10.4: Random password widgets may not be random

The widget KeychainHelper is supposed to be a random password generator. If you install it and set it up the exact same way, however, you will notice that the passwords are not random!

Upon inspection of the code, the application uses JavaScript's Math.random() method, which doesn't take a seed. What this means is that any time the app is re-installed, or the Dock is restarted, the cycle of pseudo-random choices is restarted. Since you restart the Dock each time you reboot your computer your password is likely one of...

aiUCHncQQ5xG
ZcdGPaxezQK5
0GfOzR4VqcTu
NU9wp8SUOeN2
qBVDorwkE34d

That is, assuming you use the same settings as I do -- twelve characters in length, all numbers and letters in both upper and lower case. Any widget that uses Math.random() is not the best choice for security. This is clearly a weakness of JavaScript's pseudo-random number generator and its lack of a seed. Hence, until someone comes out with a widget that uses a Cocoa bundle, as opposed to JavaScript, to generate the random numbers, I think we all should refrain from using them. After all, what is the point in having a "random" password if it is the same as everyone elses' "random" password?

[robg adds: There definitely seems to be an issue with JavaScript and random password generation, as I found another widget (called Password Generator) that's no longer available due to the same non-random-password issue. Both Apple's Dashboard site and DashboardWidgets.com list a number of such password generating widgets; if you're going to use one, you might want to test the randomness of the results before relying on the tool.]

// The Central Randomizer 1.3 (C) 1997 by Paul Houle (houle@msc.cornell.edu) // See: http://www.msc.cornell.edu/~houle/JavaScript/randomizer.html // Usage: rand(n) returns random integer between 1 and n rnd.today = new Date(); rnd.seed = rnd.today.getTime(); function rnd() { rnd.seed = (rnd.seed*9301+49297) % 233280; return rnd.seed/(233280.0); } function rand(number) { return Math.ceil(rnd()*number); }

From our Sponsor...

The macosxhints Poll

iPad_poll_#1

10.4: Random password widgets may not be random | 35 comments | Create New Account

Click here to return to the '10.4: Random password widgets may not be random' hint

The following comments are owned by whomever posted them. This site is not responsible for what they say.

10.4: Random password widgets may not be random
Authored by: abyone on Fri, Sep 2 2005 at 9:54AM PDT

I wonder if somebody can create a widget that just uses data from random.org to get truly random data - then convert it to text/numbers. or somthing.

10.4: Random password widgets may not be random
Authored by: guybrush on Fri, Sep 2 2005 at 10:10AM PDT

A Widget could use /dev/random ?

for example:

$ xxd -ps -len 16 /dev/random
3974068a64fb51db4fb1405173788d1f
     


    [ Reply to This |    # ]

10.4: Random password widgets may not be random
Authored by: Hanji on Mon, Sep 5 2005 at 2:12PM PDT

For the sake of paranoia, I'd be wary of using any online source of randomness to generate passwords. You don't know what they may or may not be logging, and who may or may not be sniffing somewhere on the route between you and them.

10.4: Random password widgets may not be random
Authored by: KenaiTheMacFan on Sun, Sep 11 2005 at 5:39PM PDT

Get about 200 random numbers. Take the last few numbers and use them to determine which of the 200 numbers to use in making the password.

---
Ian

10.4: Random password widgets may not be random
Authored by: cane on Tue, Dec 13 2005 at 6:01AM PST

Geeze. If someone sniffs your traffic, he also knows what algorithm you use. This means he also knows which of the 200 numbers you'll finally use.
(The method you described is useful for decreasing correlation of some give pseudo-random generator, but not for increasing security)
You could, however, hash the online random number together with a local source of randomness, in order to have good randomness and security. However, I think that your local /dev/rand is secure enough.

10.4: Random password widgets may not be random
Authored by: jacobolus on Tue, Dec 13 2005 at 7:14AM PST

Except if you get a 10 MB random bit dump from random.org, and then use part of the file to pick where in the file to pull out a few bytes of random data, it's inconcievable that someone with a packet sniffer could figure out your strategy. That said, /dev/rand is fine AFAICT

10.4: Random password widgets may not be random
Authored by: jacobolus on Tue, Dec 13 2005 at 7:15AM PST

Oh, i see, this is for a widget. Yeah, you're right. It would need to be combined with a local source.

10.4: Random password widgets may not be random
Authored by: grikdog on Fri, Sep 2 2005 at 10:21AM PDT

It should be reading from /dev/rand -- Mac OS X 10.2 and up uses Yarrow to drive its rand device, so input from there is "virtually" (i.e., perfectly for all practical purposes) random. Even if entropy fades, as I understand it, the algorithm simply begins emulating a PRNG which has been seeded with a very large random key.

10.4: Random password widgets may not be random
Authored by: ekc on Fri, Sep 2 2005 at 3:43PM PDT

I think it's actually /dev/random you want to be reading, but I second what you're saying. Pseudo-random number generators like Math.random() were never meant for cryptography. You want a nice, non-reproduceable data source feeding your password generator, and /dev/random is probably about as close as you can get without sampling white noise.

10.4: Random password widgets may not be random
Authored by: KenaiTheMacFan on Sun, Sep 11 2005 at 5:40PM PDT

What is Yarrow?

---
Ian

10.4: Random password widgets may not be random
Authored by: larse on Fri, Sep 2 2005 at 10:53AM PDT

Instead of reimplementing this functionality - and introducing bugs - these widgets should simply wrap around proven command line tools like apg.

10.4: Random password widgets may not be random
Authored by: wilton on Fri, Sep 2 2005 at 11:36AM PDT

I found a good password widget called Make-a-Pass.

It makes pronouncable passwords (FIPS 181 compliant) etc, and so far seems very random.

Will

10.4: Random password widgets may not be random
Authored by: ibroughton on Fri, Sep 2 2005 at 1:48PM PDT

I use the one from sebflipper.com which works well for my needs. Shove it on your webserver and get passwords wherever you are!

---
The server is up but the site is down and I don't know which direction you are trying to go

[ Reply to This | # ]

10.4: Random password widgets may not be random
Authored by: jdb8167 on Fri, Sep 2 2005 at 3:21PM PDT

There is a password generator built into both the OS X account creation page in System Preferences and in the Keychain. Open Keychain Access, click on File Menu->New Password Item... Click on the key icon. There are a bunch of options for different kinds of passwords there.

Image of password assistant window
Authored by: thoughton on Fri, Sep 2 2005 at 4:20PM PDT

For those of you not currently at your Macs, there's an image of the password assistant window here:
http://www.thoughton.co.uk/digitallife/weblog/2005/07/password_assist.php

10.4: Random password widgets may not be random
Authored by: boredzo on Sat, Sep 3 2005 at 1:55AM PDT

there are two existing hints about this (10.3 and 10.4). I wrote an application that provides an easier method of access, but my website is no longer available.

10.4: Random password widgets may not be random
Authored by: magnamous on Thu, Dec 1 2005 at 4:04PM PST

Do you still have the source code? If you do, I would think Rob would have no problem with hosting the source - it doesn't sound like it would be a very large app.

10.4: Random password widgets may not be random
Authored by: NeuralNet03 on Fri, Sep 2 2005 at 4:15PM PDT

Java's not to fault. The Math.random function is a lazy man's random function. The author should be using a Random object, which can be seeded in their constructor (use system time, login time, something unique and changing).

10.4: Random password widgets may not be random
Authored by: nickfitz on Sun, Sep 4 2005 at 1:29PM PDT

JavaScript isn't Java. There is absolutely no relation between the two languages, and there is no such class as Random in JavaScript.

10.4: Random password widgets may not be random
Authored by: segdeha on Fri, Sep 2 2005 at 4:31PM PDT

I'm the author of Make-A-Pass and I use the following algorithm to achieve "good enough" randomness:

I believe this gets around the problem stated by the original poster, though I like the suggestion of using a command-line utility to generate the randomness.

Feel free to contact me if you have any suggestions for Make-A-Pass (or any of my widgets, for that matter!).

-Andrew
-----
andrew@hedges.name / http://andrew.hedges.name/

[ Reply to This | # ]

10.4: Random password widgets may not be random
Authored by: Felix on Sat, Sep 3 2005 at 11:32AM PDT

Glad to hear Make-a-Pass doesn't have this problem...because I've been using it since you first posted it. Very handy Widget.

still insecure
Authored by: SOX on Tue, Sep 6 2005 at 2:08PM PDT

One can subvert this as follows.
look at the modification date on the users password entry. seed this along with times close by into your algorithm and you will get a modest list of possible passwords. hash alll these and see if they match the stored hash.

Insecure no more!
Authored by: segdeha on Sun, Sep 18 2005 at 11:39PM PDT

FYI, I've updated Make-A-Pass to get its random seed from /dev/random. Thanks for the enlightening discussion, MacOSXHints.com readers!

You can download Make-A-Pass from the following URL:

http://andrew.hedges.name/widgets/

Thanks!
-Andrew

A small App that's an alternative to widgets...
Authored by: TigerKR on Sat, Sep 3 2005 at 12:13AM PDT

There is a neat little application called RPG that creates random passwords:

RPG

It allows you to specify length and composition (uppercase, lowercase, numbers, special characters). Its a great little app, and I recommend it highly.

10.4: Random password widgets may not be random
Authored by: SnakeO on Sat, Sep 3 2005 at 2:34AM PDT

[code]
jot -r -c 160 a z | rs -g 0 8
[/code]

10.4: Random password widgets may not be random
Authored by: guybrush on Sat, Sep 3 2005 at 6:55AM PDT

cool, never heard about those 2 commands, neat! :)

Going one better
Authored by: Lectrick on Tue, Sep 6 2005 at 12:22AM PDT

Since you stole that right from the man page for jot ;) , I figured I'd use my Unix-fu to whip it into something slightly better. The example given only generates passwords with all-lowercase letters. But then there's:


jot -r -c 200 33 122 | sed 's/[^[:alnum:]]//' | rs -g 0 8

This will spit out 8 character passwords consisting of mixed case and numbers. Because the sed portion acts like a filter, the output length will vary, but you can choose how many characters per word by changing the 8 at the end, and you can choose how many random characters you want "jot" to try to generate by changing the 200. If you want to allow a few extra characters like asterisk, !, ? etc, you can try adding them like this:


jot -r -c 200 33 122 | sed 's/[^[:alnum:]*+@\?!\._]//' | rs -g 0 8

In this case I'm allowing not only alphanumerics but asterisk, plus, at-sign, question mark, exclamation point, period, and underscore. (Notice that the question mark and period have to be escaped with a backslash before them as these are normally "special" characters in regular expressions, so consider those one unit in case you delete them here.)

Fun stuff ;)

---
In /dev/null, no one can hear you scream

[ Reply to This | # ]

Going one better... backslashes are omitted
Authored by: Lectrick on Tue, Sep 6 2005 at 12:25AM PDT

Please note that even though I surrounded the above code with the relevant Code tags, it STILL omitted the backslashes!!! (grrrr)

Just please assume there are backslashes. I'm going to try again below without the code tags:

jot -r -c 200 33 122 | sed 's/[^[:alnum:]*+@\?!\._]//' | rs -g 0 8

---
In /dev/null, no one can hear you scream

nevermind. backslashes NOT NEEDED!
Authored by: Lectrick on Tue, Sep 6 2005 at 12:52AM PDT

Sorry for the repeated followups.

It appears that, unlike "normally" when you have to escape periods and question marks, in this case you don't, and if you do put backslashes there then they will just be treated as a regular allowed character and you will get passwords with backslashes in them (usually a no-no).

So to reiterate, this is perfectly fine:

jot -r -c 200 33 122 | sed 's/[^[:alnum:]*+@?!._]//' | rs -g 0 8

---
In /dev/null, no one can hear you scream

That was the bash version. tcsh here
Authored by: Lectrick on Tue, Sep 6 2005 at 8:18AM PDT

For some reason, in the tcsh shell you have to escape the exclamation point by putting a backslash before it... so do that (or omit the !). FYI

---
In /dev/null, no one can hear you scream

10.4: Random password widgets may not be random
Authored by: rumirocks on Sat, Sep 3 2005 at 5:58AM PDT

Try LadyCrypt, a widget from www.ladycrypt.fr

No need for a Cocoa bundle
Authored by: PeteVerdon on Sun, Sep 4 2005 at 11:43AM PDT

Just read from /dev/urandom and friends. This is Unix, after all.

Pete

you get the same thing with
Authored by: Lectrick on Tue, Sep 6 2005 at 12:58AM PDT

jot -r -c 200 33 122 | sed 's/[^[:alnum:]]//' | rs -g 0 12 | head

just sayin'

(this was originally posted in a deeper thread but I felt it deserved a bit more attention as it not only does the same job but uses the high-quality OS X pseudo random number generator underneath)

---
In /dev/null, no one can hear you scream

sed...meh
Authored by: ra5ul on Sat, Dec 3 2005 at 11:33PM PST


jot -rc 24 48 123 | grep -m12 \\w | rs -yg 0 12

generates a good password.

10.4: Random password widgets may not be random
Authored by: rjcarr on Wed, Dec 7 2005 at 12:34AM PST

It seems everyone here is missing the point. Although Math.random() in javascript is not cryptographically secure, for all intents and purposes, it is adequate.

However, the problem here is specifically with Math.random() in widgets, not necessarily, and only related to, Math.random() when used with passwords.

It seems that, for some reason, Math.random() is seeded with the *same number* every single time a widget is placed, whereas it *should* be seeded with the current time (or some other infrequent number) instead.

Just wanted to clear up the root of the problem.

Hint Options

Search

From our Sponsor...

User Functions

What's New:

Hints

Comments last 2 days

Links last 2 weeks

What's New in the Forums?

The Editor's Corner...

Hints by Topic

News from Macworld

The macosxhints Poll