Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.4: Random password widgets may not be random System 10.4
Tiger only hintThe widget KeychainHelper is supposed to be a random password generator. If you install it and set it up the exact same way, however, you will notice that the passwords are not random!

Upon inspection of the code, the application uses JavaScript's Math.random() method, which doesn't take a seed. What this means is that any time the app is re-installed, or the Dock is restarted, the cycle of pseudo-random choices is restarted. Since you restart the Dock each time you reboot your computer your password is likely one of...
  • aiUCHncQQ5xG
  • ZcdGPaxezQK5
  • 0GfOzR4VqcTu
  • NU9wp8SUOeN2
  • qBVDorwkE34d
That is, assuming you use the same settings as I do -- twelve characters in length, all numbers and letters in both upper and lower case. Any widget that uses Math.random() is not the best choice for security. This is clearly a weakness of JavaScript's pseudo-random number generator and its lack of a seed. Hence, until someone comes out with a widget that uses a Cocoa bundle, as opposed to JavaScript, to generate the random numbers, I think we all should refrain from using them. After all, what is the point in having a "random" password if it is the same as everyone elses' "random" password?

[robg adds: There definitely seems to be an issue with JavaScript and random password generation, as I found another widget (called Password Generator) that's no longer available due to the same non-random-password issue. Both Apple's Dashboard site and DashboardWidgets.com list a number of such password generating widgets; if you're going to use one, you might want to test the randomness of the results before relying on the tool.]
    •    
  • Currently 1.80 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (5 votes cast)
 
[27,629 views]  

10.4: Random password widgets may not be random | 35 comments | Create New Account
Click here to return to the '10.4: Random password widgets may not be random' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.4: Random password widgets may not be random
Authored by: abyone on Sep 02, '05 09:54:14AM

I wonder if somebody can create a widget that just uses data from random.org to get truly random data - then convert it to text/numbers. or somthing.



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: guybrush on Sep 02, '05 10:10:10AM

A Widget could use /dev/random ?

for example:

$ xxd -ps -len 16 /dev/random
3974068a64fb51db4fb1405173788d1f
     

[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: Hanji on Sep 05, '05 02:12:10PM

For the sake of paranoia, I'd be wary of using any online source of randomness to generate passwords. You don't know what they may or may not be logging, and who may or may not be sniffing somewhere on the route between you and them.



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: KenaiTheMacFan on Sep 11, '05 05:39:33PM

Get about 200 random numbers. Take the last few numbers and use them to determine which of the 200 numbers to use in making the password.

---
Ian



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: cane on Dec 13, '05 06:01:16AM

Geeze. If someone sniffs your traffic, he also knows what algorithm you use. This means he also knows which of the 200 numbers you'll finally use.
(The method you described is useful for decreasing correlation of some give pseudo-random generator, but not for increasing security)
You could, however, hash the online random number together with a local source of randomness, in order to have good randomness and security. However, I think that your local /dev/rand is secure enough.



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: jacobolus on Dec 13, '05 07:14:35AM

Except if you get a 10 MB random bit dump from random.org, and then use part of the file to pick where in the file to pull out a few bytes of random data, it's inconcievable that someone with a packet sniffer could figure out your strategy. That said, /dev/rand is fine AFAICT



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: jacobolus on Dec 13, '05 07:15:50AM

Oh, i see, this is for a widget. Yeah, you're right. It would need to be combined with a local source.



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: grikdog on Sep 02, '05 10:21:00AM
It should be reading from /dev/rand -- Mac OS X 10.2 and up uses Yarrow to drive its rand device, so input from there is "virtually" (i.e., perfectly for all practical purposes) random. Even if entropy fades, as I understand it, the algorithm simply begins emulating a PRNG which has been seeded with a very large random key.

[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: ekc on Sep 02, '05 03:43:48PM
I think it's actually /dev/random you want to be reading, but I second what you're saying. Pseudo-random number generators like Math.random() were never meant for cryptography. You want a nice, non-reproduceable data source feeding your password generator, and /dev/random is probably about as close as you can get without sampling white noise.

[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: KenaiTheMacFan on Sep 11, '05 05:40:43PM

What is Yarrow?

---
Ian



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: larse on Sep 02, '05 10:53:16AM
Instead of reimplementing this functionality - and introducing bugs - these widgets should simply wrap around proven command line tools like apg.

[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: wilton on Sep 02, '05 11:36:34AM

I found a good password widget called Make-a-Pass.

It makes pronouncable passwords (FIPS 181 compliant) etc, and so far seems very random.

Will



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: ibroughton on Sep 02, '05 01:48:21PM
I use the one from sebflipper.com which works well for my needs. Shove it on your webserver and get passwords wherever you are!

---
The server is up but the site is down and I don't know which direction you are trying to go

[ Reply to This | # ]

10.4: Random password widgets may not be random
Authored by: jdb8167 on Sep 02, '05 03:21:07PM

There is a password generator built into both the OS X account creation page in System Preferences and in the Keychain. Open Keychain Access, click on File Menu->New Password Item... Click on the key icon. There are a bunch of options for different kinds of passwords there.



[ Reply to This | # ]
Image of password assistant window
Authored by: thoughton on Sep 02, '05 04:20:15PM

For those of you not currently at your Macs, there's an image of the password assistant window here:
http://www.thoughton.co.uk/digitallife/weblog/2005/07/password_assist.php



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: boredzo on Sep 03, '05 01:55:53AM

there are two existing hints about this (10.3 and 10.4). I wrote an application that provides an easier method of access, but my website is no longer available.



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: magnamous on Dec 01, '05 04:04:37PM

Do you still have the source code? If you do, I would think Rob would have no problem with hosting the source - it doesn't sound like it would be a very large app.



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: NeuralNet03 on Sep 02, '05 04:15:39PM

Java's not to fault. The Math.random function is a lazy man's random function. The author should be using a Random object, which can be seeded in their constructor (use system time, login time, something unique and changing).



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: nickfitz on Sep 04, '05 01:29:46PM

JavaScript isn't Java. There is absolutely no relation between the two languages, and there is no such class as Random in JavaScript.



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: segdeha on Sep 02, '05 04:31:05PM

I'm the author of Make-A-Pass and I use the following algorithm to achieve "good enough" randomness:


// The Central Randomizer 1.3 (C) 1997 by Paul Houle (houle@msc.cornell.edu)
// See:  http://www.msc.cornell.edu/~houle/JavaScript/randomizer.html
// Usage: rand(n) returns random integer between 1 and n

rnd.today = new Date();
rnd.seed  = rnd.today.getTime();

function rnd() {
   rnd.seed = (rnd.seed*9301+49297) % 233280;
   return rnd.seed/(233280.0);
}

function rand(number) {
   return Math.ceil(rnd()*number);
}

I believe this gets around the problem stated by the original poster, though I like the suggestion of using a command-line utility to generate the randomness.

Feel free to contact me if you have any suggestions for Make-A-Pass (or any of my widgets, for that matter!).

-Andrew
-----
andrew@hedges.name / http://andrew.hedges.name/

[ Reply to This | # ]

10.4: Random password widgets may not be random
Authored by: Felix on Sep 03, '05 11:32:30AM

Glad to hear Make-a-Pass doesn't have this problem...because I've been using it since you first posted it. Very handy Widget.



[ Reply to This | # ]
still insecure
Authored by: SOX on Sep 06, '05 02:08:21PM

One can subvert this as follows.
look at the modification date on the users password entry. seed this along with times close by into your algorithm and you will get a modest list of possible passwords. hash alll these and see if they match the stored hash.



[ Reply to This | # ]
Insecure no more!
Authored by: segdeha on Sep 18, '05 11:39:41PM

FYI, I've updated Make-A-Pass to get its random seed from /dev/random. Thanks for the enlightening discussion, MacOSXHints.com readers!

You can download Make-A-Pass from the following URL:

http://andrew.hedges.name/widgets/

Thanks!
-Andrew



[ Reply to This | # ]
A small App that's an alternative to widgets...
Authored by: TigerKR on Sep 03, '05 12:13:37AM

There is a neat little application called RPG that creates random passwords:

RPG

It allows you to specify length and composition (uppercase, lowercase, numbers, special characters). Its a great little app, and I recommend it highly.



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: SnakeO on Sep 03, '05 02:34:18AM

[code]
jot -r -c 160 a z | rs -g 0 8
[/code]



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: guybrush on Sep 03, '05 06:55:23AM

cool, never heard about those 2 commands, neat! :)



[ Reply to This | # ]
Going one better
Authored by: Lectrick on Sep 06, '05 12:22:56AM
Since you stole that right from the man page for jot ;) , I figured I'd use my Unix-fu to whip it into something slightly better. The example given only generates passwords with all-lowercase letters. But then there's:

jot -r -c 200 33 122 | sed 's/[^[:alnum:]]//' | rs -g 0 8

This will spit out 8 character passwords consisting of mixed case and numbers. Because the sed portion acts like a filter, the output length will vary, but you can choose how many characters per word by changing the 8 at the end, and you can choose how many random characters you want "jot" to try to generate by changing the 200. If you want to allow a few extra characters like asterisk, !, ? etc, you can try adding them like this:

jot -r -c 200 33 122 | sed 's/[^[:alnum:]*+@\?!\._]//' | rs -g 0 8

In this case I'm allowing not only alphanumerics but asterisk, plus, at-sign, question mark, exclamation point, period, and underscore. (Notice that the question mark and period have to be escaped with a backslash before them as these are normally "special" characters in regular expressions, so consider those one unit in case you delete them here.)

Fun stuff ;)

---
In /dev/null, no one can hear you scream

[ Reply to This | # ]

Going one better... backslashes are omitted
Authored by: Lectrick on Sep 06, '05 12:25:05AM

Please note that even though I surrounded the above code with the relevant Code tags, it STILL omitted the backslashes!!! (grrrr)

Just please assume there are backslashes. I'm going to try again below without the code tags:

jot -r -c 200 33 122 | sed 's/[^[:alnum:]*+@\?!\._]//' | rs -g 0 8

---
In /dev/null, no one can hear you scream



[ Reply to This | # ]
nevermind. backslashes NOT NEEDED!
Authored by: Lectrick on Sep 06, '05 12:52:59AM

Sorry for the repeated followups.

It appears that, unlike "normally" when you have to escape periods and question marks, in this case you don't, and if you do put backslashes there then they will just be treated as a regular allowed character and you will get passwords with backslashes in them (usually a no-no).

So to reiterate, this is perfectly fine:

jot -r -c 200 33 122 | sed 's/[^[:alnum:]*+@?!._]//' | rs -g 0 8

---
In /dev/null, no one can hear you scream



[ Reply to This | # ]
That was the bash version. tcsh here
Authored by: Lectrick on Sep 06, '05 08:18:48AM

For some reason, in the tcsh shell you have to escape the exclamation point by putting a backslash before it... so do that (or omit the !). FYI

---
In /dev/null, no one can hear you scream



[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: rumirocks on Sep 03, '05 05:58:00AM

Try LadyCrypt, a widget from www.ladycrypt.fr



[ Reply to This | # ]
No need for a Cocoa bundle
Authored by: PeteVerdon on Sep 04, '05 11:43:40AM

Just read from /dev/urandom and friends. This is Unix, after all.

Pete



[ Reply to This | # ]
you get the same thing with
Authored by: Lectrick on Sep 06, '05 12:58:22AM

jot -r -c 200 33 122 | sed 's/[^[:alnum:]]//' | rs -g 0 12 | head

just sayin'

(this was originally posted in a deeper thread but I felt it deserved a bit more attention as it not only does the same job but uses the high-quality OS X pseudo random number generator underneath)

---
In /dev/null, no one can hear you scream



[ Reply to This | # ]
sed...meh
Authored by: ra5ul on Dec 03, '05 11:33:34PM

jot -rc 24 48 123 | grep -m12 \\w | rs -yg 0 12
generates a good password.

[ Reply to This | # ]
10.4: Random password widgets may not be random
Authored by: rjcarr on Dec 07, '05 12:34:41AM

It seems everyone here is missing the point. Although Math.random() in javascript is not cryptographically secure, for all intents and purposes, it is adequate.

However, the problem here is specifically with Math.random() in widgets, not necessarily, and only related to, Math.random() when used with passwords.

It seems that, for some reason, Math.random() is seeded with the *same number* every single time a widget is placed, whereas it *should* be seeded with the current time (or some other infrequent number) instead.

Just wanted to clear up the root of the problem.



[ Reply to This | # ]