that I generate no matter how much I don't like it. Because I went through the trouble of doing it with dice, burning the scrap paper, etc.... I feel I will be more devoted to sticking to the passphrase than if it was generated by computer.

    However, if the computer generated one was more secure because it had more words in the word list and a higher base than six to generate random words, that would prove more secure and useful.

    So my ten cents (as a linguist) here is to suggest using something like COBUILD for the word list. It is a list of the most commonly used words in the english language based on decades of ongoing research and is about 2.5-billion words long. The Collins dictionaries are based on it. That would make for a nice long list of words we will all know if we are native speakers. As far as I know, the list is free (although access to the database requires subscription.

    http://en.wikipedia.org/wiki/COBUILD

    http://www.mycobuild.com/about-collins-corpus.aspx

    http://www.collins.co.uk/page/Wordbanks+Online

    The subscription gives access to only 550 million of the words. :)

  • It would be an interesting addition to have a pseudo diceware passphrase generator as part of 1Password.

    It should be noted that 1Password for Windows already has diceware generator, both with the standard list and an extended one. The Mac client is playing catch up for once. ;-)

  • Right...cool. I think I'll play around with the corpus since I have access. I can filter out short words and even stick to just adjectives and nouns as suggested above since the search engine allows for that. I wonder how many words would be left. I could make my own list and use dice with more sides since I'm not good at writing code. Just sharing what's on my mind. :)

  • Are Mac/iOS users going to have to wait until next year for this? :(

  • dancodanco Senior Member Community Moderator

    I did wonder if 1PW for Windows runs under Wine. And, if so, how exactly one installs it.

  • @danco‌
    Same way you install any other Windows program. Download the installer and execute with the Wine Loader.
    If you want browser integration then you need to setup an autostart link for the helper exe. However, you probably don't in the Mac context.

This discussion has been closed.