mailing list archives
Re: pwgen: non-uniform distribution of passwords
From: Solar Designer <solar () openwall com>
Date: Wed, 18 Jan 2012 01:53:11 +0400
On Tue, Jan 17, 2012 at 02:14:17PM -0700, Kurt Seifried wrote:
I'm of the mind that documenting issues is good but documenting issues
doesn't always make them go away.
E.g. documenting a default usrname/password where it can be easily
changed is reasonable. Documenting a default username/password that
cannot be changed doesn't really help to the same degree.
In this case we have something that tells you not to use an unsafe
option but isn't exceedingly noticeable or clear (if it came up every
time you used that option there would be a stringer case for no CVE).
I'm sitting on the fence for this one (I can see it going either way),
wouldn't mind some more opinions from the smart people on this list.
CVE assignments also don't always make issues go away.
I might update/revise my analysis on this issue in a few days.
Specifically, I now suspect that a (large) part of the apparent
non-uniformity of the distribution was in fact an artifact of my
analysis approach. I only analyzed sets of 1 million of pwgen'ed
passwords, so I could not directly check the distribution of full
passwords (1 million is too little, even compared to the small keyspace
of these passwords), whereas JtR only uses trigraph frequencies.
I am now generating 1 billion of pwgen'ed passwords, which should take a
couple of days to complete. (I could speed this up with some changes to
pwgen or by using multiple machines, but I see no need for that. 2 days
is fine with me.) Based on the 30 million generated so far, it appears
that maybe the primary problem is in fact small keyspace (on the order
of 28 bits, it seems) rather than non-uniform distribution - but this is
also a preliminary conclusion. Let's wait for the 1 billion, which
should be enough for a more reliable conclusion if the keyspace is in
fact this small.