Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

2014-11-09 Thread Ben Finney 
Package: wnpp
Severity: wishlist
Owner: Ben Finney 

* Package name: xkcdpass
  Version : 1.2.2
  Upstream Author : Steven Tobin 
* URL : https://pypi.python.org/pypi/xkcdpass/
* License : BSD-3
  Programming Lang: Python
  Description : secure passphrase generator inspired by XKCD 936
  A flexible and scriptable password generator which generates strong
  passphrases, inspired by XKCD 936:
  .
  $ xkcdpass
  > correct horse battery staple

-- 
 \   “The future always arrives too fast, and in the wrong order.” |
  `\—Alvin Toffler |
_o__)  |
Ben Finney 


signature.asc
Description: Digital signature

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

2014-11-09 Thread Simon McVittie 
On 09/11/14 08:21, Ben Finney wrote:
> * Package name: xkcdpass
...
>   A flexible and scriptable password generator which generates strong
>   passphrases, inspired by XKCD 936:

Does this have significant advantages over pwqgen, in the passwdqc package?

How many bits of entropy does it typically produce?

Example pwqgen output with default settings:

% pwqgen
wary$Nobody5leafy

Regards,
S


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/545f6b5a.5040...@debian.org

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

2014-11-09 Thread Clint Byrum 
Excerpts from Simon McVittie's message of 2014-11-09 05:25:46 -0800:
> On 09/11/14 08:21, Ben Finney wrote:
> > * Package name: xkcdpass
> ...
> >   A flexible and scriptable password generator which generates strong
> >   passphrases, inspired by XKCD 936:
> 
> Does this have significant advantages over pwqgen, in the passwdqc package?
> 
> How many bits of entropy does it typically produce?
> 
> Example pwqgen output with default settings:
> 
> % pwqgen
> wary$Nobody5leafy

With that, I have to remember that Nobody is capitalized, and that the
spaces are replaced by $ and 5. The other approach accepts that we are
forgetful and so uses spaces. But it also has the weakness that if the
approach and the separators are suspected, one can very cheaply run a
dictionary attack before brute forcing random characters (and in fact
this is what many password cracking tools do). If you add in random
separators and capitalization that does nearly achieve the proclaimed
complexity that the xkcd article was suggesting. So it seems to this
lay-person that pwqgen is a better choice.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1415541625-sup-7...@fewbar.com

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

2014-11-09 Thread Simon McVittie 
On 09/11/14 14:25, Clint Byrum wrote:
> With that, I have to remember that Nobody is capitalized, and that the
> spaces are replaced by $ and 5. The other approach accepts that we are
> forgetful and so uses spaces. But it also has the weakness that if the
> approach and the separators are suspected, one can very cheaply run a
> dictionary attack before brute forcing random characters (and in fact
> this is what many password cracking tools do).

It's a trade-off. I didn't say "this is unacceptable because...", I only
asked the question.

The cost of a dictionary attack goes up exponentially with the number of
bits of entropy in the password or passphrase, which is why I asked how
much entropy this tool has. IMO, the right way to assess the quality of
the passphrases produced by one of these tools is to assume that the
attacker knows which tool you use, and its settings (word list, whether
to use punctuation, etc.), and see how many attempts it would take them
with that knowledge; then compare that with how memorable the results
are. Each bit of entropy doubles the number of possibilities that an
attacker needs to try.

pwqgen defaults to generating a passphrase with 47 bits of entropy. I
think it primarily includes capitals, punctuation and digits as a
workaround for sites that require passwords to contain these, rather
than as a way to increase entropy: after all, randomly choosing whether
each word has an initial capital only adds 1 bit of entropy per word.

Diceware[1] is an implementation of a similar algorithm designed to be
used via physical dice rather than a computer's pseudorandom number
generator. It uses 5 die rolls to choose one of 7776 distinct words, and
its author recommends a 6-word passphrase, resulting in about 77.5 bits
of entropy.

S

[1] http://world.std.com/~reinhold/diceware.html


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/545f7ece.2070...@debian.org

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

2014-11-09 Thread Clint Byrum 
Excerpts from Simon McVittie's message of 2014-11-09 06:48:46 -0800:
> On 09/11/14 14:25, Clint Byrum wrote:
> > With that, I have to remember that Nobody is capitalized, and that the
> > spaces are replaced by $ and 5. The other approach accepts that we are
> > forgetful and so uses spaces. But it also has the weakness that if the
> > approach and the separators are suspected, one can very cheaply run a
> > dictionary attack before brute forcing random characters (and in fact
> > this is what many password cracking tools do).
> 
> It's a trade-off. I didn't say "this is unacceptable because...", I only
> asked the question.
> 
> The cost of a dictionary attack goes up exponentially with the number of
> bits of entropy in the password or passphrase, which is why I asked how
> much entropy this tool has. IMO, the right way to assess the quality of
> the passphrases produced by one of these tools is to assume that the
> attacker knows which tool you use, and its settings (word list, whether
> to use punctuation, etc.), and see how many attempts it would take them
> with that knowledge; then compare that with how memorable the results
> are. Each bit of entropy doubles the number of possibilities that an
> attacker needs to try.
> 
> pwqgen defaults to generating a passphrase with 47 bits of entropy. I
> think it primarily includes capitals, punctuation and digits as a
> workaround for sites that require passwords to contain these, rather
> than as a way to increase entropy: after all, randomly choosing whether
> each word has an initial capital only adds 1 bit of entropy per word.
> 
> Diceware[1] is an implementation of a similar algorithm designed to be
> used via physical dice rather than a computer's pseudorandom number
> generator. It uses 5 die rolls to choose one of 7776 distinct words, and
> its author recommends a 6-word passphrase, resulting in about 77.5 bits
> of entropy.
> 

Forgive my response. I seemed to forget everything I learned in the
last 5 years about passwords after a trans-atlantic flight. Thanks for
reminding me. ;)


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1415547127-sup-8...@fewbar.com

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

2014-11-09 Thread Ben Finney 
Simon McVittie  writes:

> Does [xkcdpass] have significant advantages over pwqgen, in the
> passwdqc package?

Significant advantages:

* ‘xkcdpass’ provides an implementation of a much-discussed scheme for
  strong passphrase generation. (Which is not to say the results are
  stronger than all others; only that these are relatively strong.)

  I don't know of any other tool implementing the scheme discussed in
  XKCD 936.

* The passphrases produced by ‘xkcdpass’ have, compared with other
  schemes, excellent properties for accurate human memorisation
  (meaningful words with normal spelling, no punctuation) while still
  being acceptably strong for many uses.

Since both these are true – the passphrases are strong, and the other
properties are interesting and useful – this IMO makes the tool
sufficiently unique to be included in Debian.

> How many bits of entropy does it typically produce?

The example given at the top of its web page merely reproduces the
four-word example from XKCD 936 (presumably for easy association with
the existing meme). As discussed there, this would be 44 bits of
entropy.

The tool by default produces longer passphrases:

$ xkcdpass
included soundless instruct housecoat arena shove
$ xkcdpass
millionth legume styling traveller fleeting gallon
$ xkcdpass
dumpiness androgyny radii domiciled ribaldry determine

>From a small dictionary of common words, say 2000–3000, a single
randomly-chosen word has about 11 bits (= log₂(2048)) of entropy. So
these passphrases have around 66 bits of entropy.

Given that these passphrases are quite strong *and* have comparatively
superior properties for human memorisation, I think this tool deserves
inclusion in Debian.
  
--
 \  “The process by which banks create money is so simple that the |
  `\ mind is repelled.” —John Kenneth Galbraith, _Money: Whence It |
_o__)   Came, Where It Went_, 1975 |
Ben Finney


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/8561eoc5jz@benfinney.id.au

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

2014-11-09 Thread Paul Wise 
Why are we still using passphrases at all?

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/caktje6hsb+lxgw3d112c1vahc2yau32uvsu-douyaolf6ck...@mail.gmail.com

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

2014-11-09 Thread Ben Finney 
Paul Wise  writes:

> Why are we still using passphrases at all?

This is only temporary, as we transition to uncrackable brain–computer
interfaces for every device.

Until that future arrives for every device, I'd like people who use
those remaining services still requiring passphrases, to have tools for
generating good passphrases.

-- 
 \ “Leave nothing to chance. Overlook nothing. Combine |
  `\  contradictory observations. Allow yourself enough time.” |
_o__) —Hippocrates |
Ben Finney


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/85tx27bxvx@benfinney.id.au

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

2014-11-09 Thread Paul Wise 
On Mon, Nov 10, 2014 at 10:19 AM, Ben Finney wrote:

> This is only temporary, as we transition to uncrackable brain–computer
> interfaces for every device.

I'm not looking forward to the denial-of-service attacks that could introduce :)

> Until that future arrives for every device, I'd like people who use
> those remaining services still requiring passphrases, to have tools for
> generating good passphrases.

I would encourage this approach:

For remote services that don't yet support sane authentication
mechanisms (anything other than a passphrase), complain to their
operators, use very long non-memorable randomly generated passphrases
(since those have more entropy), automatically rotate them regularly
(I joke, rotation of keys/passphrases is still ridiculously
impractical) and encrypt them using a local key.

For local authentication and local keys, use pass-phrases that are
generated using the diceware method (aka not on a computer) and strong
enough that they will last until replacement.

In both cases, something like xkcdpass isn't needed.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/caktje6f_dm63zfpkbfrno_tmdvrrsnysdw4piz491tbz+my...@mail.gmail.com

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

2014-11-09 Thread Ben Finney 
Paul Wise  writes:

> I would encourage this approach: [not using memorable
> computer-generated passphrases at all]

Thanks for the recommendation; I don't agree it is suitable for the
majority of Debian users.

I'm working on the assumption – reasonable, I think – that generation of
strong memorable passphrases is still a useful task in a free operating
system today.

-- 
 \ “I must say that I find television very educational. The minute |
  `\   somebody turns it on, I go to the library and read a book.” |
_o__)—Groucho Marx |
Ben Finney


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/85mw7zbvdv@benfinney.id.au

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

2014-11-10 Thread zlatan 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Even if it ends as impractical for usage I do support that you package it. Its 
your joy to work on it and I think that at least many people would have fun and 
laugh when they cross it in our big archive (I know I would, I mean its xkcd 
afterall).

Cheers,

zlatan

On 10 November 2014 04:13:32 CET, Ben Finney  wrote:
>Paul Wise  writes:
>
>> I would encourage this approach: [not using memorable
>> computer-generated passphrases at all]
>
>Thanks for the recommendation; I don't agree it is suitable for the
>majority of Debian users.
>
>I'm working on the assumption – reasonable, I think – that generation
>of
>strong memorable passphrases is still a useful task in a free operating
>system today.
>
>--
>\ “I must say that I find television very educational. The minute |
> `\   somebody turns it on, I go to the library and read a book.” |
>_o__)—Groucho Marx
>|
>Ben Finney
>
>
>--
>To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact
>listmas...@lists.debian.org
>Archive: https://lists.debian.org/85mw7zbvdv@benfinney.id.au

- --
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-BEGIN PGP SIGNATURE-
Version: APG v1.0.9

iQJSBAEBCAA8BQJUYHOPNRxabGF0YW4gVG9kb3JpYyAoRGViaWFuZXIpIDx6bGF0
YW4udG9kb3JpY0BnbWFpbC5jb20+AAoJEC5cILs3kzv9AwYP/10EAOCFhEwygvY0
FfBYQqZM+3OXINn4pEdr2XAR5vApWjxiungPfpEpo319EmSLVcn2v5iIJTaX/ndz
rgV0rfYG5gu8nvCtfN5v8u7FzcuJi1Dhqr2MnDgWT2j4JcBGdjOcO5DFzcBR97Aw
GTFYd0RWr/n2kdED8VHDmop9Y18cfPWMqqOFk/5nIr9I1VgkfS8aEKyRol0GZN+S
OapAk+/wLIBztRGakdnt62PFP8QA4unlSVYTVVlT9KgOp5fzNyXToPx/c7ci366p
DLmjpf8e+/15kKtKDfrrUMn7TmrXYUvF2qAt3kW6eR866pszZpGKtprb6aKoLuhp
3BcW+EsZzl+y2BOBsG5VYUkLlWduV+usGcMe+cIOokSYDk+neO4qd0OAlitK13NL
diHCQJsLStE0/zEracOuMLCbe4D2NP5eBZrlA75DxFTEBdHYXYwwERSACE3EvlMJ
34sscSlVi/AnggkL8PLIKYlc6oZLy4ZgLGcJXVTQaHHZyE6NRauaV7P0MN5s2FTO
ngfpKjhufLpyCFpXpzvLULqLj89XVgj1UKQyIFnt2S2xUVe3QGDMZDG73D/96AsM
CHAArOxc+Cheo5zXz57Gy3S/NzjHuYq5wxsCSqCmCzXwvIGSMCvU3GBwl4C6aWTg
Nrmh47N6CVyb5+VIEHov8crFX9Um
=la4I
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/fc76415b-b257-4ce7-aad0-58e60f4fd...@riseup.net

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

2014-11-10 Thread Jonas Smedegaard 
[adding bugreport as recipient]

Quoting Ben Finney (2014-11-10 00:33:52)
> Simon McVittie  writes:
> 
> > Does [xkcdpass] have significant advantages over pwqgen, in the
> > passwdqc package?
> 
> Significant advantages:
> 
> * ‘xkcdpass’ provides an implementation of a much-discussed scheme for
>   strong passphrase generation. (Which is not to say the results are
>   stronger than all others; only that these are relatively strong.)
> 
>   I don't know of any other tool implementing the scheme discussed in
>   XKCD 936.

You probably mean other tools in Debian, but if you more generally mean 
other FLOSS tools, there is (an inferior [Crypt::PW44] and) 
[Crypt::XkcdPassword] which I have considered packging.

...or at least I suspect it might be superior, so let me rephrase as 
curious questions for your xkcdpass tool:

  * Does it handle alternate dictionaries (e.g. danish)?
  * Does it handle massaging dictionary (e.g. strip profanities)?

Crypt::XkcdPassword by default uses "the most commonly used words in 
film scripts and television shows", and documents examples of 
adaptations at .  
That's meant not only as friendly competition but also as inspiration 
for "your" tool in case you find those adaption features relevant.


Thanks for packaging this,

 - Jonas


Crypt::XkcdPassword: 

[Crypt::PW44]: 

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: Bug#768772: ITP: xkcdpass -- secure passphrase generator inspired by XKCD 936

2014-11-10 Thread Ben Finney 
Jonas Smedegaard  writes:

> [adding bugreport as recipient]

Thanks. I need to be more careful in accessing Debian discussion
forums; I usually do so via via NNTP.

> curious questions for your xkcdpass tool:
>
>   * Does it handle alternate dictionaries (e.g. danish)?
>   * Does it handle massaging dictionary (e.g. strip profanities)?

The tool comes with a default wordlist, but can be instructed via a
command-line option to use any correctly-formatted wordlist the user
chooses.

So, yes, it allows the above if the user points it to an existing
wordlist.

-- 
 \ “Education is learning what you didn't even know you didn't |
  `\  know.” —Daniel J. Boorstin, historian, 1914–2004 |
_o__)  |
Ben Finney 


signature.asc
Description: Digital signature