Feature request- Secret Key Length
I love the fact there is a Secret Key for the accounts. My only concern is length. Everyone who has a membership has the same length. Isn’t one of the rules for passwords is to never revel how many characters it is? I would love to see that we, the user, can set our own length of characters. I’m even fine at how it is laid out (xx-xxxx-xxxx-xxxx), but I wouldn’t mind setting mine to 60+ characters.
Comments
-
@prime: It's an interesting idea. With passwords we always assume that the attacker knows how they were generated when calculating strength though, and with a 1Password.com account they would obviously know that 1Password is being used to generate passwords, and the Secret Key. Frankly, it's longer than it really needs to be. We chose 128-bits because because that future proofs it dramatically, and yet it's not entirely unwieldy, and can easily be contained in the Setup (QR) Code*. For example, it's similar to license keys for software. And one guy actually memorized his! Obviously that's not recommended.
*QR codes can have much more information stored in them, but at much larger, denser sizes; what we have is fairly easy to read even at low resolutions.
So I guess the question is, with all of that in mind, what benefit would there be to users choosing the length of their Secret Keys, and what would be the downsides? I'd anticipate some people wanting to actually choose it themselves if we make it customizable, and clearly that negates its main function of being completely random. Additionally, it's yet another decision people have to make, and during account creation it isn't necessarily clear to users that they may actually have to type this in at some point. So while it's certainly interesting to think about, it seems like there would be too many tradeoffs with regard to the user experience for no appreciable security gain. After all, 128-bits is going to take so long to guess that cranking it up to 1024 or whatever doesn't really help — at least not for well beyond the foreseeable future.
0 -
Brenty is correct in all that he's said here. I'd just like to add a bit more technical information...
The secret key is a little special. You normally see it in its textual form (A3-XXXXXX....), but its native form is as a byte array. 128 bits (after removing the version format prefix and key id bit). We convert it into text to make it usable/visible. This is the opposite of say a password which has an arbitrary length as text and gets converted into a byte array via a hashing function like PBKDF2.
This is an important distinction because of the way that the secret key is used. There are assumptions in our key derivation functions about the length of the secret key from a bytes perspective, just as there are assumptions about the length of a hashed Master Password.
I could see us one day maybe creating a new secret key format (A4?) that has more bits. Maybe we'd go to 192 or 256. But I don't see us allowing this to be a user-configurable option. It's on us to provide a Secret Key that has all of the protection we need. We think 128 is overkill, which is why we chose it.
Rick
0 -
This came about one day a bunch of us were telling about passwords on a phone, how you should have one on it. A friend said “my password for my phone is 11 characters long”, and my other friend said “I now know your password is 11 characters long”. It just got me thinking about knowing the little bit of info. I bet an attacker will know that the secret key is 40 characters.
The idea I had was use a slider and the minimum would be 40 characters. It used the same format as it has now, and it added 5 characters each move (-xxxx).
This is what happens when I can’t sleep and my mind wonders :lol:
0 -
Hah. Idle mind thoughts like that are the best. :)
In all seriousness though, if the strength of a password relies on the attacker not knowing that kind of information, it’s not a very strong password. Knowledge isn’t what adds strength to a password, entropy is. I would have no qualms about an attacker knowing the password recipe for every one of my passwords.
Humans are really bad at randomness though, so passwords you need to memorize like a phone’s password will normally have a rather low amount of entropy. Your goal shouldn’t be to add length but instead find a way to memorize a password that has more true randomness. If that makes any sense. :)
Rick
0 -
This came about one day a bunch of us were telling about passwords on a phone, how you should have one on it. A friend said “my password for my phone is 11 characters long”, and my other friend said “I now know your password is 11 characters long”. It just got me thinking about knowing the little bit of info. I bet an attacker will know that the secret key is 40 characters.
@prime: Hey, that's a really interesting point! And your not wrong: that is information that an attacker could use to narrow the scope for guessing. In principle, you're spot-on. But we need to remember the context: in practice, an 11-character phone passcode which was almost certainly chosen by a human is very different than a 128-bit, randomly-generated Secret Key. With 11 characters, having to only guess 11-character strings can really help speed up the process: if you're using a generated table (very feasible in that case), you simply exclude everything but 11-character strings and only bother with those. Of course, the same holds true with a 40 character Secret Key. The difference is that there are many orders of magnitude more possibilities there, so this doesn't really help an attacker at all; whether or not they know it's 40 characters and how it's generated, they still don't have enough time to brute force it. I'm still eager to find out how long it takes to brute force three-word passwords*, and that should give us some good data on the current state-of-the-art. :)
*there we're dealing with just over 42 bits (I wonder if that was intentional...) of entropy, which is substantially less.
The idea I had was use a slider and the minimum would be 40 characters. It used the same format as it has now, and it added 5 characters each move (-xxxx).
As Rick said, we're probably not going to make it user configurable for suavity reasons, but we'll continue to evaluate this based on developments in the security world. The cool about this is that we don't need to make the length variable to get more security; we can just make it longer for everyone as needed, and, as Rick mused, move to "A4-"* or higher so that the system knows the format it's expecting.
*As a bit of trivia, some of my Secret Keys (technically "Account Keys", I guess, since we hadn't changed the name yet at that point!) begin with "A2-" and are actually less than 128-bits, because we made some changes early on (I forget, but this may have been before we'd even opened the 1Password for Teams beta publicly). Not sure if "A1-" ever existed in the wild, or if anyone would have one or remember.
This is what happens when I can’t sleep and my mind wonders :lol:
Stay curious! Life is much more fun that way. :)
0