[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Using JavaScript to generate "secure" passwords.

From: Vincent Archer <varcher@xxxxxxxxxxx>
Subject: Re: [WEB SECURITY] Using JavaScript to generate "secure" passwords.
Date: Thu, 31 Jan 2008 11:13:08 +0100

On Wed, 2008-01-30 at 20:03 +0100, Hoffman, Billy wrote:
> This tells us a few things: The seed will always be numeric. That drastically reduces possible character set) (and thus entropy) of what you are SHA-1ing.

If you assume that SHA is (relatively) cryptographically correct, it is
not a problem. A hashing function removes all regularities in the
original source, and it simply caps the total entropy of the data to
whatever bit total the final hash is.

In other words, it should not matter if you have a 500 byte source, with
1 bit of entropy per byte, or a 100 byte source with 5 bits of entropy
per byte: you should end up with a 256bit random value after hashing to
256 bits (having lost 250 bits of entropy in the way).

> What should you take away from all from this? GATHERING ENTROPY IS HARD! Only the most extreme least significant bits of operations like latancy between disk reads, network traffic, cache hits, etc, are used. You have access to none of this in JavaScript. JavaScript does provide a large number of significant digitswith its Date object. Checking time between user events and only using the least significant bits might be an acceptable approach, but I imagine you would need to gather a lot of data to do it.

The problem here is not in the way entropy is gathered, but in the
source of entropy. Mouse positions are a weak source of entropy, so you
need to gather a lot of them to get enough entropy for your data source.
The way you store them before throwing them into a good bit mixer does
not matter.

In fact, the less operations you make on the data gathered, the better
off you are. Chopping off bits from the data to keep only the "least
significant bits" will result in less entropy per sample, not more. The
difficulty is in estimating how many bits of entropy you got, which
gives you the time when you can finally get your random number.

--
Vincent ARCHER
varcher@xxxxxxxxxxx

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 23, rue Notre Dame des Victoires - 75002 Paris - France

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- RE: [WEB SECURITY] Using JavaScript to generate "secure" passwords.
  - From: Hoffman, Billy

References:
- [WEB SECURITY] Passwords : include a space
  - From: Stephan Wehner
- Re: [WEB SECURITY] Passwords : include a space
  - From: Secure Sauce
- Re: [WEB SECURITY] Passwords : include a space
  - From: Stephan Wehner
- Re: [WEB SECURITY] Passwords : include a space
  - From: Brian Eaton
- [WEB SECURITY] Using JavaScript to generate "secure" passwords.
  - From: Hoffman, Billy

Prev by Date: [WEB SECURITY] IT Security Plan/ Strategy
Next by Date: RE: [WEB SECURITY] Using JavaScript to generate "secure" passwords.
Previous by thread: [WEB SECURITY] Re: Using JavaScript to generate "secure" passwords.
Next by thread: RE: [WEB SECURITY] Using JavaScript to generate "secure" passwords.
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site