[messaging] "Pseudoword" base32 fingerprints

[Daniel Kahn Gillmor]

On 02/05/2014 06:09 PM, Joseph Bonneau wrote:
> Good project idea Trevor. There are a lot of related tools which aim to
> make random pronounceable passwords. Two for Linux are:
> 
> pwgen: zae7IiB7 phoosu1U Hu5meed8 aeY4eeGu oht6ax9M aD4taur4 Ohpai5sh
> sheiGah8
> apg: odripAbag6 (o-drip-Ab-ag-SIX) AzMykUpt3opo (Az-Myk-Upt-THREE-op-o)

pwgen is pretty deeply flawed, if the discussion on oss-security is to
be believed:

http://thread.gmane.org/gmane.comp.security.oss.general/10265
http://thread.gmane.org/gmane.comp.security.oss.general/11171
http://www.openwall.com/lists/oss-security/2012/01/22/6

I haven't reviewed apg with any of the approaches described in the above
thread, but i've also seen other (non-published) "pronouncable" password
generators that were similarly flawed from an entropic/cracking perspective.

> In general, I think it would nice to have a library for turning random bits
> into "human-friendly form". This might include a tradeoff for
> length/painlessness, but we would also surely get different results if we
> optimize for:
> a) easy for humans to spot differences
> b) easy for humans to pronounce/hear/type
> c) easy for humans to remember
> 
> We would also probably end up with a different algorithm for different
> language populations...

This sounds like a major project. i don't think "length/painlessness" is
the right way of framing the tradeoff though -- in particular, i think
you'd want to use some measure of entropy or
dictionary-cracking-resistance in place of the idea of "length".  There
are lots of pronouncable schemes that provide long passwords but not
particularly high entropy :/

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140206/d4312424/attachment.sig>