Score:1

deterministic password generator idea

ru flag

Outside of professional carrier, I often stumble upon a need for a unique password for exp. for local database, game server, or on tons of, not so important, websites.

I came up with an idea to write a deterministic password generator for myself, which takes a tuple:

  • master password
  • header for exp. just a word "pinterest"

and generates a password of specified length, always the same.

I realise that this idea may not be the most secure and etc. But please focus on proper implementation, not the concept.

The implementation:

  1. Process master password and header using a password hash function like balloon hashing or argon2 (I believe that it adds some computational effort and makes it harder to obtain the master password from a few generated passwords)
  2. Use the result of 1. as a seed for Fortuna DRNG to generate the password

Are my assumptions about point 1. correct? Would you suggest some more operations?

How should I process master password and header? Can I simply concatenate them and hash, or XOR their hashes, or compose?

DannyNiu avatar
vu flag
SSL/TLS does pretty much what you describe - deriving working keys from master key obtained from handshake; except they work with binary keys instead of textual passwords. This question is otherwise (as I see it) a request for scheme analysis, thus off-topic.
kr flag
This is actually a duplicate of [this question](https://crypto.stackexchange.com/questions/98173/diy-password-key-derivation-tool-using-pbkdf2-hmac). See there the problems you may face. Briefly: What if you need to change a password for one of 100 web sites? A single generator will not work.
kelalaka avatar
in flag
Use a password manager?
kr flag
@kelalaka: Yes, using password manager is the most reasonable approach. But the OP as well as the linked question hopes that it might be possible to have a nice function that gives you passwords for all your web sites, so that you need to remember a *single" password only. In the linked answer I explain why it is impossible on the long run. And yes, if one wants to remember a *single* password only, one should use password manager.
kr flag
If you don't care about password resetting, then your approach is almost fine. I don't see any reason to have step 2, DRNG. The hash has already high entropy. Why do you need a DRNG? It will not make the result worse, but it adds complexity without giving any benefits.
kebabdubaj avatar
ru flag
I thought that DRNG would let me generate arbitrary length passwords
Score:-2
cn flag

I would suggest less operations :-)

Use Argon2 directly as that's what it's for. So you'd do something like this:-

echo "master_password"   |   argon2    header_needs_to_be_longer -t 1000 -p 10 -k 10000

in the *nix world.

That then produces:-

Type:       Argon2i
Iterations: 1000
Memory:     10000 KiB
Parallelism:    10
Hash:       16e4848c0274617768dac792518fd60d74df6233c0f7d4b90df22f009ae177fd
Encoded:    $argon2i$v=19$m=10000,t=1000,p=10$aGVhZGVyX25lZWRzX3RvX2JlX2xvbmdlcg$FuSEjAJ0YXdo2seSUY/WDXTfYjPA99S5DfIvAJrhd/0
6.435 seconds
Verification ok

The hash is 256 bits which should be plenty, and is always repeatable and secure.

kr flag
From the security point of view, yes, that is fine. But what about usability? If you have 100 web sites and have to change password for one of them, would you go to every of these 100 web sites and change password just to have the same single generator?
Paul Uszak avatar
cn flag
@mentallurg Err, not quite sure what you mean by having a single generator, but I was trying to focus on the use of Argon to combine the master password and salt.
kr flag
The question is NOT about how to safely generate passwords. The question is about creating a function that has website name as input and produces password for it. Like *password = generator( website_name)*. Having secure hashing algorithm is only a *part* of it. Sure, we can take Argon or other secure algorithm. But the *fundamental* problem is, that this approach works only if you have not change password for any of web sites. If you have to change password, you need some *other* generator.
kr flag
... Thus you will need 2 generators. If you change password for some web sites 3 times, you will need 3 generators. Furthermore, you will need to store some information what generators should be user for what site. Thus eventually you will come to the necessity to keep different information for password generation for each web site. Thus having a single generator for multiple web sites is, on the long run, impossible.
kebabdubaj avatar
ru flag
Let's clarify a bit, my password generator has a very specific usecase for rarely used, not so important passwords, which still could be nice to have unique (for exp. minecraft server). Also I think your concerns about password change, could be addressed by adding an unsigned integer I, which could take part in password generation
kebabdubaj avatar
ru flag
@PaulUszak do you suggest to use header as salt for argon2?
kebabdubaj avatar
ru flag
@mentallurg I've read your linked question, I agree with you, but still I belive in my approach for my personal usecase and this unsigned int I added to the function will solve password change problem for me.
kebabdubaj avatar
ru flag
My main question remains whether my implementation is correct?
Paul Uszak avatar
cn flag
@kebabdubaj Yes I do. It seems the obvious way to combine them :-) Including any (int) version numbers.
kebabdubaj avatar
ru flag
@PaulUszak Okay it makes sense, agreed
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.