good old pronounceable password generator
Guys,
for all (like me) who still mourn the good old pronounceable password generator from 1Password 5, you can create them with apg like this:
$ apg -n1 -m16 -t | tr '[:upper:]' '[:lower:]' | awk -F"[()]" '{print $2}'
-m16 would be the lengt, so in this case 16 characters. It produces passwords like this:
krunk-yep-helm-uj-ci
ak-ke-ulg-ud-yond-aib
tav-tac-urs-eic-ib-da
apg can be easily installed on a mac with Macports:
$ sudo port install apg
[Editorial addition by @jpgoldberg: apg uses the broken and withdrawn FIPS-181 algorithm. I (JPG) recommend against using it.]
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Ben,
The very reason that they are words for instance is a problem for me, I used to tell my customers for years "don't use a word" as a password, next is, my customers speak usually German, so even if I would present them with a chain of words, they would still have problems with them, and last but not least for it to "feel" secure you would need at least 4 words which is then in many cases just too long. I liked the pronounceable passwords a lot, if you have enough characters it's really secure (I don't see why not) and if you need some extra characters like numbers and special chars you could throw some at the end...
0 -
You are correct, @EasyNT, that the word list generator doesn't fully replace the pronounceable generator. (It does some things better and some things worse), but the pronounceable generator had to go.
Don't use FIPS-181. Really, don't.
The pronounceable generator which older versions of 1Password used along with what loads of other products (including
apg
) was based on the withdrawn algorithm published as FIPS-181. In 1994, the (in retrospect, obvious) flaws of 181 were analyzed, and the FIPS recommendation was quickly withdrawn. Unfortunately, the habit of "use FIPS-181 for pronounceable passwords" remained conventional wisdom, even after the problems were articulated a quarter of a century ago. So I'm embarrassed to say that it was something that we offered in 1Password as recently as a few years ago.Pronounceable is dead. Long live pronounceable!
As it happens we are looking at a pronounceable generator that doesn't have the security failings of FIPS-181, but to do so we have to give up on being able to generate a password of a precise length. What we need is to be able to generate passwords uniformly from a set (something that FIPS-181 emphatically does not do), and so we are experimenting with something very much like our word list generator, but it will use syllables, and will have digits separating the syllables.
So asking for five passwords of three syllables each with random digit separators will get you output like
yip5kurt7yoth wuh7tild9wich vaul0naft0zend kant8kenk0fegh ney1vip5rirt
As you can see, these are of different lengths, but they all have identical entropy (about 46.5 bits), which is actually a function of the "recipe" used to generate them instead of the actual output.
The list of syllables we are playing with has 10129 items on it, and each one is as likely as any other to appear in a generated password. (This was very much not the case with FIPS-181.)
Anyway, this is all work in progress, and we are not sure how to expose this to users. To get the uniform distribution, we needed to treat syllables like the words of our wordlist generator, which are not all of equal length. So it will be confusing that you can't really select a set length of a generated password.
0 -
The last time I looked at
apg
was when studying this issue in 2015. I gave a talk at PasswordsConLV that year, and the slides for that talk were mostly prepared the night before (I was a late addition to the program). To the extent that the slides make any sense, this is some of the background on what happened to our pronounceable and a comparison of some candidate schemes we were exploring.Anyway, checking again today, I see that
apg
is continuing with FIPS-181. (I could also recognize that it was from @EasyNT's example, but thought I would double check.)Again: FIPS-181 is broken. The recommendations were withdrawn decades ago. Don't use it.
0 -
Well, I understand your argument, but it all depents on how long the password is. If you do it like in my example, you always get passwords with an entropy well above 90bits. To say it with Larry David's words: pretty, pretty good :+1: . Also, if you look closely, I kind of misused the -t option to get the dashes into it, so at the end the passwords are longer than 16 characters and the length is even variable. In my opinion this is a fair enough trade of between security and usability. At the end we want the user to use a secure password, even I as an IT guy get crazy with something like yip5kurt7yoth, because it's hard to memorize and even if you have to look at it and type it in I start cursing :)... (And the password yip5kurt7yoth has not even 56bit entropy, by the way...)
0 -
56 bits if nothing to sneeze at. I think "pretty, pretty good" is an understatement for 90 bits of entropy, but I suspect that was intentional. ;) Anyway, I get where you're coming from, but "entropy" is a bit deceiving when we're talking about a method with known (both to us and to attackers) flaws. As Goldberg mentioned, the biases of traditional "pronounceable" generated passwords can be exploited. Of course, depending on the use case, you may decide it doesn't matter. But given the thought and effort you obviously put into this, it's probably important enough to steer away from them. At the end of the day though, if you're comfortable sacrificing security for that convenience, that's your call. Not great for others though.
0 -
If you do it like in my example, you always get passwords with an entropy well above 90bits.
How did you calculate that? Nobody knows how to get the true entropy out of a FIPS-181 generator.
0