Random password generator: Difference between revisions
Content deleted Content added
No edit summary Tags: citing a blog or free web host Reverted Visual edit Mobile edit Mobile web edit |
Count Count (talk | contribs) Reverted 1 edit by 2404:BA00:FB02:62D:1134:519E:1F72:123F (talk): Rv spam link |
||
| (35 intermediate revisions by 20 users not shown) | |||
| Line 1: | Line 1: | ||
{{Short description|Program that generates password from random number generator}} |
{{Short description|Program that generates password from random number generator}} |
||
{{Multiple issues| |
|||
{{Original research|article|date=August 2008}} |
{{Original research|article|date=August 2008}} |
||
{{More citations|date=April 2024}} |
|||
A '''[https://future4techtrend.blogspot.com/p/generate-password-online-free.html random password generator]''' is [https://future4techtrend.blogspot.com/p/generate-password-online-free.html software] program or [https://future4techtrend.blogspot.com/p/generate-password-online-free.html hardware] device that takes input from a [[random]] or [[pseudo-random]] number generator and automatically generates a [[password]]. Random passwords can be generated manually, using simple sources of randomness such as [[Diceware|dice]] or [[Coin|coins]], or they can be generated using a computer. |
|||
}} |
|||
A '''random password generator''' is a [[Computer software|software]] program or [[Computer hardware|hardware]] device that takes input from a [[random]] or [[pseudo-random]] number generator and automatically generates a [[password]]. Random passwords can be generated manually, using simple sources of randomness such as [[Diceware|dice]] or [[Coin|coins]], or they can be generated using a computer. |
|||
While there are many examples of "random" password generator programs available on the Internet, generating randomness can be tricky and many programs do not generate random characters in a way that ensures strong security. A common recommendation is to use [[open source]] security tools where possible since they allow independent checks on the quality of the methods used. |
While there are many examples of "random" password generator programs available on the Internet, generating randomness can be tricky, and many programs do not generate random characters in a way that ensures strong security. A common recommendation is to use [[open source]] security tools where possible, since they allow independent checks on the quality of the methods used. Simply generating a password at random does not ensure the password is a strong password, because it is possible, although highly unlikely, to generate an easily guessed or cracked password. In fact, there is no need at all for a password to have been produced by a perfectly random process: it just needs to be sufficiently difficult to guess. |
||
A |
A password generator can be part of a [[password manager]]. When a [[password policy]] enforces complex rules, it can be easier to use a password generator based on that set of rules than to manually create passwords. |
||
Long strings of random characters are difficult for most people to memorize. [[Mnemonic]] hashes, which reversibly convert random strings into more memorable passwords, can substantially improve the ease of memorization. As the [[hash (computing)|hash]] can be processed by a computer to recover the original 60-bit string, it has at least as much information content as the original string.<ref name=memorize>{{cite book |last1=Ghazvininejad |first1=Marjan |last2=Knight |first2=Kevin |title=Proceedings of the 2015 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies |chapter=How to Memorize a Random 60-Bit String |date=May–June 2015 |volume=Proceedings of the 2015 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies |pages=1569–1575 |doi=10.3115/v1/N15-1180 |chapter-url=https://www.isi.edu/natural-language/mt/memorize-random-60.pdf |location=Denver, Colorado |publisher=Association for Computational Linguistics |s2cid=8028691 }}</ref> Similar techniques are used in [[memory sport]]. |
Long strings of random characters are difficult for most people to memorize. [[Mnemonic]] hashes, which reversibly convert random strings into more memorable passwords, can substantially improve the ease of memorization. As the [[hash (computing)|hash]] can be processed by a computer to recover the original 60-bit string, it has at least as much information content as the original string.<ref name=memorize>{{cite book |last1=Ghazvininejad |first1=Marjan |last2=Knight |first2=Kevin |title=Proceedings of the 2015 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies |chapter=How to Memorize a Random 60-Bit String |date=May–June 2015 |volume=Proceedings of the 2015 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies |pages=1569–1575 |doi=10.3115/v1/N15-1180 |chapter-url=https://www.isi.edu/natural-language/mt/memorize-random-60.pdf |location=Denver, Colorado |publisher=Association for Computational Linguistics |s2cid=8028691 }}</ref> Similar techniques are used in [[memory sport]]. |
||
==Password type and strength== |
|||
==The naive approach== |
|||
{{ |
{{duplication|section=yes|dupe=Password strength|date=August 2018}} |
||
Here are two code samples that a programmer who is not familiar with the limitations of the random number generators in standard programming libraries might implement: |
|||
Random password generators normally output a string of symbols of specified length. These can be individual characters from some character set, syllables designed to form pronounceable passwords, or words from some word list to form a [[passphrase]]. The program can be customized to ensure the resulting password complies with the local password policy, say by always producing a mix of letters, numbers and special characters. Such policies typically reduce strength slightly below the formula that follows, because symbols are no longer independently produced.{{Citation needed|date=April 2024}} |
|||
=== C === |
|||
<syntaxhighlight lang=c> |
|||
# include <time.h> |
|||
# include <stdio.h> |
|||
# include <stdlib.h> |
|||
The [[Password strength]] of a random password against a particular attack ([[brute-force search]]), can be calculated by computing the [[information entropy]] of the random process that produced it. If each symbol in the password is produced independently and with uniform probability, the entropy in bits is given by the formula <math display="inline">H = L\,\log_2 N</math>, where ''N'' is the number of possible symbols and ''L'' is the number of symbols in the password. The function log<sub>2</sub> is the [[binary logarithm|base-2 logarithm]]. ''H'' is typically measured in [[bit]]s.<ref>Schneier, B: ''Applied Cryptography'', Second edition, page 233 ff. John Wiley and Sons.</ref><ref name="NIST">{{cite journal | url = http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf | title = Electronic Authentication Guideline | year = 2006 | publisher = NIST | doi = 10.6028/NIST.SP.800-63v1.0.2 | last1 = Burr | first1 = W. E. | last2 = Dodson | first2 = D. F. | last3 = Polk | first3 = W. T. }}</ref> |
|||
int |
|||
main(void) |
|||
{ |
|||
/* Length of the password */ |
|||
unsigned short int length = 8; |
|||
Any password generator is limited by the state space of the pseudo-random number generator used if it is based on one. Thus a password generated using a 32-bit generator is limited to 32 bits entropy, regardless of the number of characters the password contains.{{Citation needed|date=April 2024}} |
|||
/* Seed number for rand() */ |
|||
srand((unsigned int) time(0)); |
|||
==Websites== |
|||
/* ASCII characters 33 to 126 */ |
|||
A large number of password generator programs and websites are available on the Internet. Their quality varies and can be hard to assess if there is no clear description of the source of randomness that is used and if source code is not provided to allow claims to be checked. Furthermore, and probably most importantly, transmitting candidate passwords over the Internet raises obvious security concerns, particularly if the connection to the password generation site's program is not properly secured or if the site is compromised in some way. Without a [[secure channel]], it is not possible to prevent eavesdropping, especially over public networks such as the [[Internet]]. A possible solution to this issue is to generate the password using a client-side programming language such as JavaScript. The advantage of this approach is that the generated password stays in the client computer and is not transmitted to or from an external server.{{Original research inline|date=April 2024}} |
|||
while (length--) { |
|||
putchar(rand() % 94 + 33); |
|||
} |
|||
=== Web Cryptography API === |
|||
printf("\n"); |
|||
The '''[[Web Cryptography API]]''' is the [[World Wide Web Consortium]]’s (W3C) recommendation for a low-level interface that would increase the security of [[Web application|web applications]] by allowing them to perform [[Cryptography|cryptographic functions]] without having to access raw keying material. The Web Crypto API provides a reliable way to generate passwords using the <code>crypto.getRandomValues()</code> method. Here is the simple Javascript code that generate the strong password using web crypto API.<ref>{{Cite web |title=Generate a Secure Random Password Using Web Crypto API and Javascript |url=https://gist.github.com/fearspear/4d757e956b0ff92ad0412691fbfc322f |access-date=2024-01-06 |website=github.com}}</ref><ref>{{Cite web |title=Step-by-step process of creating a robust password using Web Crypto API |url=https://passwordlab.io/blog/step-by-step-process-of-creating-a-robust-password-using-web-crypto-api |access-date=2024-01-06 |website=passwordlab.io}}</ref> |
|||
== FIPS 181 standard == |
|||
return EXIT_SUCCESS; |
|||
Many computer systems already have an application (typically named "apg") to implement the password generator standard FIPS 181.<ref>{{Cite web |title=StrongPasswords – Community Help Wiki |url=https://help.ubuntu.com/community/StrongPasswords |access-date=2016-03-25 |website=help.ubuntu.com}}</ref> [[cryptography standards#U.S. Government Federal Information Processing Standards (FIPS)|FIPS 181]]—Automated Password Generator—describes a standard process for converting random bits (from a hardware random number generator) into somewhat pronounceable "words" suitable for a passphrase.<ref> |
|||
} |
|||
NIST. [http://www.itl.nist.gov/fipspubs/fip181.htm Automated Password Generator standard] [[Federal Information Processing Standard|FIPS]] 181 |
|||
</syntaxhighlight> |
|||
</ref> However, in 1994 an attack on the FIPS 181 algorithm was discovered, such that an attacker can expect, on average, to break into 1% of accounts that have passwords based on the algorithm, after searching just 1.6 million passwords. This is due to the non-uniformity in the distribution of passwords generated, which can be addressed by using longer passwords or by modifying the algorithm.<ref>{{cite conference |author1=Shay, Richard |author2=Kelley, Patrick Gage |author3=Komanduri, Saranga |author4=Mazurek, Michelle L. |author5=Ur, Blase |author6=Vidas, Timothy |author7=Bauer, Lujo |author8=Christin, Nicolas |author9=Cranor, Lorrie Faith |year=2012 |title=Correct horse battery staple: Exploring the usability of system-assigned passphrases |url=http://www.andrew.cmu.edu/user/nicolasc/publications/Shay-SOUPS12.pdf |conference=SOUPS '12 Proceedings of the Eighth Symposium on Usable Privacy and Security |doi=10.1145/2335356.2335366}}</ref><ref>{{Cite journal |last1=Ganesan |first1=Ravi |last2=Davies |first2=Chris |year=1994 |title=A New Attack on Random Pronounceable Password Generators |url=http://csrc.nist.gov/publications/history/nissc/1994-17th-NCSC-proceedings-vol-1.pdf |journal=Proceedings of the 17th {NIST}-<nowiki/>{NCSC} National Computer Security Conference |publisher=NIST |pages=184–197 |access-date=2014-12-17}}</ref> |
|||
==Mechanical methods== |
|||
In this case, the standard C function ''rand'', which is a [[pseudo-random number generator]], is initially seeded using the C functions ''time'', but later iterations use ''rand'' instead. According to the ANSI C standard, ''time'' returns a value of type ''[[time_t]]'', which is implementation-defined, but most commonly a 32-bit integer containing the current number of seconds since January 1, 1970 (''see:'' [[Unix time]]). There are about 31 million seconds in a year, so an attacker who knows the year (a simple matter in situations where frequent password changes are mandated by [[password policy]]) and the [[Process identifier|process ID]] that the password was generated with, faces a relatively small number, by cryptographic standards, of choices to test. If the attacker knows more accurately when the password was generated, he faces an even smaller number of candidates to test – a serious flaw in this implementation.{{Citation needed|date=November 2022}} |
|||
In situations where the attacker can obtain an encrypted version of the password, such testing can be performed rapidly enough so that a few million trial passwords can be checked in a matter of seconds. ''See:'' [[password cracking]]. |
|||
The function ''rand'' presents another problem. All pseudo-random number generators have an internal memory or '''state.''' The size of that state determines the maximum number of different values it can produce: an ''n''-bit state can produce at most <math>2^n</math> different values. On many systems ''rand'' has a 31 or 32-bit state, which is already a significant security limitation. Microsoft documentation does not describe the internal state of the [[Visual C++]] implementation of the [[C standard library]] ''rand,'' but it has only 32767 possible outputs (15 bits) per call.<ref>{{Cite web|url=https://docs.microsoft.com/en-us/cpp/c-runtime-library/rand-max|title=RAND_MAX|website=docs.microsoft.com}}</ref> Microsoft recommends a different, more secure function, rand_s, be used instead. The output of rand_s is cryptographically secure, according to Microsoft, and it does not use the seed loaded by the srand function. However its programming interface differs from rand.<ref>{{Cite web|url=https://www.microsoft.com/en-us/download/details.aspx?id=55984|title=Visual Studio 2005 Retired documentation|website=Microsoft Download Center}}</ref> |
|||
=== PHP === |
|||
<syntaxhighlight lang="php"> |
|||
function pass_gen(int $length = 8): string |
|||
{ |
|||
$pass = array(); |
|||
for ($i = 0; $i < $length; $i++) { |
|||
$pass[] = chr(mt_rand(32, 126)); |
|||
} |
|||
return implode($pass); |
|||
} |
|||
</syntaxhighlight> |
|||
In the second case, the PHP function ''microtime''<ref>{{Cite web|url=https://www.php.net/microtime|title=PHP: microtime – Manual|website=php.net}}</ref> is used, which returns the current Unix timestamp with microseconds. This increases the number of possibilities, but someone with a good guess of when the password was generated, for example, the date an employee started work, still has a reasonably small search space. Also, some operating systems do not provide time to microsecond resolution, sharply reducing the number of choices. Finally, the ''rand''<ref>{{Cite web|url=https://www.php.net/manual/en/function.rand.php|title=PHP: rand – Manual|website=php.net}}</ref> function usually uses the underlying C ''rand'' function, and may have a small state space, depending on how it is implemented. An alternative random number generator, mt_rand, which is based on the [[Mersenne Twister]] pseudorandom number generator, is available in PHP, but it also has a 32-bit state. There are proposals for adding strong random number generation to PHP.<ref>{{cite web |url=http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/ |title=Archived copy |access-date=2008-10-17 |url-status=dead |archive-url=https://web.archive.org/web/20081019192015/http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/ |archive-date=2008-10-19 }}</ref> |
|||
==Stronger methods== |
|||
A variety of methods exist for generating strong, cryptographically secure random passwords. On [[Unix]] platforms [[/dev/random|/dev/random and /dev/urandom]] are commonly used, either programmatically or in conjunction with a program such as makepasswd.<ref>{{Cite web|url=http://www.cyberciti.biz/faq/generating-random-password/|title=Linux / UNIX: Generating Random Password With mkpasswd / makepasswd / pwgen|website=cyberciti.biz|date=November 2007}}</ref> Windows programmers can use the [[Cryptographic Application Programming Interface]] function [[CryptGenRandom]]. The [[Java (programming language)|Java programming language]] includes a class called [http://docs.oracle.com/javase/7/docs/api/java/security/SecureRandom.html ''SecureRandom'']. Another possibility is to derive randomness by measuring some external phenomenon, such as timing user keyboard input. |
|||
Many computer systems already have an application (typically named "apg") to implement FIPS 181.<ref>{{Cite web|url=https://help.ubuntu.com/community/StrongPasswords|title=StrongPasswords – Community Help Wiki|website=help.ubuntu.com|access-date=2016-03-25}}</ref> [[cryptography standards#U.S. Government Federal Information Processing Standards (FIPS)|FIPS 181]]—Automated Password Generator—describes a standard process for converting random bits (from a hardware random number generator) into somewhat pronounceable "words" suitable for a passphrase.<ref> |
|||
NIST. |
|||
[http://www.itl.nist.gov/fipspubs/fip181.htm Automated Password Generator standard [[Federal Information Processing Standard|FIPS]] 181] |
|||
</ref> However, in 1994 an attack on the FIPS 181 algorithm was discovered, such that an attacker can expect, on average, to break into 1% of accounts that have passwords based on the algorithm, after searching just 1.6 million passwords. This is due to the non-uniformity in the distribution of passwords generated, which can be addressed by using longer passwords or by modifying the algorithm.<ref>{{cite conference|url=http://www.andrew.cmu.edu/user/nicolasc/publications/Shay-SOUPS12.pdf|title=Correct horse battery staple: Exploring the usability of system-assigned passphrases|conference=SOUPS '12 Proceedings of the Eighth Symposium on Usable Privacy and Security|doi=10.1145/2335356.2335366|year=2012|author1=Shay, Richard|author2=Kelley, Patrick Gage|author3=Komanduri, Saranga|author4=Mazurek, Michelle L.|author5=Ur, Blase|author6=Vidas, Timothy|author7=Bauer, Lujo|author8= Christin, Nicolas |author9= Cranor, Lorrie Faith}}</ref><ref>{{Cite journal |
|||
| last1 = Ganesan |
|||
| first1 = Ravi |
|||
| last2 = Davies |
|||
| first2 = Chris |
|||
| year = 1994 |
|||
| title = A New Attack on Random Pronounceable Password Generators |
|||
| journal = Proceedings of the 17th {NIST}-<nowiki/>{NCSC} National Computer Security Conference |
|||
| pages = 184–197 |
|||
| publisher = NIST |
|||
| url = http://csrc.nist.gov/publications/history/nissc/1994-17th-NCSC-proceedings-vol-1.pdf |
|||
| access-date = 2014-12-17 |
|||
}}</ref> |
|||
=== Bash === |
|||
Here is a code sample that uses [[/dev/urandom]] to generate a password with a simple [[Bash (Unix shell)|Bash]] function. This function takes password length as a parameter, or uses 16 by default: |
|||
<syntaxhighlight lang=bash> |
|||
function mkpw() { LC_ALL=C tr -dc '[:graph:]' < /dev/urandom | head -c ${1:-16}; echo; } |
|||
</syntaxhighlight> |
|||
=== Java === |
|||
Here is a code sample (adapted from the class PasswordGenerator<ref>{{Cite web|url=https://www.tapatalk.com/groups/crypto/rate-my-random-password-generator-t817.html|title=Rate my random password generator!|website=Crypto}}</ref>) that uses [[SecureRandom]] to generate a 10 hexadecimal character password: |
|||
<syntaxhighlight lang="java"> |
|||
char[] symbols = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; |
|||
int length = 10; |
|||
Random random = SecureRandom.getInstanceStrong(); // as of JDK 8, this returns a SecureRandom implementation known to be strong |
|||
StringBuilder sb = new StringBuilder(length); |
|||
for (int i = 0; i < length; i++) { |
|||
int randomIndex = random.nextInt(symbols.length); |
|||
sb.append(symbols[randomIndex]); |
|||
} |
|||
String password = sb.toString(); |
|||
</syntaxhighlight> |
|||
=== JavaScript === |
|||
This example uses the [[Node.js]] [https://nodejs.org/api/crypto.html Crypto module] to generate cryptographically secure random numbers with uniform distribution. |
|||
<syntaxhighlight lang="javascript"> |
|||
"use strict"; |
|||
const { randomInt } = require("crypto"); |
|||
const secret = (length = 64) => { |
|||
const upperCase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; |
|||
const lowerCase = "abcdefghijklmnopqrstuvwxyz"; |
|||
const digits = "0123456789"; |
|||
const minus = "-"; |
|||
const underline = "_"; |
|||
const special = "!\"#$%&'*+,./:;=?@\\^`|~"; |
|||
const brackets = "[]{}()<>"; |
|||
const ambiguous = "01lIO"; |
|||
const all = upperCase + lowerCase + digits + minus + underline + special + brackets + ambiguous; |
|||
let secret = ""; |
|||
for (let index = 0; index < length; index++) secret += all.charAt(randomInt(all.length)); |
|||
return secret; |
|||
}; |
|||
</syntaxhighlight> |
|||
===Perl=== |
|||
This example uses the Crypt::Random::Source module to find a source of strong random numbers (which is platform dependent). |
|||
<syntaxhighlight lang="perl"> |
|||
use Crypt::Random::Source qw(get_strong); |
|||
while(length($out) < 15) { |
|||
my $a = get_strong(1); |
|||
$a =~ s/[^[:graph:]]//g; |
|||
$out .= $a; |
|||
} |
|||
print $out; |
|||
</syntaxhighlight> |
|||
===Python=== |
|||
The language [[Python (programming language)|Python]] includes a SystemRandom class that obtains cryptographic grade random bits from /dev/urandom on a Unix-like system, including Linux and macOS, while on Windows it uses CryptGenRandom.<ref>{{Cite web|url=https://docs.python.org/py3k/library/random.html|title=9.6. random — Generate pseudo-random numbers — Python 3.5.1 documentation|website=docs.python.org|access-date=2016-03-25}}</ref><ref>{{Cite web|url=https://docs.python.org/py3k/library/os.html#os.urandom|title=16.1. os — Miscellaneous operating system interfaces — Python 3.5.1 documentation|website=docs.python.org|access-date=2016-03-25}}</ref> Here is a simple Python script that demonstrates the use of this class: |
|||
<syntaxhighlight lang="python"> |
|||
#!/usr/bin/env python3 |
|||
import random, string |
|||
myrg = random.SystemRandom() |
|||
length = 10 |
|||
alphabet = string.ascii_letters + string.digits # a-z A-Z 0-9 |
|||
password = "".join(myrg.choice(alphabet) for _ in range(length)) |
|||
print(password) |
|||
</syntaxhighlight> |
|||
===PHP=== |
|||
A PHP program can open and read from /dev/urandom, if available, or invoke the Microsoft utilities.<ref>{{Cite web|url=https://what.thedailywtf.com/topic/6891/quot-secure-quot-random-numbers-in-php/1|title="Secure" Random Numbers in PHP|date=April 18, 2010|website=What the Daily WTF?}}</ref> A third option, if [[OpenSSL]] is available is to employ the function ''openssl_random_pseudo_bytes'.'''<ref>{{Cite web|url=http://php.net/manual/en/function.openssl-random-pseudo-bytes.php|title=PHP: openssl_random_pseudo_bytes – Manual|website=php.net|access-date=2016-03-25}}</ref> |
|||
===Mechanical methods=== |
|||
Yet another method is to use physical devices such as [[dice]] to generate the randomness. One simple way to do this uses a 6 by 6 table of characters. The first die roll selects a row in the table and the second a column. So, for example, a roll of 2 followed by a roll of 4 would select the letter ''"j"'' from the [[transposition cipher#Fractionation|fractionation]] table below.<ref>Levine, John R., Ed.: ''Internet Secrets'', Second edition, page 831 ff. John Wiley and Sons.</ref> To generate upper/lower case characters or some symbols a coin flip can be used, heads capital, tails lower case. If a digit was selected in the dice rolls, a heads coin flip might select the symbol above it on a standard keyboard, such as the '$' above the '4' instead of '4'. |
Yet another method is to use physical devices such as [[dice]] to generate the randomness. One simple way to do this uses a 6 by 6 table of characters. The first die roll selects a row in the table and the second a column. So, for example, a roll of 2 followed by a roll of 4 would select the letter ''"j"'' from the [[transposition cipher#Fractionation|fractionation]] table below.<ref>Levine, John R., Ed.: ''Internet Secrets'', Second edition, page 831 ff. John Wiley and Sons.</ref> To generate upper/lower case characters or some symbols a coin flip can be used, heads capital, tails lower case. If a digit was selected in the dice rolls, a heads coin flip might select the symbol above it on a standard keyboard, such as the '$' above the '4' instead of '4'. |
||
:{| class="wikitable" |
:{| class="wikitable" |
||
! |
! |
||
| Line 212: | Line 86: | ||
! 9 |
! 9 |
||
|} |
|} |
||
==Type and strength of password generated== |
|||
{{duplication|section=yes|dupe=Password strength|date=August 2018}} |
|||
Random password generators normally output a string of symbols of specified length. These can be individual characters from some character set, syllables designed to form pronounceable passwords, or words from some word list to form a [[passphrase]]. The program can be customized to ensure the resulting password complies with the local password policy, say by always producing a mix of letters, numbers and special characters. Such policies typically reduce strength slightly below the formula that follows, because symbols are no longer independently produced. |
|||
The [[Password strength]] of a random password against a particular attack ([[brute-force search]]), can be calculated by computing the [[information entropy]] of the random process that produced it. If each symbol in the password is produced independently and with uniform probability, the entropy in bits is given by the formula |
|||
:<math>H = L\,\log_2 N = L {\log N \over \log 2}</math> |
|||
where ''N'' is the number of possible symbols and ''L'' is the number of symbols in the password. The function log<sub>2</sub> is the [[binary logarithm|base-2 logarithm]]. ''H'' is typically measured in [[bit]]s.<ref>Schneier, B: ''Applied Cryptography'', Second edition, page 233 ff. John Wiley and Sons.</ref><ref name=NIST>{{cite journal | url = http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf | title = Electronic Authentication Guideline | year = 2006 | publisher = NIST | doi = 10.6028/NIST.SP.800-63v1.0.2 | last1 = Burr | first1 = W. E. | last2 = Dodson | first2 = D. F. | last3 = Polk | first3 = W. T. }}</ref> |
|||
:{| class="wikitable" |
|||
|+ Entropy per symbol for different symbol sets |
|||
! Symbol set || Symbol count ''N'' || Entropy per symbol ''H'' |
|||
|- |
|||
| [[Arabic numerals]] (0–9) (e.g. [[Personal identification number|PIN]]) || 10 || 3.32 bits |
|||
|- |
|||
| [[Hexadecimal]] numerals (0–9, A–F) (e.g. [[Wired Equivalent Privacy|WEP key]]) || 16 || 4.00 bits |
|||
|- |
|||
| [[Case sensitivity|Case insensitive]] [[Latin alphabet]] (a–z or A–Z) || 26 || 4.70 bits |
|||
|- |
|||
| Case insensitive [[alphanumeric]] (a–z or A–Z, 0–9) || 36 || 5.17 bits |
|||
|- |
|||
| [[Case sensitivity|Case sensitive]] Latin alphabet (a–z, A–Z) || 52 || 5.70 bits |
|||
|- |
|||
| Case sensitive alphanumeric (a–z, A–Z, 0–9) || 62 || 5.95 bits |
|||
|- |
|||
| All [[ASCII#Printable characters|ASCII printable characters]]{{efn|name=excludespace|Excluding the "space" character.}} || 94 || 6.55 bits |
|||
|- |
|||
| [[Diceware]] word list || 7776 || 12.9 bits |
|||
|- |
|||
|} |
|||
{| class="wikitable" |
|||
|+ Lengths ''L'' of truly randomly generated passwords required to achieve desired a password entropy ''H'' for symbol sets containing ''N'' symbols. |
|||
|- |
|||
! Desired password entropy ''H'' !! [[Arabic numerals]] !! [[Hexadecimal]] !! [[Case sensitivity|Case insensitive]] [[Latin alphabet]] !! Case insensitive [[alphanumeric]] !! [[Case sensitivity|Case sensitive]] Latin alphabet !! Case sensitive alphanumeric !! All [[ASCII#Printable_characters|ASCII printable characters]]{{efn|name=excludespace}} !! All [[Extended ASCII|extended ASCII printable characters]] !! [[Diceware]] word list |
|||
|- |
|||
| 32 bits || {{#expr:ceil(32/(ln10/ln2))}} || {{#expr:ceil(32/(ln16/ln2))}} || {{#expr:ceil(32/(ln26/ln2))}} || {{#expr:ceil(32/(ln36/ln2))}} || {{#expr:ceil(32/(ln52/ln2))}} || {{#expr:ceil(32/(ln62/ln2))}} || {{#expr:ceil(32/(ln94/ln2))}} || {{#expr:ceil(32/(ln218/ln2))}} || {{#expr:ceil(32/(ln7776/ln2))}} |
|||
|- |
|||
| 40 bits || {{#expr:ceil(40/(ln10/ln2))}} || {{#expr:ceil(40/(ln16/ln2))}} || {{#expr:ceil(40/(ln26/ln2))}} || {{#expr:ceil(40/(ln36/ln2))}} || {{#expr:ceil(40/(ln52/ln2))}} || {{#expr:ceil(40/(ln62/ln2))}} || {{#expr:ceil(40/(ln94/ln2))}} || {{#expr:ceil(40/(ln218/ln2))}} || {{#expr:ceil(40/(ln7776/ln2))}} |
|||
|- |
|||
| 64 bits || {{#expr:ceil(64/(ln10/ln2))}} || {{#expr:ceil(64/(ln16/ln2))}} || {{#expr:ceil(64/(ln26/ln2))}} || {{#expr:ceil(64/(ln36/ln2))}} || {{#expr:ceil(64/(ln52/ln2))}} || {{#expr:ceil(64/(ln62/ln2))}} || {{#expr:ceil(64/(ln94/ln2))}} || {{#expr:ceil(64/(ln218/ln2))}} || {{#expr:ceil(64/(ln7776/ln2))}} |
|||
|- |
|||
| 80 bits || {{#expr:ceil(80/(ln10/ln2))}} || {{#expr:ceil(80/(ln16/ln2))}} || {{#expr:ceil(80/(ln26/ln2))}} || {{#expr:ceil(80/(ln36/ln2))}} || {{#expr:ceil(80/(ln52/ln2))}} || {{#expr:ceil(80/(ln62/ln2))}} || {{#expr:ceil(80/(ln94/ln2))}} || {{#expr:ceil(80/(ln218/ln2))}} || {{#expr:ceil(80/(ln7776/ln2))}} |
|||
|- |
|||
| 96 bits || {{#expr:ceil(96/(ln10/ln2))}} || {{#expr:ceil(96/(ln16/ln2))}} || {{#expr:ceil(96/(ln26/ln2))}} || {{#expr:ceil(96/(ln36/ln2))}} || {{#expr:ceil(96/(ln52/ln2))}} || {{#expr:ceil(96/(ln62/ln2))}} || {{#expr:ceil(96/(ln94/ln2))}} || {{#expr:ceil(96/(ln218/ln2))}} || {{#expr:ceil(96/(ln7776/ln2))}} |
|||
|- |
|||
| 128 bits || {{#expr:ceil(128/(ln10/ln2))}} || {{#expr:ceil(128/(ln16/ln2))}} || {{#expr:ceil(128/(ln26/ln2))}} || {{#expr:ceil(128/(ln36/ln2))}} || {{#expr:ceil(128/(ln52/ln2))}} || {{#expr:ceil(128/(ln62/ln2))}} || {{#expr:ceil(128/(ln94/ln2))}} || {{#expr:ceil(128/(ln218/ln2))}} || {{#expr:ceil(128/(ln7776/ln2))}} |
|||
|- |
|||
| 160 bits || {{#expr:ceil(160/(ln10/ln2))}} || {{#expr:ceil(160/(ln16/ln2))}} || {{#expr:ceil(160/(ln26/ln2))}} || {{#expr:ceil(160/(ln36/ln2))}} || {{#expr:ceil(160/(ln52/ln2))}} || {{#expr:ceil(160/(ln62/ln2))}} || {{#expr:ceil(160/(ln94/ln2))}} || {{#expr:ceil(160/(ln218/ln2))}} || {{#expr:ceil(160/(ln7776/ln2))}} |
|||
|- |
|||
| 192 bits || {{#expr:ceil(192/(ln10/ln2))}} || {{#expr:ceil(192/(ln16/ln2))}} || {{#expr:ceil(192/(ln26/ln2))}} || {{#expr:ceil(192/(ln36/ln2))}} || {{#expr:ceil(192/(ln52/ln2))}} || {{#expr:ceil(192/(ln62/ln2))}} || {{#expr:ceil(192/(ln94/ln2))}} || {{#expr:ceil(192/(ln218/ln2))}} || {{#expr:ceil(192/(ln7776/ln2))}} |
|||
|- |
|||
| 224 bits || {{#expr:ceil(224/(ln10/ln2))}} || {{#expr:ceil(224/(ln16/ln2))}} || {{#expr:ceil(224/(ln26/ln2))}} || {{#expr:ceil(224/(ln36/ln2))}} || {{#expr:ceil(224/(ln52/ln2))}} || {{#expr:ceil(224/(ln62/ln2))}} || {{#expr:ceil(224/(ln94/ln2))}} || {{#expr:ceil(224/(ln218/ln2))}} || {{#expr:ceil(224/(ln7776/ln2))}} |
|||
|- |
|||
| 256 bits || {{#expr:ceil(256/(ln10/ln2))}} || {{#expr:ceil(256/(ln16/ln2))}} || {{#expr:ceil(256/(ln26/ln2))}} || {{#expr:ceil(256/(ln36/ln2))}} || {{#expr:ceil(256/(ln52/ln2))}} || {{#expr:ceil(256/(ln62/ln2))}} || {{#expr:ceil(256/(ln94/ln2))}} || {{#expr:ceil(256/(ln218/ln2))}} || {{#expr:ceil(256/(ln7776/ln2))}} |
|||
|- |
|||
| 384 bits || {{#expr:ceil(384/(ln10/ln2))}} || {{#expr:ceil(384/(ln16/ln2))}} || {{#expr:ceil(384/(ln26/ln2))}} || {{#expr:ceil(384/(ln36/ln2))}} || {{#expr:ceil(384/(ln52/ln2))}} || {{#expr:ceil(384/(ln62/ln2))}} || {{#expr:ceil(384/(ln94/ln2))}} || {{#expr:ceil(384/(ln218/ln2))}} || {{#expr:ceil(384/(ln7776/ln2))}} |
|||
|- |
|||
| 512 bits || {{#expr:ceil(512/(ln10/ln2))}} || {{#expr:ceil(512/(ln16/ln2))}} || {{#expr:ceil(512/(ln26/ln2))}} || {{#expr:ceil(512/(ln36/ln2))}} || {{#expr:ceil(512/(ln52/ln2))}} || {{#expr:ceil(512/(ln62/ln2))}} || {{#expr:ceil(512/(ln94/ln2))}} || {{#expr:ceil(512/(ln218/ln2))}} || {{#expr:ceil(512/(ln7776/ln2))}} |
|||
|- |
|||
| 1024 bits || {{#expr:ceil(1024/(ln10/ln2))}} || {{#expr:ceil(1024/(ln16/ln2))}} || {{#expr:ceil(1024/(ln26/ln2))}} || {{#expr:ceil(1024/(ln36/ln2))}} || {{#expr:ceil(1024/(ln52/ln2))}} || {{#expr:ceil(1024/(ln62/ln2))}} || {{#expr:ceil(1024/(ln94/ln2))}} || {{#expr:ceil(1024/(ln218/ln2))}} || {{#expr:ceil(1024/(ln7776/ln2))}} |
|||
|} |
|||
{{notelist}} |
|||
Any password generator is limited by the state space of the pseudo-random number generator used if it is based on one. Thus a password generated using a 32-bit generator is limited to 32 bits entropy, regardless of the number of characters the password contains. |
|||
Note, however, that a different type of attack might succeed against a password evaluated as 'very strong' by the above calculation. |
|||
==Password generator programs and websites== |
|||
A large number of password generator programs and websites are available on the Internet. Their quality varies and can be hard to assess if there is no clear description of the source of randomness that is used and if source code is not provided to allow claims to be checked. Furthermore, and probably most importantly, transmitting candidate passwords over the Internet raises obvious security concerns, particularly if the connection to the password generation site's program is not properly secured or if the site is compromised in some way. Without a [[secure channel]], it is not possible to prevent eavesdropping, especially over public networks such as the [[Internet]]. A possible solution to this issue is to generate the password using a client-side programming language such as JavaScript. The advantage of this approach is that the generated password stays in the client computer and is not transmitted to or from an external server. |
|||
==See also== |
==See also== |
||
| Line 305: | Line 105: | ||
<!-- Please do not add links to specific password generator websites and programs here. They will be removed. See WP:SPAM --> |
<!-- Please do not add links to specific password generator websites and programs here. They will be removed. See WP:SPAM --> |
||
* [https://www.passwordshielder.com/ Random Password Generator] Online [Free] |
|||
<!-- Please do not add links to specific password generator websites and programs here. They will be removed. See WP:SPAM --> |
<!-- Please do not add links to specific password generator websites and programs here. They will be removed. See WP:SPAM --> |
||
Latest revision as of 11:29, 24 June 2024
 | This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)
|
A random password generator is a software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password. Random passwords can be generated manually, using simple sources of randomness such as dice or coins, or they can be generated using a computer.
While there are many examples of "random" password generator programs available on the Internet, generating randomness can be tricky, and many programs do not generate random characters in a way that ensures strong security. A common recommendation is to use open source security tools where possible, since they allow independent checks on the quality of the methods used. Simply generating a password at random does not ensure the password is a strong password, because it is possible, although highly unlikely, to generate an easily guessed or cracked password. In fact, there is no need at all for a password to have been produced by a perfectly random process: it just needs to be sufficiently difficult to guess.
A password generator can be part of a password manager. When a password policy enforces complex rules, it can be easier to use a password generator based on that set of rules than to manually create passwords.
Long strings of random characters are difficult for most people to memorize. Mnemonic hashes, which reversibly convert random strings into more memorable passwords, can substantially improve the ease of memorization. As the hash can be processed by a computer to recover the original 60-bit string, it has at least as much information content as the original string.[1] Similar techniques are used in memory sport.
Password type and strength
[edit] |
Random password generators normally output a string of symbols of specified length. These can be individual characters from some character set, syllables designed to form pronounceable passwords, or words from some word list to form a passphrase. The program can be customized to ensure the resulting password complies with the local password policy, say by always producing a mix of letters, numbers and special characters. Such policies typically reduce strength slightly below the formula that follows, because symbols are no longer independently produced.[citation needed]
The Password strength of a random password against a particular attack (brute-force search), can be calculated by computing the information entropy of the random process that produced it. If each symbol in the password is produced independently and with uniform probability, the entropy in bits is given by the formula , where N is the number of possible symbols and L is the number of symbols in the password. The function log2 is the base-2 logarithm. H is typically measured in bits.[2][3]
Any password generator is limited by the state space of the pseudo-random number generator used if it is based on one. Thus a password generated using a 32-bit generator is limited to 32 bits entropy, regardless of the number of characters the password contains.[citation needed]
Websites
[edit]A large number of password generator programs and websites are available on the Internet. Their quality varies and can be hard to assess if there is no clear description of the source of randomness that is used and if source code is not provided to allow claims to be checked. Furthermore, and probably most importantly, transmitting candidate passwords over the Internet raises obvious security concerns, particularly if the connection to the password generation site's program is not properly secured or if the site is compromised in some way. Without a secure channel, it is not possible to prevent eavesdropping, especially over public networks such as the Internet. A possible solution to this issue is to generate the password using a client-side programming language such as JavaScript. The advantage of this approach is that the generated password stays in the client computer and is not transmitted to or from an external server.[original research?]
Web Cryptography API
[edit]The Web Cryptography API is the World Wide Web Consortium’s (W3C) recommendation for a low-level interface that would increase the security of web applications by allowing them to perform cryptographic functions without having to access raw keying material. The Web Crypto API provides a reliable way to generate passwords using the crypto.getRandomValues() method. Here is the simple Javascript code that generate the strong password using web crypto API.[4][5]
FIPS 181 standard
[edit]Many computer systems already have an application (typically named "apg") to implement the password generator standard FIPS 181.[6] FIPS 181—Automated Password Generator—describes a standard process for converting random bits (from a hardware random number generator) into somewhat pronounceable "words" suitable for a passphrase.[7] However, in 1994 an attack on the FIPS 181 algorithm was discovered, such that an attacker can expect, on average, to break into 1% of accounts that have passwords based on the algorithm, after searching just 1.6 million passwords. This is due to the non-uniformity in the distribution of passwords generated, which can be addressed by using longer passwords or by modifying the algorithm.[8][9]
Mechanical methods
[edit]Yet another method is to use physical devices such as dice to generate the randomness. One simple way to do this uses a 6 by 6 table of characters. The first die roll selects a row in the table and the second a column. So, for example, a roll of 2 followed by a roll of 4 would select the letter "j" from the fractionation table below.[10] To generate upper/lower case characters or some symbols a coin flip can be used, heads capital, tails lower case. If a digit was selected in the dice rolls, a heads coin flip might select the symbol above it on a standard keyboard, such as the '$' above the '4' instead of '4'.
1 2 3 4 5 6 1 a b c d e f 2 g h i j k l 3 m n o p q r 4 s t u v w x 5 y z 0 1 2 3 6 4 5 6 7 8 9
See also
[edit]- Cryptographically secure pseudorandom number generator
- Diceware
- Hardware random number generator
- Key size
- Master Password (algorithm)
- Password length parameter
- Password manager
References
[edit]- ^ Ghazvininejad, Marjan; Knight, Kevin (May–June 2015). "How to Memorize a Random 60-Bit String" (PDF). Proceedings of the 2015 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies. Vol. Proceedings of the 2015 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies. Denver, Colorado: Association for Computational Linguistics. pp. 1569–1575. doi:10.3115/v1/N15-1180. S2CID 8028691.
- ^ Schneier, B: Applied Cryptography, Second edition, page 233 ff. John Wiley and Sons.
- ^ Burr, W. E.; Dodson, D. F.; Polk, W. T. (2006). "Electronic Authentication Guideline" (PDF). NIST. doi:10.6028/NIST.SP.800-63v1.0.2.
{{cite journal}}: Cite journal requires|journal=(help) - ^ "Generate a Secure Random Password Using Web Crypto API and Javascript". github.com. Retrieved 2024-01-06.
- ^ "Step-by-step process of creating a robust password using Web Crypto API". passwordlab.io. Retrieved 2024-01-06.
- ^ "StrongPasswords – Community Help Wiki". help.ubuntu.com. Retrieved 2016-03-25.
- ^ NIST. Automated Password Generator standard FIPS 181
- ^ Shay, Richard; Kelley, Patrick Gage; Komanduri, Saranga; Mazurek, Michelle L.; Ur, Blase; Vidas, Timothy; Bauer, Lujo; Christin, Nicolas; Cranor, Lorrie Faith (2012). Correct horse battery staple: Exploring the usability of system-assigned passphrases (PDF). SOUPS '12 Proceedings of the Eighth Symposium on Usable Privacy and Security. doi:10.1145/2335356.2335366.
- ^ Ganesan, Ravi; Davies, Chris (1994). "A New Attack on Random Pronounceable Password Generators" (PDF). Proceedings of the 17th {NIST}-{NCSC} National Computer Security Conference. NIST: 184–197. Retrieved 2014-12-17.
- ^ Levine, John R., Ed.: Internet Secrets, Second edition, page 831 ff. John Wiley and Sons.
External links
[edit]- Cryptographically Secure Random number on Windows without using CryptoAPI from MSDN
- RFC 4086 on Randomness Recommendations for Security (Replaces earlier RFC 1750.)