I think this should be appreciated for what it is...a very young girl learning something very important that most people are totally ignorant about, trying to do good with that learning for other people, and capturing some of that value back.
The folks complaining in the Ars comments are going to either be employed or hacked by this girl in not too long. It's not a good business or even a good way to get a secure password, but that really doesn't matter.
In case it's not obvious, this is an absurdly terrible service you should never use.
Here is some free software that accomplishes the same task, which is almost surely not more likely to give your password to third parties than just typing it on the same machine would:
Well, except that even most HNers won't immediately grok your command-line example, not to mention most of the people in my family or any family. It's educational at least, and $2 is not much to pay for an education about how not to use your grandchild's name and birthdate as a password.
Not to mention it's awesome that an 11 year old girl is dabbling in cryptography already.
I pay $2 for lemonade at a lemonade stand. It's not because I'm thirsty, and I'm most assuredly not going to comment about how it's an absurdly bad business because Wawa has 40oz drinks for half the price.
Does it come with an education that if any third party had seen or suspected to have seen your password - even if they swear that they haven't recorded/remembered or even seen it, and even if that's a nice person who must be honest - the password must be considered compromised, all its uses changed ASAP and it must be never used anymore?
If no - that's a wrong kind of education we have here.
Athough, if customers receive a package with "here's your password, but don't ever use it - see, it was compromised; take this dice instead, check its fairness and generate your own password!" then it's great.
For anyone struggling with the `shuf` bit, it's part of GNU Coreutils. `brew install coreutils` would be a good start on a Mac (if you're lost at `brew`, this is probably not for you!).
I don't really understand why this is even theoretically supposed to be a good method of making a password. I wish the article tried to explain that.
Here are a few questions I have:
+ I understand that the pseudo-randomness of a computer is often accidentally way less random than the programmer thinks. So, the by-hand nature of these passwords seems like an
advantage, all else being equal. Right?
+ I thought real words were really bad in a password. Is the idea here that, with six words from these lists, the possible combinations are so great that the trade off is worth it because the password is memorable? That seems suspicious to me because you're essentially giving the cracker the list of possible passwords. Though that list may be quite long, it's still a list. Right?
+ These can't be better than the 30 character passwords I generate with 1Password, right? Unless there's a bug in 1Password... Maybe that's part of the point.
Words are not bad because they're words. They're bad because humans select them predictably.
Entropy is what matters in the end. 30 random characters will have approximately 185.7 bits of entropy. With Diceware and the 7776 entry wordlist, that's 14 words to match it. Although 8-9 words is sufficient for most uses.
Even properly selected, words are bad at "entropy per character". However, in most cases what matters is memorability rather than length. Words are pretty good for that, provided (as you note) you select the words well.
> + I understand that the pseudo-randomness of a computer is often accidentally way less random than the programmer thinks. So, the by-hand nature of these passwords seems like an advantage, all else being equal. Right?
If /dev/urandom is seededed/used properly, then it will be good enough for passwords. The by-hand method is also good if your dice are fair.
> + I thought real words were really bad in a password. Is the idea here that, with six words from these lists, the possible combinations are so great that the trade off is worth it because the password is memorable? That seems suspicious to me because you're essentially giving the cracker the list of possible passwords. Though that list may be quite long, it's still a list. Right?
Well, by using only characters (and under a certain length, say 100 chars), you already have a list, so whatever you do, there is a finite
number of valid passwords.
The 6-word strategy is actually quite good. (I use this method for some passwords).
The Arch Linux /usr/share/dict/british has 123398 words.
123398 ^ 6 = 3530601691883345409045950707264 possible passwords
log(3530601691883345409045950707264) / log(2) is about 101.5 bits of randomness.
Given 86 possible characters and a 14 character password (which you may not be able to remember), there are 1210537694726365245693116416 possibilities, which gives about 90 bits of randomness.
> + These can't be better than the 30 character passwords I generate with 1Password, right? Unless there's a bug in 1Password... Maybe that's part of the point.
Randomly generated passwords using all characters have a fatal flaw: one cannot easily remember them. If they're just being saved in a password manager, they are good, but you probably want a master password that you can remember, which is a good use case for these.
DICEWARE is a list of 7776 words. Each word is indexed by a five digit number. The five digit numbers are obtained by rolling 5 six sided dice. (11111 through to 66666).
When it started a 5 word list was recommended. Now a 7 word list is recommended.
Imagine a word list where all the words are lower case, and don't use any special characters. And our passphrase has 7 words, each separated by a single space, with no extra special characters or numbers. And also our attacker knows our wordlist and our passphrase rules.
We have a phrase that is one of 7776^7 different phrases. This list is too long for a dictionary attack.
It's really weak if we have 4 words or less.
Ideally you'd have a long strong passphrase to open a password safe.
It'd be great if people could invent really good tokens instead of passwords.
> I don't really understand why this is even theoretically supposed to be a good method of making a password. I wish the article tried to explain that ... I thought real words were really bad in a password.
A comment by "Hat Monster" on Ars explains why passwords generated using Diceware are secure:
If you know your target is using a Diceware password, that is, you know the format is "english word, english word, english word, english word" you'd think it could have little entropy.
Assuming that all entropy is only in the password, and the attacker knows exactly how you generated it, using which word list, and how many words long it is, this means each word, generated by 6^5 combinations, has 12.9 bits of entropy. Six words is 77 bits.
2^77 is large enough that a brute force attack on it at 1 trillion guesses per second (Snowden) would still take 151 trillion seconds, or 2.7 million years.
This is obviously dumb and a problem nobody needs solving, but let's appreciate the fact than an 11 YO girl made press about her startup. I didn't even have a website at 11. She's going places..
maybe ur referring like that YO app..but truth is, marketing/sales fixes things temporarily if product game is weak and that's what they had: traction. Likewise, this girl's app is going to do sales because of the press, but it won't last long
Oddly, I think this might actually be a good thing, security-wise, but not for any inherent property of the passwords generated this way.
Instead, consider this: right now, people just don't care about the security of their passwords. Part of this might just be the "psychology of free": people don't see any reason to upgrade from what they're doing if it doesn't seem like the "upgrade" is at all scarce.
So, what if "actually secure" passwords really did cost money? Maybe people would be willing to use (or even memorize) a 10-character string of letters and symbols if it cost them $10 to generate?
I totally bought a password and it was the best $2 I spent all weekend. I have no intention of using it, but more of a pat on the back telling her to "keep it up" and that people approve. Last thing she needs is telling her she's doing the wrong thing here.
36 comments
[ 2.0 ms ] story [ 78.0 ms ] thread[1] https://www.youtube.com/watch?v=NG-iM9MwpXE
The folks complaining in the Ars comments are going to either be employed or hacked by this girl in not too long. It's not a good business or even a good way to get a secure password, but that really doesn't matter.
On the other hand, that might help make people understand how to pick a good password.
Here is some free software that accomplishes the same task, which is almost surely not more likely to give your password to third parties than just typing it on the same machine would:
echo $(shuf --random-source=/dev/urandom -n 6 /usr/share/dict/words)
Not to mention it's awesome that an 11 year old girl is dabbling in cryptography already.
I pay $2 for lemonade at a lemonade stand. It's not because I'm thirsty, and I'm most assuredly not going to comment about how it's an absurdly bad business because Wawa has 40oz drinks for half the price.
Edit: sometimes I am legitimately thirsty.
That's a fairly damning outlook you have on "most HNers".
If no - that's a wrong kind of education we have here.
Athough, if customers receive a package with "here's your password, but don't ever use it - see, it was compromised; take this dice instead, check its fairness and generate your own password!" then it's great.
Here are a few questions I have:
+ I understand that the pseudo-randomness of a computer is often accidentally way less random than the programmer thinks. So, the by-hand nature of these passwords seems like an advantage, all else being equal. Right?
+ I thought real words were really bad in a password. Is the idea here that, with six words from these lists, the possible combinations are so great that the trade off is worth it because the password is memorable? That seems suspicious to me because you're essentially giving the cracker the list of possible passwords. Though that list may be quite long, it's still a list. Right?
+ These can't be better than the 30 character passwords I generate with 1Password, right? Unless there's a bug in 1Password... Maybe that's part of the point.
EDIT: list formatting (I hope).
Do the math. Yes, your 1password password is stronger. But does it really matter?
See http://world.std.com/%7Ereinhold/dicewarefaq.html#howlong
Entropy is what matters in the end. 30 random characters will have approximately 185.7 bits of entropy. With Diceware and the 7776 entry wordlist, that's 14 words to match it. Although 8-9 words is sufficient for most uses.
If /dev/urandom is seededed/used properly, then it will be good enough for passwords. The by-hand method is also good if your dice are fair.
> + I thought real words were really bad in a password. Is the idea here that, with six words from these lists, the possible combinations are so great that the trade off is worth it because the password is memorable? That seems suspicious to me because you're essentially giving the cracker the list of possible passwords. Though that list may be quite long, it's still a list. Right?
Well, by using only characters (and under a certain length, say 100 chars), you already have a list, so whatever you do, there is a finite number of valid passwords. The 6-word strategy is actually quite good. (I use this method for some passwords).
The Arch Linux /usr/share/dict/british has 123398 words.
123398 ^ 6 = 3530601691883345409045950707264 possible passwords
log(3530601691883345409045950707264) / log(2) is about 101.5 bits of randomness.
Given 86 possible characters and a 14 character password (which you may not be able to remember), there are 1210537694726365245693116416 possibilities, which gives about 90 bits of randomness.
> + These can't be better than the 30 character passwords I generate with 1Password, right? Unless there's a bug in 1Password... Maybe that's part of the point.
Randomly generated passwords using all characters have a fatal flaw: one cannot easily remember them. If they're just being saved in a password manager, they are good, but you probably want a master password that you can remember, which is a good use case for these.
When it started a 5 word list was recommended. Now a 7 word list is recommended.
Imagine a word list where all the words are lower case, and don't use any special characters. And our passphrase has 7 words, each separated by a single space, with no extra special characters or numbers. And also our attacker knows our wordlist and our passphrase rules.
We have a phrase that is one of 7776^7 different phrases. This list is too long for a dictionary attack.
It's really weak if we have 4 words or less.
Ideally you'd have a long strong passphrase to open a password safe.
It'd be great if people could invent really good tokens instead of passwords.
U2F which the new Yubikeys supports?
https://play.google.com/store/apps/details?id=com.raevilman....
A comment by "Hat Monster" on Ars explains why passwords generated using Diceware are secure:
If you know your target is using a Diceware password, that is, you know the format is "english word, english word, english word, english word" you'd think it could have little entropy.
Assuming that all entropy is only in the password, and the attacker knows exactly how you generated it, using which word list, and how many words long it is, this means each word, generated by 6^5 combinations, has 12.9 bits of entropy. Six words is 77 bits.
2^77 is large enough that a brute force attack on it at 1 trillion guesses per second (Snowden) would still take 151 trillion seconds, or 2.7 million years.
So she'd fit in pretty well in SV :)
Instead, consider this: right now, people just don't care about the security of their passwords. Part of this might just be the "psychology of free": people don't see any reason to upgrade from what they're doing if it doesn't seem like the "upgrade" is at all scarce.
So, what if "actually secure" passwords really did cost money? Maybe people would be willing to use (or even memorize) a 10-character string of letters and symbols if it cost them $10 to generate?
So now it's a password known only to you, the girl and the US government: http://www.nytimes.com/2014/10/28/us/us-secretly-monitoring-...