Random password generator
Encyclopedia
A random password generator is software
program or hardware
device that takes input from a random or pseudo-random number generator and automatically generates a password
. Random passwords can be generated manually, using simple sources of randomness such as dice or coins, or they can be generated using a computer.
While there are many examples of "random" password generator programs available on the Internet, generating randomness can be tricky and many programs do not generate random characters in a way that ensures strong security. A common recommendation is to use open source
security tools where possible, since they allow independent checks on the quality of the methods used. Note that simply generating a password at random does not ensure the password is a strong password, because it is possible, although highly unlikely, to generate an easily guessed or cracked password.
A password generator can be part of a password manager
. When a password policy
enforces complex rules, it can be easier to use a password generator based on that set of rules than to manually create passwords.
In this case, the standard C function rand, which is a pseudo-random number generator, is initially seeded using the C functions time and getpid, but later iterations use rand instead. According to the ANSI C standard, time returns a value of ftype time t, which is implementation defined, but most commonly a 32-bit integer containing the current number of seconds since January 1, 1970 (see: Unix time
), and getpid returns a pid t. There are about 31 million seconds in a year, so an attacker who knows the year (a simple matter in situations where frequent password changes are mandated by password policy
) and the process ID that the password was generated with, faces a relatively small number, by cryptographic standards, of choices to test. If the attacker knows more accurately when the password was generated, he faces an even smaller number of candidates to test – a serious flaw in this implementation.
In situations where the attacker can obtain an encrypted version of the password, such testing can be performed rapidly enough so that a few million trial passwords can be checked in a matter of seconds. See: password cracking
.
The function rand presents another problem. All pseudo-random number generators have an internal memory or state. The size of that state determines the maximum number of different values it can produce: an n-bit state can produce at most different values. On many systems rand has a 31 or 32 bit state, which is already a significant security limitation. Microsoft documentation does not describe the internal state of the Visual C++
implementation of the C standard library
rand, but it has only 32767 possible outputs (15 bits) per call. http://msdn2.microsoft.com/en-us/library/2dfe3bzd.aspx Microsoft recommends a different, more secure function, rand_s, be used instead. The output of rand_s is cryptographically secure, according to Microsoft, and it does not use the seed loaded by the srand function. However its programming interface differs from rand. http://msdn.microsoft.com/en-us/library/sxtz2fa8(VS.80).aspx
In the second case, the PHP function microtime is used, which returns the current Unix timestamp with microseconds. This increases the number of possibilities, but someone with a good guess of when the password was generated, for example the date an employee started work, still has a reasonably small search space. Also some operating systems do not provide time to microsecond resolution, sharply reducing the number of choices. Finally the rand function usually uses the underlying C rand function, and may have a small state space, depending on how it is implemented. An alternative random number generator, mt_rand, which is based on the Mersenne Twister pseudorandom number generator, is available in PHP, but it also has a 32-bit state. There are proposals for adding strong random number generation to PHP. http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
platforms /dev/random and /dev/urandom
are commonly used, either programmatically or in conjunction with a program such as makepasswd . The Java programming language
includes a class called SecureRandom. Windows programmers can use the Cryptographic Application Programming Interface
function CryptGenRandom
. Another possibility is to derive randomness by measuring some external phenomenon, such as timing user keyboard input.
These methods should prove adequate for most password generation needs, but their suitability will vary depending on the specific situation.
Note that while /dev/urandom should be appropriate for most needs, it is not suitable for long term cryptographic keys or where an especially high level of security is required. In the case of the latter, a method employing /dev/random should be used .
includes a SystemRandom class that obtains cryptographic grade random bits from /dev/urandom on a Unix-like system, including Linux and Mac OS X, while on Windows it uses CryptGenRandom. Here is a simple Python 2 script that demonstrates the use of this class:
is available is to employ the function openssl_random_pseudo_bytes'.'
to generate the randomness. One simple way to do this uses a 6 by 6 table of characters. The first die roll selects a row in the table and the second a column. So, for example, a roll of 2 followed by a roll of 4 would select the letter "j" from the table below. To generate upper/lower case characters or some symbols a coin flip can be used, heads capital, tails lower case. If a digit was selected in the dice rolls, a heads coin flip might select the symbol above it on a standard keyboard, such as the '$' above the '4' instead of '4'.
. The program can be customized to ensure the resulting password complies with the local password policy, say by always producing a mix of letters, numbers and special characters.
The Password Strength
of a random password against a particular attack (brute-force search
), can be calculated by computing the information entropy
of the random process that produced it. If each symbol in the password is produced independently and with uniform probability, the entropy in bits is given by the formula
where N is the number of possible symbols and L is the number of symbols in the password. The function log2 is the base-2 logarithm
. H is typically measured in bit
s.
Any password generator is limited by the state space of the pseudo-random number generator used, if it is based on one. Thus a password generated using a 32-bit generator is limited to 32 bits entropy, regardless of the number of characters the password contains.
Note, however, that a different type of attack might succeed against a password evaluated as 'very strong' by the above calculation.
, it is not possible to prevent eavesdropping, especially over public networks such as the Internet
.
Computer software
Computer software, or just software, is a collection of computer programs and related data that provide the instructions for telling a computer what to do and how to do it....
program or hardware
Computer hardware
Personal computer hardware are component devices which are typically installed into or peripheral to a computer case to create a personal computer upon which system software is installed including a firmware interface such as a BIOS and an operating system which supports application software that...
device that takes input from a random or pseudo-random number generator and automatically generates a password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
. Random passwords can be generated manually, using simple sources of randomness such as dice or coins, or they can be generated using a computer.
While there are many examples of "random" password generator programs available on the Internet, generating randomness can be tricky and many programs do not generate random characters in a way that ensures strong security. A common recommendation is to use open source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
security tools where possible, since they allow independent checks on the quality of the methods used. Note that simply generating a password at random does not ensure the password is a strong password, because it is possible, although highly unlikely, to generate an easily guessed or cracked password.
A password generator can be part of a password manager
Password manager
A password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or a file that holds the encrypted password data for secure logon onto computers, networks, web sites and application data files. Many password managers also work as a form...
. When a password policy
Password policy
A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training...
enforces complex rules, it can be easier to use a password generator based on that set of rules than to manually create passwords.
The naive approach
Here are two code samples that a programmer who is not familiar with the limitations of the random number generators in standard programming libraries might implement:C
In this case, the standard C function rand, which is a pseudo-random number generator, is initially seeded using the C functions time and getpid, but later iterations use rand instead. According to the ANSI C standard, time returns a value of ftype time t, which is implementation defined, but most commonly a 32-bit integer containing the current number of seconds since January 1, 1970 (see: Unix time
Unix time
Unix time, or POSIX time, is a system for describing instants in time, defined as the number of seconds elapsed since midnight Coordinated Universal Time of Thursday, January 1, 1970 , not counting leap seconds, which are declared by the International Earth Rotation and Reference Systems Service...
), and getpid returns a pid t. There are about 31 million seconds in a year, so an attacker who knows the year (a simple matter in situations where frequent password changes are mandated by password policy
Password policy
A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training...
) and the process ID that the password was generated with, faces a relatively small number, by cryptographic standards, of choices to test. If the attacker knows more accurately when the password was generated, he faces an even smaller number of candidates to test – a serious flaw in this implementation.
In situations where the attacker can obtain an encrypted version of the password, such testing can be performed rapidly enough so that a few million trial passwords can be checked in a matter of seconds. See: password cracking
Password cracking
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password...
.
The function rand presents another problem. All pseudo-random number generators have an internal memory or state. The size of that state determines the maximum number of different values it can produce: an n-bit state can produce at most different values. On many systems rand has a 31 or 32 bit state, which is already a significant security limitation. Microsoft documentation does not describe the internal state of the Visual C++
Visual C++
Microsoft Visual C++ is a commercial , integrated development environment product from Microsoft for the C, C++, and C++/CLI programming languages...
implementation of the C standard library
C standard library
The C Standard Library is the standard library for the programming language C, as specified in the ANSI C standard.. It was developed at the same time as the C POSIX library, which is basically a superset of it...
rand, but it has only 32767 possible outputs (15 bits) per call. http://msdn2.microsoft.com/en-us/library/2dfe3bzd.aspx Microsoft recommends a different, more secure function, rand_s, be used instead. The output of rand_s is cryptographically secure, according to Microsoft, and it does not use the seed loaded by the srand function. However its programming interface differs from rand. http://msdn.microsoft.com/en-us/library/sxtz2fa8(VS.80).aspx
PHP
In the second case, the PHP function microtime is used, which returns the current Unix timestamp with microseconds. This increases the number of possibilities, but someone with a good guess of when the password was generated, for example the date an employee started work, still has a reasonably small search space. Also some operating systems do not provide time to microsecond resolution, sharply reducing the number of choices. Finally the rand function usually uses the underlying C rand function, and may have a small state space, depending on how it is implemented. An alternative random number generator, mt_rand, which is based on the Mersenne Twister pseudorandom number generator, is available in PHP, but it also has a 32-bit state. There are proposals for adding strong random number generation to PHP. http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/
Stronger methods
A variety of methods exist for generating strong, cryptographically secure random passwords. On UnixUnix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
platforms /dev/random and /dev/urandom
/dev/random
In Unix-like operating systems, /dev/random is a special file that serves as a random number generator or as a pseudorandom number generator. It allows access to environmental noise collected from device drivers and other sources. Not all operating systems implement the same semantics for /dev/random...
are commonly used, either programmatically or in conjunction with a program such as makepasswd . The Java programming language
Java (programming language)
Java is a programming language originally developed by James Gosling at Sun Microsystems and released in 1995 as a core component of Sun Microsystems' Java platform. The language derives much of its syntax from C and C++ but has a simpler object model and fewer low-level facilities...
includes a class called SecureRandom. Windows programmers can use the Cryptographic Application Programming Interface
Cryptographic Application Programming Interface
The Cryptographic Application Programming Interface is an application programming interface included with Microsoft Windows operating systems that provides services to enable developers to secure Windows-based applications using cryptography...
function CryptGenRandom
CryptGenRandom
CryptGenRandom is a cryptographically secure pseudorandom number generator function that is included in Microsoft's Cryptographic Application Programming Interface. In Win32 programs, Microsoft recommends its use anywhere random number generation is needed...
. Another possibility is to derive randomness by measuring some external phenomenon, such as timing user keyboard input.
These methods should prove adequate for most password generation needs, but their suitability will vary depending on the specific situation.
Bash
Here is a code sample that uses /dev/urandom to generate a password with a simple Bash function. This function takes password length as a parameter, or uses 8 by default:Note that while /dev/urandom should be appropriate for most needs, it is not suitable for long term cryptographic keys or where an especially high level of security is required. In the case of the latter, a method employing /dev/random should be used .
Python
The language PythonPython (programming language)
Python is a general-purpose, high-level programming language whose design philosophy emphasizes code readability. Python claims to "[combine] remarkable power with very clear syntax", and its standard library is large and comprehensive...
includes a SystemRandom class that obtains cryptographic grade random bits from /dev/urandom on a Unix-like system, including Linux and Mac OS X, while on Windows it uses CryptGenRandom. Here is a simple Python 2 script that demonstrates the use of this class:
PHP
A PHP program can open and read from /dev/urandom, if available, or invoke the Microsoft utilities. A third option, if OpenSSLOpenSSL
OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions...
is available is to employ the function openssl_random_pseudo_bytes'.'
Mechanical methods
Yet another method is to use physical devices such as diceDice
A die is a small throwable object with multiple resting positions, used for generating random numbers...
to generate the randomness. One simple way to do this uses a 6 by 6 table of characters. The first die roll selects a row in the table and the second a column. So, for example, a roll of 2 followed by a roll of 4 would select the letter "j" from the table below. To generate upper/lower case characters or some symbols a coin flip can be used, heads capital, tails lower case. If a digit was selected in the dice rolls, a heads coin flip might select the symbol above it on a standard keyboard, such as the '$' above the '4' instead of '4'.
1 | 2 | 3 | 4 | 5 | 6 | |
1 | a | b | c | d | e | f |
2 | g | h | i | j | k | l |
3 | m | n | o | p | q | r |
4 | s | t | u | v | w | x |
5 | y | z | 0 | 1 | 2 | 3 |
6 | 4 | 5 | 6 | 7 | 8 | 9 |
Type and strength of password generated
Random password generators normally output a string of symbols of specified length. These can be individual characters from some character set, syllables designed to form pronounceable passwords, or words from some word list to form a passphrasePassphrase
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...
. The program can be customized to ensure the resulting password complies with the local password policy, say by always producing a mix of letters, numbers and special characters.
The Password Strength
Strength
- Physical ability :*Physical strength, as in people or animals*Superhuman strength, as in fictional characters*A common character attribute in role-playing gamesConflict between persons or groups:*Virtue and moral uprightness...
of a random password against a particular attack (brute-force search
Brute-force search
In computer science, brute-force search or exhaustive search, also known as generate and test, is a trivial but very general problem-solving technique that consists of systematically enumerating all possible candidates for the solution and checking whether each candidate satisfies the problem's...
), can be calculated by computing the information entropy
Information entropy
In information theory, entropy is a measure of the uncertainty associated with a random variable. In this context, the term usually refers to the Shannon entropy, which quantifies the expected value of the information contained in a message, usually in units such as bits...
of the random process that produced it. If each symbol in the password is produced independently and with uniform probability, the entropy in bits is given by the formula
where N is the number of possible symbols and L is the number of symbols in the password. The function log2 is the base-2 logarithm
Binary logarithm
In mathematics, the binary logarithm is the logarithm to the base 2. It is the inverse function of n ↦ 2n. The binary logarithm of n is the power to which the number 2 must be raised to obtain the value n. This makes the binary logarithm useful for anything involving powers of 2,...
. H is typically measured in bit
Bit
A bit is the basic unit of information in computing and telecommunications; it is the amount of information stored by a digital device or other physical system that exists in one of two possible distinct states...
s.
Symbol set | Symbol count N | Entropy per symbol H |
---|---|---|
Arabic numerals Arabic numerals Arabic numerals or Hindu numerals or Hindu-Arabic numerals or Indo-Arabic numerals are the ten digits . They are descended from the Hindu-Arabic numeral system developed by Indian mathematicians, in which a sequence of digits such as "975" is read as a numeral... (0-9) (e.g. PIN Personal identification number A personal identification number is a secret numeric password shared between a user and a system that can be used to authenticate the user to the system. Typically, the user is required to provide a non-confidential user identifier or token and a confidential PIN to gain access to the system... ) |
10 | 3.32 bits |
Hexadecimal Hexadecimal In mathematics and computer science, hexadecimal is a positional numeral system with a radix, or base, of 16. It uses sixteen distinct symbols, most often the symbols 0–9 to represent values zero to nine, and A, B, C, D, E, F to represent values ten to fifteen... numerals (0-9, A-F) (e.g. WEP key Wired Equivalent Privacy Wired Equivalent Privacy is a weak security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network... ) |
16 | 4.00 bits |
Case insensitive Case sensitivity Text sometimes exhibits case sensitivity; that is, words can differ in meaning based on differing use of uppercase and lowercase letters. Words with capital letters do not always have the same meaning when written with lowercase letters.... Latin alphabet Latin alphabet The Latin alphabet, also called the Roman alphabet, is the most recognized alphabet used in the world today. It evolved from a western variety of the Greek alphabet called the Cumaean alphabet, which was adopted and modified by the Etruscans who ruled early Rome... (a-z or A-Z) |
26 | 4.70 bits |
Case insensitive alphanumeric Alphanumeric Alphanumeric is a combination of alphabetic and numeric characters, and is used to describe the collection of Latin letters and Arabic digits or a text constructed from this collection. There are either 36 or 62 alphanumeric characters. The alphanumeric character set consists of the numbers 0 to... (a-z or A-Z, 0-9) |
36 | 5.17 bits |
Case sensitive Case sensitivity Text sometimes exhibits case sensitivity; that is, words can differ in meaning based on differing use of uppercase and lowercase letters. Words with capital letters do not always have the same meaning when written with lowercase letters.... Latin alphabet (a-z, A-Z) |
52 | 5.70 bits |
Case sensitive alphanumeric (a-z, A-Z, 0-9) | 62 | 5.95 bits |
All ASCII printable characters | 94 | 6.55 bits |
Diceware Diceware Diceware is a method for creating passphrases, passwords, and other cryptographic variables using ordinary dice as a hardware random number generator. For each word in the passphrase, five dice rolls are required. The numbers that come up in the rolls are assembled as a five digit number, e.g.... word list |
7776 | 12.9 bits |
Desired password entropy H | Arabic numerals Arabic numerals Arabic numerals or Hindu numerals or Hindu-Arabic numerals or Indo-Arabic numerals are the ten digits . They are descended from the Hindu-Arabic numeral system developed by Indian mathematicians, in which a sequence of digits such as "975" is read as a numeral... | Case insensitive Case sensitivity Text sometimes exhibits case sensitivity; that is, words can differ in meaning based on differing use of uppercase and lowercase letters. Words with capital letters do not always have the same meaning when written with lowercase letters.... Latin alphabet Latin alphabet The Latin alphabet, also called the Roman alphabet, is the most recognized alphabet used in the world today. It evolved from a western variety of the Greek alphabet called the Cumaean alphabet, which was adopted and modified by the Etruscans who ruled early Rome... | Case insensitive alphanumeric Alphanumeric Alphanumeric is a combination of alphabetic and numeric characters, and is used to describe the collection of Latin letters and Arabic digits or a text constructed from this collection. There are either 36 or 62 alphanumeric characters. The alphanumeric character set consists of the numbers 0 to... | Case sensitive Case sensitivity Text sometimes exhibits case sensitivity; that is, words can differ in meaning based on differing use of uppercase and lowercase letters. Words with capital letters do not always have the same meaning when written with lowercase letters.... Latin alphabet | Case sensitive alphanumeric | All ASCII printable characters |
---|---|---|---|---|---|---|
32 bits | 10 | 7 | 7 | 6 | 6 | 5 |
40 bits | 13 | 9 | 8 | 8 | 7 | 7 |
64 bits | 20 | 14 | 13 | 12 | 11 | 10 |
96 bits | 29 | 21 | 19 | 17 | 17 | 15 |
128 bits | 39 | 28 | 25 | 23 | 22 | 20 |
160 bits | 49 | 35 | 31 | 29 | 27 | 25 |
192 bits | 58 | 41 | 38 | 34 | 33 | 30 |
224 bits | 68 | 48 | 44 | 40 | 38 | 35 |
256 bits | 78 | 55 | 50 | 45 | 43 | 39 |
384 bits | 116 | 82 | 75 | 68 | 65 | 59 |
512 bits | 155 | 109 | 100 | 90 | 86 | 78 |
1024 bits | 309 | 218 | 199 | 180 | 172 | 156 |
Any password generator is limited by the state space of the pseudo-random number generator used, if it is based on one. Thus a password generated using a 32-bit generator is limited to 32 bits entropy, regardless of the number of characters the password contains.
Note, however, that a different type of attack might succeed against a password evaluated as 'very strong' by the above calculation.
Password generator programs and websites
A large number of password generator programs and websites are available on the Internet. Their quality varies and can be hard to assess if there is no clear description of the source of randomness that is used, and if source code is not provided to allow claims to be checked. Furthermore, and probably most importantly, transmitting candidate passwords over the Internet raises obvious security concerns, particularly if the connection to the password generation site's program is not properly secured or if the site is compromised in some way. Without a secure channelSecure channel
In cryptography, a secure channel is a way of transferring data that is resistant to interception and tampering.A confidential channel is a way of transferring data that is resistant to interception, but not necessarily resistant to tampering....
, it is not possible to prevent eavesdropping, especially over public networks such as the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
.
See also
- Cryptographically secure pseudorandom number generatorCryptographically secure pseudorandom number generatorA cryptographically secure pseudo-random number generator is a pseudo-random number generator with properties that make it suitable for use in cryptography.Many aspects of cryptography require random numbers, for example:...
- DicewareDicewareDiceware is a method for creating passphrases, passwords, and other cryptographic variables using ordinary dice as a hardware random number generator. For each word in the passphrase, five dice rolls are required. The numbers that come up in the rolls are assembled as a five digit number, e.g....
- Hardware random number generatorHardware random number generatorIn computing, a hardware random number generator is an apparatus that generates random numbers from a physical process. Such devices are often based on microscopic phenomena that generate a low-level, statistically random "noise" signal, such as thermal noise or the photoelectric effect or other...
- Key sizeKey sizeIn cryptography, key size or key length is the size measured in bits of the key used in a cryptographic algorithm . An algorithm's key length is distinct from its cryptographic security, which is a logarithmic measure of the fastest known computational attack on the algorithm, also measured in bits...
- Password length parameterPassword length parameterIn telecommunication, a password length parameter is a basic parameter the value of which affects password strength against brute force attack and so is a contributor to computer security....
- Password managerPassword managerA password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or a file that holds the encrypted password data for secure logon onto computers, networks, web sites and application data files. Many password managers also work as a form...
External links
- Cryptographically Secure Random number on Windows without using CryptoAPI from MSDNMicrosoft Developer NetworkThe Microsoft Developer Network is the portion of Microsoft responsible for managing the firm's relationship with developers and testers: hardware developers interested in the operating system , developers standing on the various OS platforms, developers using the API and scripting languages of...
- RFC 4086 on Randomness Recommendations for Security (Replaces earlier RFC 1750.)
- http://www.itl.nist.gov/fipspubs/fip181.htmAutomated Password Generator standard FIPSFederal Information Processing StandardA Federal Information Processing Standard is a publicly announced standardization developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract...
181] - GRC's | Password Haystacks: How Well Hidden Is Your Needle?