Password Generation entropy?

Hello, I have a question.
I've seen this happen before, but didn't think of it much until this time.

On a number of occasions I've had generated new passwords and within the passwords I've seen elements of data or phrases that I actually recognize. A couple times I saw family members' names or other things I know personally.

But this last time got my attention, I saw a phrase snippet within a 1P mini generated password that is never used anywhere except in the past as part of passphrases used for some older computers I have.

The instances where this snippet are not found anywhere on my Mac, except where stored and encrypted as a password within an Apple keychain item or a 1Password entry.

I understand that at times for adding entropy to passwords and phrases that data from my Mac might be used; but I don't think that any of that should be from data stored and encrypted within the 1Password vault. This really can't be a coincidence, as I seriously never use these nonsensical terms that are very known, but only ever to myself.

This is a bit concerning to me as I trust that generated passwords are unique and most definitely not gleaned from other passphrases or data that I use and have stored within my 1P archives. Some of the data within my vaults are highly confidential and I would not want to see any snippets of information stored within my vaults used as a base for passwords that might accessible as breached data from the servers around the world on which I might have an account.

Please comment, and if necessary, contact me about this off the public forum.

Sincerely, skipR.


1Password Version: 650023
Extension Version: 4.6.2b1
OS Version: OS X 10.10.5
Sync Type: Dropbox/1Password.com

Comments

  • ag_kevinag_kevin Junior Member

    Team Member
    edited October 2016

    Hi @skippingrock ,

    When you use the words option in the password generator, it generates a password based on randomly choosing from a list of approximately 18000 words. It's quite possible that there may be some words that you have just happened used in your data, but they also appear in the word list, so it's likely a coincidence. The password generator does not choose from data anywhere else - only from that word list.

    It sounds odd, but sometimes human minds make connections where there are none, or our minds start to look for connections after witnessing what is initially a coincidence. But, we can certainly look into this. We want you to be completely confident in the password generator so I'll send you an email with more detail so we can discuss it outside of a public forum.

    Cheers,
    Kevin

  • Sorry I haven't gotten back to you on this yet; been quite busy.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    No worries, @skippingrock. Take your time.

This discussion has been closed.