91 comments

[ 4.8 ms ] story [ 172 ms ] thread
Nice idea. But most times, the passwords can be difficult to memorize.
friendly advice - you should be using a password manager, not memorising passwords :) longer passwords are better
How then do I secure the password manager?
A single strong password you can memorize.
Well done on the site, lovely style and funny idea.
This is cute, but I'm dubious. It generated "y3aEmic8B217" as my password. Kid just happened to hit the shift key while also pressing E and then B? It looks a little too random to me. When I pound on the keyboard, I get results that look more like "fjlsd;lasf".
My guess is they're using what the toddler typed to seed an RNG?
Yeah, the verbiage says that his typing is merely the "basis" for the resulting password, so you're probably right.
Which means the password has much less entropy than it appears to have. It's a fun implementation, but not serious
So, kinda, sorta, mostly no.

We have these things called stream ciphers. You put a little bit of randomness in, and you get what seems to be lots of randomness out. For example the cipher might need a 256-bit key and 128-bit nonce and then spit out gigabytes of seemingly random data.

Now, mathematically they can't /really/ be making more randomness, there's no random steps it's all deterministic, in principle it ought to be possible to unwind the steps and get back the initial random state. But it turns out that unwinding step just can't actually be done with a good stream cipher, that's the whole point.

We do this sort of stuff a lot in real modern cryptography. There's a HN article which might still be on the front page, it was earlier today, explaining how SSH works. It shows that six keys are needed for SSH encryption, but they don't go get six times the randomness you'd need for a single key, they can just use a cryptographically strong hash function and make six different keys from the same shared secret randomness.

Let's do an experiment:

I've rolled my hex dice a few times to create a 64-bit random number.

I've pushed that as ASCII text into MD5 and got back a result, and now I'm going to tell you the first and last characters of the result:

F31FB042................81AFD8FA

That's 64-bits. If you were correct with this idea about entropy you could tell me what the missing bits are, infact you could prove it to other posters - after all I have given you all the randomness according to your thinking, there can't be any left.

But in fact you have no idea what those missing bits are, no idea what the original 64-bit number was, because you are wrong, with cryptographic primitives like hashes or stream ciphers we can in practice take a relatively small amount of entropy (like a few minutes of keyboard bashing by a toddler) and that's enough for all purposes.

The _real_ reason you shouldn't use this to make passwords is that the site might be lying and keeping a record of every password that is chosen and which IP address it was given to etcetera.

This is not the case because one could enumerate the entire 64bit space and perform a rainbow table attack on your scheme.
Simple brute force is not a rainbow table.

Brute forcing 2^64 bits means calculating 2^63 MD5s in expectation. You can do ~100 GHash/sec, so ~2^37/s, so about 2^29s which is 17 gpu-years. So this is doable, but incredibly expensive.

Note that a it’s an entirely different story with a “real” kdf like scrypt or bcrypt.

MD5 and SHA are specifically designed to be fast to compute, they shouldn’t be used for passphrases.

Figured I’d bring it up in case there’s still PHP floating around with the once-typical practice of MySQL + MD5.

I'm glad my eyeballing the difficulty came off here.

It was tempting to pick say 128-bits of randomness and SHA-512/256 where I'd stake actual money that it just cannot be done - but that's like twice as much die-rolling and typing. On the other hand if I do 32-bits (fewer rolls) and MD5 there's probably some loser out there who has already precomputed all of those for whatever reason and then somebody finds the answer with a Bing search and doesn't end up learning anything.

  echo -n 'F004672790DB5B1D' | md5sum 
  f31fb042501c2a398974feca81afd8fa  -
Got me.

I suppose I thought of 64bit as now being small. 48 would be doable.

That is a PRNG, not a stream cipher.
A secure PRNG and a stream cipher are pretty much the same thing. You take the random bits and XOR them with the stream, if you have one. The generation is the same.
> It's a fun implementation, but not serious

Well obviously, how was this business going to scale? Op can't keep making more kids in case the business really takes off.

Low-order bits from sufficient timing measurements would be effectively random. You're not looking at the characters, you're looking at the intervals between keypresses, and gathering the least significant digits of those. This is what PGP/GPG use for gathering entropy when generating keys as well.

Not saying that's what's being done here, but it's a way to take fairly nonrandom activity and get decent entropy from it.

Not necessarily. There's no way to know how much entropy is put in to the mix—it could be quite a lot.
Yeah I also got a really weird password that needs shift and characters way to distant from the others to believe it's comming from a toddler

Guessing he's using 2 hands most likely you will get characters around the 1st one he pressed, so if you get a 's' character first, you can expect qweadzc near, but going from a 's' to a capital 'P' and then to a ! doesnt look legit to me

I just checked some old Winston files my toddler daughter wrote back then. (Great fun btw, but sadly only attracts attention with sound on.) Her pattern is higly repetitive, and you a have a quite high share of fghj (also seen in the video with Max) in there. Single shifted chars? Quite unlikely.

http://www.rengelbert.com/winston/

  ydwew346rr764847uruejdjeyytr4t5t5ty8uoff                    jfgjjhv rr rgr r rrrrh jjjhhhju5m    
 ytj8ikm ,k88o0pfffuyhfjdjuddjcie8kdduuukjfuruuryfuuugtt767yut67y7hcfght    h7tyty5y6 uyhtryty gyfg 
 huy tyhrty7 ruy6t5y5777h hyuyu utygj tgytu jtgtu 5ugjuy 5676uvu 2355 hfhghhhhhu7uuuytutut juyy 
 umnhjbbvvgyy6tg7777.
 bdy7er64y5y574757r04iiiiiutweepiroeiwijwdryyt h7f77fuuvyf77f7uuyutuhturghghyhyggyvbg fyr        
 gfrt6rfytyftr6 tryy        hyyyy675g ttyty57 htgtt6t667 t65r7745 
 y6767nghnggugg7uuupooooooiuuuuytrewq    kkha bcx 
 gtytttmhguyuuhuuuygyufh7673y7rtty7yggffrtdyteryurijrf 
 uu4hfyuytttgt7t7yrfyrtuyu
Did you really think this came from an actual toddler? It can generate 50 character length passwords in seconds...
They say the characters come from a record, not generated in real time. Could be just a FIFO file.
Omg could you imagine the toddler sitting there, waiting for a request and then banging out a random password of the right length
well, he could continue banging, and you stop recording when you have enough. now add a realtime api that makes the characters appear as typed, and relay the sound heared from the keyboard and baby and you have a perfect setup.
(comment deleted)
The site just sends a POST request for a password of the specified length, so there's no easy way to verify the site's claims. He did post his address on the Imprint page, so I guess someone in Germany could drive over there.
I got underscore characters. Seems unlikely.
You guys are much too naive :) To me it seems obvious the site is just humorous and not serious. Of course the passwords have not been typed by a toddler but are simply generated randomly.

I guess the author wanted his site to have mild educational value, in that smashing your keyboard generates passwords stronger than the average password picked by people.

When I let my 5 months old investigate my keyboard, he changed my code, started the compiler and locked the device within 30 seconds. The secret? They use both hands. The give away? They re-press the same keys often, so the result would be a lot more repetitive.
My 2 year old would like to join as technical employee #1, but only if he gets forward vesting.
Poor Max -- his dad's a developer, but he still has to work as a typist just to afford clean diapers, food, and toys. Everybody donate to this poor child's cause!

Joking aside, will I break this if I request too many characters? Does it loop after running out of Max's prior input? Is Max really just a script?

No i requested a 50 char length password and spammed the button and it kept giving me passwords.

What's likely is the kid's input was used as a seed (string to int?) and then put into a random number generator.

Kind of cute :)

A human using a keyboard is one of the worst RNAs out there
Pretty entertaining. But if you want people to feel any more confident in your generator, you need to have entropy metrics.

I have a feeling toddlers might be worse than other entropy sources.

This is cute, but I'd rather use the very secure password generated by experts at https://mostsecure.pw/
Hilarious, that site gives the same password every time I load the page. Also, that password has never been hacked according to haveibeenpwned.
Yes, I think that's the joke :)
(comment deleted)
Is the name because only a toddler would use a password not generated on their own rig?
i still really like dinopass.com
I tend to type guid in duckduckgo. https://duckduckgo.com/?q=Guid

Bad idea?

why not just use uuid(1)?
you can also just type password and it'll generate a password
You can also specify length and strength of the generated password:

password 20 high

password 10 low

Though there's barely any difference in strength. It looks like it has upper and lower case for 'low', and 'high' adds numbers and the 10 symbols on the number keys. That's 5.7 bits per character vs. 6.2 bits per character. The 'high' strength passwords are only 8% stronger.
You can actually just do this on any website. When making an account, just type password into the password field. The best part is you can do the exact same thing at login, so you never have to memorize the super secure password they generate.
You jest, but it seems an awful lot of people actually do do this...
I just tried 'passphrase' and it works too.
I think it gave me a condensed story:

"frosty starfish snuff bluff"

After decades of academic research, true randomness finally achieved.
> A toddler acts with good faith

Questionable

As a parent of a threenager, In inclined to agree.
teenagers and toddlers are quite different. i can assure you that despite outside appearances, when your teenagers were toddlers they were acting in good faith, until they learned otherwise, from you.
My toddler provides a whole security suite- she will set your critical files to readonly (by pulling all the keys of your keyboard), airgap your network (by playing with the power strip its connected to), and virus detection (by beginning to emit screams and snot as soon as she catches one) :)
Child labor, contacting Social Services.
My very first thought - I can’t decide if I’m just being way too sensitive or if this is actually as wildly inappropriate as it seems.
I don't know what they're doing with the site design but it's completely devoid of text for me even with my adblocker turned off. I thought that was part of the gimmick at first until I realized there is text displayed for a fraction of a second before it finishes loading.
Won't the service have reduced entropy as time goes on?

In 2034, all the passwords will be "lol duh"

Just to point out that human "smashing keyboard" is far from random.

Even if it weren't due to the keyboard's fixed layout (between two smashes), it's largely because of our non-random nature — a human being cannot reliably output random objects even in thought / speech. Don't ask me why (I don't think anyone knows or could prove it theoretically) but it's been verified countless times (war secrets help make such research important).

We're at best capable of pseudo-randomness mathematically. Some controversial neuroscience even places us far into the deterministic scope. A child is probably way more determined than an adult for that matter, due to a much simpler schema of reality, with 'weird obsessions' (e.g. it feels nice to smash the same place over and over again, our brain is quick to play games like that, such as walking on specific tiles to avoid the lava in the street).

I wouldn't trust most animals to output randomness. We have crypto packages suited for that purpose. ;-)

For anyone who wants an intuitive feel for how hard it is for humans to generate random bits, I would recommend playing this game:

https://roadtolarissa.com/oracle/

Huh, I got 48%. Am I more random than random? :D
From the page:

> Knowing what the computer will guess, you can guarantee that it is always wrong by picking the other direction. Doing the opposite of what a computer tells you isn’t quite free will though!

I think what's usually involved in seeding someyhing like this is the noise in timing, not the actual characters entered.
still as vulnerable to a rubber ducky attack as ever
This is obviously not real.