Broken password generator

[zedisdad]

Your 'new' password generator may potentially have a bug.  If you select Pronounceable passwords, and Include Digits, then it only adds ONE digit at the end of the string of characters.   In previous versions, the generator would add a number at beginning/end of every 'word' element, thus making the same length password much stronger. Right now, all your 3 word pronounceable passwords come up as 'weak,' which is ridiculous.  I don't get 'good' pronounceable passwords until I hit 6 words, ~40 characters, which most websites that I use won't accept.  Please fix this asap, this is a serious flaw, unless i completely misunderstand this new 'feature.'

Thanks,

Z

OS: Mac 10.13 High Sierra
Enpass: v6.0.0 

[sunsudio]

Hi there,

 

I'm also concern about the new password generator... I've been using enpass for a long time now and really never had the need to come to this forum before, until now. Why is that all passwords I've generated so far were categorized as strong by enpass and now are marked to be only weak or good at better... Can you please give an explanation to that?

 

Br,

Alfredo

 

[zedisdad]

Alfredo, this is not the issue I am talking about here but, to answer your question, Enpass say they are using a new password strength estimator (called zxcvbn).  When looking into it, it appears that zxcvbn is a rapid/low-resource password strength estimation algorithm.  Some comparisons have been made between zxcvbn and other strength estimation methods, and the result really depends on what you use as the metric.  I think zxcvbn really hates pronounceable passwords (because it searches for patterns in the password).  I personally am starting to ignore the strength estimation I am seeing with Enpass 6.0.  

Still, the main problem is not strength estimation for me, it's generating weak passwords by only adding ONE digit to the end of the entire password.  This is a bug, it was not like this in previous versions.

 

Z

[Vinod Kumar]

Hi all,

The digit and uppercase options are purely for satisfaction of some websites password policies. Adding uppercase and digits at random places in a pronounceable/diceware password does not contribute to entropy significantly, but adding a additional word will. Moreover, such a password is not pronounceable/memorable at all. First capital letter can be remembered easily and trailing digit can be memorized as an additional word. 

Also, Password Strength calculator ranges have been changed. Please read this page how it works.

Hope this clears the doubt.

[Spenser]

@Vinod Kumar: while it is correct that moving the uppercase letter or number won't contribute to entropy mathematically, it should be noted that having them at fixed positions reduces the number of possibilities as it is known that first letter is upper- or lower case and there might be a number attached to the passphrase (or not).

I liked the old version of the password generation and I think it was a really good way to have both: complex passwords and somehow to memorize. 

Isn't there a way to have the old function back have a "semi-pronounceable" password using the previous password generator?

[zedisdad]

@Vinod Kumar,

While I am not a password generation expert, I will be surprised if i am wrong about this one, as as I am a data compression guy and I know my entropies.  Telling me that a 3 word long password has always a digit at the end (e.g., cheetah-ford-plane2) has a smaller entropy than a password where the digits may be (or may not be) placed at beginning/end of every word (cheetah4-3ford-plane2).  Just check the strength of both passwords above using any software (except your own) and you will see the difference in strength.

Now the issue it seems is the way your dropbox password generator is computing strengths.  It is not really computing entropy at all, but rather an estimate based on recognizable patterns.  

Bottom line is: I really do not like that your password generator always tells me that my 20-character pronounceable passwords are weak.  Many websites constrain length to 20.    I see 3 fixes: 1) manually add numbers at beginning/end of every word (I don't know why Enpass doesn't do this anyway already, what's the downside?), 2) ignore your strength estimator, which will ultimately lead to 3) use another software than Enpass.

Z

 

[sunsudio]

Hi Vinod,

 

Thanks for replying, unfortunately for me, the page you redirect me to, have worsened things for me.

I have come to the conclusion that if I only chose four words in Spanish or five to six words in English, not having them to be random

at all (actually they can form an actual sentence, that is easier to remember) and test it against your password checker then it says

these passwords are strong enough. Find below some examples that much the new level of security... see my point? Do you really think

those passwords are good enough?

 

English:

what about you and me frea

Is there any strongest p?

Are you kidding me at all

This is easy to rembember

 

Spanish:

tanto monta monta tanto

a quien le importa  (with a final space)

No puede ser que sea

 

Thanks in advance,

Alfredo.

 

 

[Vinod Kumar]

Hi @sunsudio,

15 minutes ago, sunsudio said:

what about you and me frea 

The idea behind diceware/pronounceable is randomness of order of words. Out of 14400 words, every word is selected at random. What about "and frea about you what me". This looks better, right? By using Enpass password generator, getting this kind of word sequence is highly unlikely. Please see more detailed explanation about Diceware here.

http://world.std.com/~reinhold/diceware.html

 

@zedisdad When you are using a diceware/pronounceable password, its entropy is calculated by two means.

1. Diceware: Calculated based on number of words. Any addition of symbols, digits, uppercase are ignored.

2. Zxcvbn: Calculated based on Zxcvbn algorithm. 

Enpass show strength based on whichever of two is lower. So if, diceware entropy of "cheetah4-3ford-plane2" says weak and zxcvbn says average and it will be considered as weak. You can't know in advance what methodology an attacker will apply. Additionally, Zxcvbn considers all known type of methodologies an attacker will apply to reduce number of guesses for your password.

If a website forces shorter length passwords, you must use random passwords not pronounceable. As I told already adding digits at random places is little gain as compare to an additional word.

Thanks.

 

 

[sunsudio]

Hi there,
 

Thanks Vinod, I have carefully read diceware.html twice. I only have one last question: do you think "are you sure this is a good password or not" is a good password or passphrase? because I can do a lot of them and Enpass is always telling me that they're the strongest. My concern is that until now I relied on Enpass to test my passwords against it and it always told me that my passwords were strong enough and now the better is only "good" while the rest are weak. 

 

Best Regards,

Alfredo.

 

[zedisdad]

13 hours ago, Vinod Kumar said:

When you are using a diceware/pronounceable password, its entropy is calculated by two means.

1. Diceware: Calculated based on number of words. Any addition of symbols, digits, uppercase are ignored.

This entropy measure assumes that attacker knows I'm using a diceware password (which now thanks to this forum everyone knows that I do).  But if you didn't know that i use diceware, throwing random numbers at random locations significantly improves the entropy.  Do the math.  

Finally, it is pretty silly to have a feature that says "digits" in a password generation tool which only inserts one digit at the end of the password. Why include that feature to begin with?  It does not hurt to include more random digits (we agree about that), and your only argument is that adding more digits does not improve entropy "too much" (we disagree about that).  Unless you can quantify the cost vs benefit in adding digits at random locations in a pronounceable password, then at this point I see Enpass as being nothing but mule stubborn about this.  

So either remove this half-arsed feature, or add it properly.

Z

Edited January 4, 2019 by zedisdad

[ithinkiam]

I've noticed in v6 that generating prounceable passwords with Uppercase and digits always results in the first character of the whole password being upper case and the last character being a number.

Whereas, in v5 the digits are added to the ends of each of the words and the Uppercase characters are randomly on the first or last character of any the words.

The v5 behaviour is better IMO.

Example:

Correct-horse-battery-staple9 <- v6

correct0-horse4-2Battery-Staple <-v5

 

[earl.grey]

This is really horrible from enpass. The new password generator is garbage.
Every hacker knows now, that you are using a digit in the end of your password from the range 0 to 9. And the first letter is always capitalized....

[zedisdad]

Not only is the password generator garbage but so is the "strength" estimator.  Right now all pronounceable 3-word passwords show up as weak, even with "digits" selected.  Most websites I use do not allow for passwords longer than 20-characters, which means all my pronounceable passwords generated by Enpass are garbage. I recommend you go back to v5 if you can, which I did. 

The argument enpass is offering is that adding numbers does not improve strength much.  That argument has a serious fallacy in it, which is that you know that a number is added.  Every other generator I use shows that adding numbers at the end of words improves strength substantially.  But if your generator always adds a number at the end of entire password, then yeah, enpass is right, "adding numbers" don't matter...

Edited January 24, 2019 by zedisdad

[xarekate]

Sorry that I intervene in your discussion, but I see it the following way:

1. Why should the "hacker" know that you are using Enpass to generate your passwords? He'd still need to anticipate that a digit could be anywhere or a capital letter used more than one time.

2. Nobody will hack you nowadays if you are not using very simple passwords like asdf1234, because there are a lot of victims with those easy passwords and if, so mostly the passwords are stolen while using the vulnerabilities of databases. At the end it doesn't matter if your password was weak, secure or mega9-Sup3r-$ecure. Furthermore in case you are too important for somebody there are much more elegant ways to get your password, instead of hacking you. 

Finally I see it the way that you (who is thinking the used password generator is too weak) are wishing the old generator back, because of the better feeling not the facts. There is no real security improvement when using more digits or capital letters at other places, just loosing the passwords memorability.

 

Maybe only the strength estimator is a bit confusing, here I can agree with you.