This is cute, but I'm dubious. It generated "y3aEmic8B217" as my password. Kid just happened to hit the shift key while also pressing E and then B? It looks a little too random to me. When I pound on the keyboard, I get results that look more like "fjlsd;lasf".
We have these things called stream ciphers. You put a little bit of randomness in, and you get what seems to be lots of randomness out. For example the cipher might need a 256-bit key and 128-bit nonce and then spit out gigabytes of seemingly random data.
Now, mathematically they can't /really/ be making more randomness, there's no random steps it's all deterministic, in principle it ought to be possible to unwind the steps and get back the initial random state. But it turns out that unwinding step just can't actually be done with a good stream cipher, that's the whole point.
We do this sort of stuff a lot in real modern cryptography. There's a HN article which might still be on the front page, it was earlier today, explaining how SSH works. It shows that six keys are needed for SSH encryption, but they don't go get six times the randomness you'd need for a single key, they can just use a cryptographically strong hash function and make six different keys from the same shared secret randomness.
Let's do an experiment:
I've rolled my hex dice a few times to create a 64-bit random number.
I've pushed that as ASCII text into MD5 and got back a result, and now I'm going to tell you the first and last characters of the result:
F31FB042................81AFD8FA
That's 64-bits. If you were correct with this idea about entropy you could tell me what the missing bits are, infact you could prove it to other posters - after all I have given you all the randomness according to your thinking, there can't be any left.
But in fact you have no idea what those missing bits are, no idea what the original 64-bit number was, because you are wrong, with cryptographic primitives like hashes or stream ciphers we can in practice take a relatively small amount of entropy (like a few minutes of keyboard bashing by a toddler) and that's enough for all purposes.
The _real_ reason you shouldn't use this to make passwords is that the site might be lying and keeping a record of every password that is chosen and which IP address it was given to etcetera.
Brute forcing 2^64 bits means calculating 2^63 MD5s in expectation. You can do ~100 GHash/sec, so ~2^37/s, so about 2^29s which is 17 gpu-years. So this is doable, but incredibly expensive.
I'm glad my eyeballing the difficulty came off here.
It was tempting to pick say 128-bits of randomness and SHA-512/256 where I'd stake actual money that it just cannot be done - but that's like twice as much die-rolling and typing. On the other hand if I do 32-bits (fewer rolls) and MD5 there's probably some loser out there who has already precomputed all of those for whatever reason and then somebody finds the answer with a Bing search and doesn't end up learning anything.
A secure PRNG and a stream cipher are pretty much the same thing. You take the random bits and XOR them with the stream, if you have one. The generation is the same.
Low-order bits from sufficient timing measurements would be effectively random. You're not looking at the characters, you're looking at the intervals between keypresses, and gathering the least significant digits of those. This is what PGP/GPG use for gathering entropy when generating keys as well.
Not saying that's what's being done here, but it's a way to take fairly nonrandom activity and get decent entropy from it.
Yeah I also got a really weird password that needs shift and characters way to distant from the others to believe it's comming from a toddler
Guessing he's using 2 hands most likely you will get characters around the 1st one he pressed, so if you get a 's' character first, you can expect qweadzc near, but going from a 's' to a capital 'P' and then to a ! doesnt look legit to me
I just checked some old Winston files my toddler daughter wrote back then. (Great fun btw, but sadly only attracts attention with sound on.) Her pattern is higly repetitive, and you a have a quite high share of fghj (also seen in the video with Max) in there. Single shifted chars? Quite unlikely.
well, he could continue banging, and you stop recording when you have enough. now add a realtime api that makes the characters appear as typed, and relay the sound heared from the keyboard and baby and you have a perfect setup.
The site just sends a POST request for a password of the specified length, so there's no easy way to verify the site's claims. He did post his address on the Imprint page, so I guess someone in Germany could drive over there.
You guys are much too naive :) To me it seems obvious the site is just humorous and not serious. Of course the passwords have not been typed by a toddler but are simply generated randomly.
I guess the author wanted his site to have mild educational value, in that smashing your keyboard generates passwords stronger than the average password picked by people.
When I let my 5 months old investigate my keyboard, he changed my code, started the compiler and locked the device within 30 seconds. The secret? They use both hands. The give away? They re-press the same keys often, so the result would be a lot more repetitive.
Poor Max -- his dad's a developer, but he still has to work as a typist just to afford clean diapers, food, and toys. Everybody donate to this poor child's cause!
Joking aside, will I break this if I request too many characters? Does it loop after running out of Max's prior input? Is Max really just a script?
Though there's barely any difference in strength. It looks like it has upper and lower case for 'low', and 'high' adds numbers and the 10 symbols on the number keys. That's 5.7 bits per character vs. 6.2 bits per character. The 'high' strength passwords are only 8% stronger.
You can actually just do this on any website. When making an account, just type password into the password field. The best part is you can do the exact same thing at login, so you never have to memorize the super secure password they generate.
teenagers and toddlers are quite different. i can assure you that despite outside appearances, when your teenagers were toddlers they were acting in good faith, until they learned otherwise, from you.
My toddler provides a whole security suite- she will set your critical files to readonly (by pulling all the keys of your keyboard), airgap your network (by playing with the power strip its connected to), and virus detection (by beginning to emit screams and snot as soon as she catches one) :)
I don't know what they're doing with the site design but it's completely devoid of text for me even with my adblocker turned off. I thought that was part of the gimmick at first until I realized there is text displayed for a fraction of a second before it finishes loading.
Just to point out that human "smashing keyboard" is far from random.
Even if it weren't due to the keyboard's fixed layout (between two smashes), it's largely because of our non-random nature — a human being cannot reliably output random objects even in thought / speech. Don't ask me why (I don't think anyone knows or could prove it theoretically) but it's been verified countless times (war secrets help make such research important).
We're at best capable of pseudo-randomness mathematically. Some controversial neuroscience even places us far into the deterministic scope. A child is probably way more determined than an adult for that matter, due to a much simpler schema of reality, with 'weird obsessions' (e.g. it feels nice to smash the same place over and over again, our brain is quick to play games like that, such as walking on specific tiles to avoid the lava in the street).
I wouldn't trust most animals to output randomness. We have crypto packages suited for that purpose. ;-)
> Knowing what the computer will guess, you can guarantee that it is always wrong by picking the other direction. Doing the opposite of what a computer tells you isn’t quite free will though!
91 comments
[ 4.8 ms ] story [ 172 ms ] threadWe have these things called stream ciphers. You put a little bit of randomness in, and you get what seems to be lots of randomness out. For example the cipher might need a 256-bit key and 128-bit nonce and then spit out gigabytes of seemingly random data.
Now, mathematically they can't /really/ be making more randomness, there's no random steps it's all deterministic, in principle it ought to be possible to unwind the steps and get back the initial random state. But it turns out that unwinding step just can't actually be done with a good stream cipher, that's the whole point.
We do this sort of stuff a lot in real modern cryptography. There's a HN article which might still be on the front page, it was earlier today, explaining how SSH works. It shows that six keys are needed for SSH encryption, but they don't go get six times the randomness you'd need for a single key, they can just use a cryptographically strong hash function and make six different keys from the same shared secret randomness.
Let's do an experiment:
I've rolled my hex dice a few times to create a 64-bit random number.
I've pushed that as ASCII text into MD5 and got back a result, and now I'm going to tell you the first and last characters of the result:
F31FB042................81AFD8FA
That's 64-bits. If you were correct with this idea about entropy you could tell me what the missing bits are, infact you could prove it to other posters - after all I have given you all the randomness according to your thinking, there can't be any left.
But in fact you have no idea what those missing bits are, no idea what the original 64-bit number was, because you are wrong, with cryptographic primitives like hashes or stream ciphers we can in practice take a relatively small amount of entropy (like a few minutes of keyboard bashing by a toddler) and that's enough for all purposes.
The _real_ reason you shouldn't use this to make passwords is that the site might be lying and keeping a record of every password that is chosen and which IP address it was given to etcetera.
Brute forcing 2^64 bits means calculating 2^63 MD5s in expectation. You can do ~100 GHash/sec, so ~2^37/s, so about 2^29s which is 17 gpu-years. So this is doable, but incredibly expensive.
MD5 and SHA are specifically designed to be fast to compute, they shouldn’t be used for passphrases.
Figured I’d bring it up in case there’s still PHP floating around with the once-typical practice of MySQL + MD5.
It was tempting to pick say 128-bits of randomness and SHA-512/256 where I'd stake actual money that it just cannot be done - but that's like twice as much die-rolling and typing. On the other hand if I do 32-bits (fewer rolls) and MD5 there's probably some loser out there who has already precomputed all of those for whatever reason and then somebody finds the answer with a Bing search and doesn't end up learning anything.
I suppose I thought of 64bit as now being small. 48 would be doable.
Well obviously, how was this business going to scale? Op can't keep making more kids in case the business really takes off.
Not saying that's what's being done here, but it's a way to take fairly nonrandom activity and get decent entropy from it.
Guessing he's using 2 hands most likely you will get characters around the 1st one he pressed, so if you get a 's' character first, you can expect qweadzc near, but going from a 's' to a capital 'P' and then to a ! doesnt look legit to me
http://www.rengelbert.com/winston/
I guess the author wanted his site to have mild educational value, in that smashing your keyboard generates passwords stronger than the average password picked by people.
Joking aside, will I break this if I request too many characters? Does it loop after running out of Max's prior input? Is Max really just a script?
What's likely is the kid's input was used as a seed (string to int?) and then put into a random number generator.
Kind of cute :)
I have a feeling toddlers might be worse than other entropy sources.
Bad idea?
password 20 high
password 10 low
"frosty starfish snuff bluff"
https://twitter.com/lukevers_/status/1181217729216425984 https://twitter.com/lukevers_/status/1181217968287559680
Questionable
In 2034, all the passwords will be "lol duh"
Even if it weren't due to the keyboard's fixed layout (between two smashes), it's largely because of our non-random nature — a human being cannot reliably output random objects even in thought / speech. Don't ask me why (I don't think anyone knows or could prove it theoretically) but it's been verified countless times (war secrets help make such research important).
We're at best capable of pseudo-randomness mathematically. Some controversial neuroscience even places us far into the deterministic scope. A child is probably way more determined than an adult for that matter, due to a much simpler schema of reality, with 'weird obsessions' (e.g. it feels nice to smash the same place over and over again, our brain is quick to play games like that, such as walking on specific tiles to avoid the lava in the street).
I wouldn't trust most animals to output randomness. We have crypto packages suited for that purpose. ;-)
https://roadtolarissa.com/oracle/
> Knowing what the computer will guess, you can guarantee that it is always wrong by picking the other direction. Doing the opposite of what a computer tells you isn’t quite free will though!
Why does this need analytics and thus tracking cookies? I'm genuinely asking. What kind of data does this even need tracking?