Sam Posted April 13, 2018 Report Share Posted April 13, 2018 Hi ! Enpass looks nice. It's full of features. Of course, it makes me willing to use it. As I noticed for some software companies that spending time in developing features is a natural marketing constraint to catch more customers, it pushes security concerns to second priority. Then, I'd like to make my mind about and try to assess how good behaves your password generator ( that is one of the secure component that everybody can understand ) A simple test: measure the occurence of consecutive characters. with a simple setup (only numbers) : probability of having 2 consecutive number is below 1% for length=10 but statistics (I have tried ~50 iterations ) shows 50% ! Having a long password with funny characters will not help if the sequence is generated by an algorithm that limits the statistics... More than a bug in the randomizer, it seems to me a backdoor algorithm runs behind. Make me change my mind please Link to comment Share on other sites More sharing options...
Area Posted April 13, 2018 Report Share Posted April 13, 2018 (edited) Is there new information or a solution to the problem? Sorry, wrong thread. Edited April 13, 2018 by Area Link to comment Share on other sites More sharing options...
Vinod Kumar Posted April 16, 2018 Report Share Posted April 16, 2018 Hi @Sam, Welcome to Enpass. Can you please elaborate the problem in more detail so that I can address your concerns? Do you mean to say "Measure of occurrence of consecutive number pairs in a random password of length 10, using only digits"? Regards, Vinod Link to comment Share on other sites More sharing options...
Sam Posted April 16, 2018 Author Report Share Posted April 16, 2018 Hi Vinod, the problem is : the password generator does not behave randomly, at all the question is : Can you explain why ? the matter of "occurrence of consecutive number pairs in a random password of length 10, using only digits" is just an example of the problem observation. I reported this example beause the probability is easy to calculate and statistitictsis is easy to measure. Link to comment Share on other sites More sharing options...
Vinod Kumar Posted April 16, 2018 Report Share Posted April 16, 2018 Hi @Sam, Let me have this opportunity to assure you that there is such no backdoor in the algorithm. There is clearly some misunderstanding here. Let us find out the probability of having at least two consecutive digits in a number of various length using a computer program P(length 2) = 10 / 100 = 0.1 P(length 3) = 190 / 1000 = 0.19 P(length 4) = 2710 / 10000 ≈ 0.27 P(length 5) = 34390 / 100000 ≈ 0.34 P(length 6) = 409510 / 1000000 ≈ 0.40 P(length 7) = 4685590 / 10000000 ≈ 0.46 So, as length increases probability increases. and is approximately P ≈ (∑k - ∑(k-n+1))/k^2 where k >= n k is sample space of single digit n is length of password In our case k=10 and n=10 P(length 10) = (55 - 1)/100 = 0.54 So, Probability of occurrence of at least two consecutive digits in a random password of length 10, using only digits is 0.54 i.e. 54%. And it is very close to your statistical calculation. Cheers:) Link to comment Share on other sites More sharing options...
Sam Posted April 18, 2018 Author Report Share Posted April 18, 2018 Hi Vinod Thanks for demonstration that show my mistake and exonerate the generator . thanks Link to comment Share on other sites More sharing options...
Recommended Posts