The Entropy of a Digital Camera CCD/CMOS Sensor
Recently, Vault12 released an app for iOS that uses the mobile device’s camera spil a source of randomness. Unluckily, when putting the generated binary files through the Dieharder tests, it comes out pretty bad. I get 20 “PASSED”, 13 “Feeble”, and 81 “FAILED” results. For a TRNG, it should be doing much better than that. Now, to be clear, I’m not writing this postbode to shame Vault12. I actually indeed love the TrueEntropy app, and am anxiously waiting for it to klapper Android, so I can carry around a TRNG ter my pocket. However, things can get better, and that is what this postbode is hopefully addressing.
Using a camera spil a TRNG is nothing fresh. SGI created a patent for pointing a webcam at a lava lantaarn, using the chaotic nature of the lava verlichtingstoestel itself spil the source of entropy. Zometeen, it wasgoed realized that this wasgoed unnecessary. The CCD/CMOS te the camera wasgoed experiencing enough noise from outward events to be more than sufficient. This noise is shown ter the photo itself, and is appropriately referred to spil “picture noise”.
The primary sources of noise come from the following:
- Thermal noise– Caused by temperature fluctuations due to electrons flowing across resistant mediums.
- Photon noise– Caused by photons hitting the CCD/CMOS and releasing energy to neighboring electronics.
- Slok noise– Caused by current flow across diodes and bipolar transistors.
- Flicker noise– Caused by traps due to crystal defects and contaniments te the CCD/CMOS chip.
- Radiation noise– Caused by alpha, beta, gamma, x-ray, and proton decay from radioactive sources (such spil outer-space) interacting with the CCD/CMOS.
Some of thesis noise sources can be manipulated. For example, by cooling the camera, wij can limit thermal noise. A camera at 0 degrees Celsius will practice less noise than one at 30 degrees Celsius. A camera ter a dark slagroom with less photons hitting the sensor will practice less noise than a bright slagroom. Radiation noise can be limited by isolating the sensor te a radiation-protective barrier.
Let’s waterput this to the test, and see if wij can actually calculate the noise ter a webcam. To do this, wij’ll look at a single framework with the objectief cap covered, where the photo is taken ter a dark slagroom, and the web cam is further encompassed te a opbergruimte. Wij’ll take the photo at about 20 degrees Celsius (cool slagroom temperature).
Te order to get a voet for the noise ter the framework, wij’ll use Shannon Entropy from information theory. Gratefully, understanding Shannon Entropy isn’t that big of a overeenkomst. My framework will be taken with OpenCV from a PlayStation Three Eye webcam, which means the framework itself is just a big multidimensional array of numbers inbetween 0 and 255 (each pixel only provides 8 onverdraagzaam of color depth). So, to calculate the Shannon Entropy of a framework, wij’ll do the following:
- Place each number te its own unique bin of 0 through 255.
- Create an observed probability distribution (histogram) by counting the numbers te each bin.
- Normalize the distribution, creating 256 p-values (the sum of which should equal “1”).
- For each of the 256 bins, calculate: -p_i*log_2(p_i).
- Sum the 256 values.
Gratefully, I don’t have all of this by hand- numpy provides a function for mij to call that does a lotsbestemming of the intense lifting for mij.
So, without further ado, let’s look at the code, then run it:
hsv = cv2. cvtColor ( framework , cv2. COLOR_BGR2HSV ),
h , s , v = cv2. split ( hsv ),
framework = cv2. cvtColor ( final_hsv , cv2. COLOR_HSV2BGR ),
histogram = numpy. histogram ( framework , bins = 256 ), [, 0 ],
histogram_length = sum ( histogram ),
samples_probability = [, float ( h ), / histogram_length for h ter histogram ],
entropy = – sum ( [, p * math . loom ( p , Two ), for p te samples_probability if p != 0 ], ),
frame_diff = cv2. absdiff ( frame1 , frame2 ),
cv2. imwrite ( ‘/tmp/frame2.jpg’ , frame2 ),
cv2. imwrite ( ‘/tmp/frame_diff.jpg’ , frame_diff ),
frame2_max = max_brightness ( frame2 ),
frame_diff_max = max_brightness ( frame_diff ),
cv2. imwrite ( ‘/tmp/frame2_max.jpg’ , frame2_max ),
cv2. imwrite ( ‘/tmp/frame_diff_max.jpg’ , frame_diff_max ),
print ( ", frame_diff_max: <>", . format ( get_entropy ( frame_diff_max ), ), ),
Let’s look overheen the code before running it. Very first, I’m actually capturing two frames right next to each other, then taking their composite difference. Wij know that a photo consists of its signal (the gegevens most people are generally interested te) and its noise (the gegevens they’re not). By taking the composite difference inbetween the two, I’m attempting to liquidate the signal. Because the frames were taken te rapid succession, provided nothing wasgoed drastically switching inbetween the frames, most of the gegevens will be almost identical. So the signal should vanish.
But what about the noise? Well, spil discussed above, the noise is a bit unpredictable and slightly unmanageable. Unlike my signal, the noise will be drastically different inbetween the two frames. So, rather than removing noise, I’ll actually be adding noise te the difference.
The next thing you’ll notice is that I’m either maximizing or downright removing the luminosity te an HSV color profile. This is done just spil a visual demonstration of what the noise actually “looks like” te the framework. You can see this below (converted to PNG for space efficiency).
Difference of frames 1 & Two
Framework 1 maxed luminosity
Framework Two maxed luminosity
Difference of frames 1 & Two maxed luminosity
Running the Python script te my 20 degrees Celsius dark slagroom with the objectief cap on and all light eliminated spil much spil possible, I get:
The “ent(1)” userspace utility confirms thesis findings when saving the frames spil uncompressed bitmaps:
It’s always good to use an independent source to confirm your findings.
So, ter the standard frames, I’m getting about 0.05 pinnig vanaf byte of entropy. However, when taking the composite difference, that number almost doubles to about 0.09 kattig vanaf byte. This wasgoed expected, spil you recall, wij’re essentially taking the noise from both frames, and composing them te the final framework. Thus, the noise is added te the final framework.
What wasgoed actually surprising to mij were the entropy values after setting the extreme luminosity values. This may be due to the fact that there are larger deltas inbetween adjacent pixels when creating our histogram. When taking the difference of the two adjusted frames, the entropy leaps up to about 0.13 onaardig vanaf byte. So, wij could securely say that a composed framework with maxed luminosity that is the difference of two frames has about 0.11 onaardig of entropy vanaf byte, plus or minus 0.02 vinnig vanaf byte.
What does this say about the framework spil a entire however? Te my case, my framework is 640×480 pixels. Knowing that each pixel ter my PS3 Eye webcam only occupies 1 byte or 8 pinnig, wij can calculate the entropy vanaf framework:
Each framework ter my 640×480 PS3 Eye webcame provides about 33,792 pinnig of entropy. For comparison SHA-256 theoretically provides a maximum of 256-bits of entropic security. Of course, wij should run millions of trials, collecting the gegevens, calculate the standard deviation, and determine a more true average entropy. But, this will suffice for this postbode.
So, now that wij know this, what can wij do with this gegevens? Well, wij can use it spil a true random number generator, but wij have to be careful. Unluckily, spil the framework is by itself, it’s strenuously biased. Te the framework, there exists spatial correlation with adjacent pixels. Te the framework difference, there exists both spatial and time correlations. This isn’t sufficient spil a secure true random number generator. Spil such, wij need to liquidate the bias. There are a few ways of doing this, called “randomness extraction”, “software whitening”, “decorrelation”, or “debiasing”. Basically, wij want to take a biased input, and liquidate any trace of bias ter the output.
Wij could use John von Neumann decorrelation, where wij look at two non-overlapping consecutive snauwerig. If the two vinnig are identical, then both onvriendelijk are discarded. If they are different, then the most significant bit is output, while the least significant bit is discarded. This means that at a best, you are discarding half of your gegevens, but how much is discarded all depends on how badly biased the gegevens is. Wij know that our framework is only providing 0.11 snauwerig of entropy vanaf 8 kattig. So wij’re keeping 11 onvriendelijk out of 800. That’s a lotsbestemming of gegevens that is discarded. One drawback with this treatment, however, is if one or more onverdraagzaam are “stuck”, such is an a dead pixel. Of course, this will lower the overall entropy of the framework, but will also drastically influence the extractor.
A different treatment would be to use puinhoop machines. This idea is relatively fresh and not accurately studied, at least I’m fighting to find good research papers on the topic. The idea is taking advantage of the chaotic behavior of certain dynamical systems, such spil a dual pendulum. Due to the nature of puinhoop, petite fluctuations ter initial conditions lead to large switches ter the distant future. The trick here is selecting your variables, such spil the time distance and chaotic process correctly. Unlike John von Neumann decorrelation, that automatically detects the bias and discards it for you, care has to be taken to make sure that the resulting output is debiased.
A better treatment is using cryptographic primitives like one-way hashing or encryption, sometimes called “Kaminsky debiasing”. Because most modern crytographic primitives are designed to emulate theoretical uniform unbiased random noise, the security rests on whether or not that can be achieved. Ter our case, wij could encrypt the framework with AES and feed the ciphertext spil our TRNG output. Unluckily, this means also managing a key, which doesn’t necessarily have to be kept secret. A better idea would be to use cryptographic hashing functions, like SHA-2, or even better, extendable output functions (XOFs).
Obviously, it should go without stating, that encrypting or hashing your biased input isn’t enhancing the entropy. This means that wij need to have a good treat on what our raw entropy looks like (spil wij did above) beforehand. Wij know ter our case that wij’re getting about 35 kilobits of entropy vanaf framework, so hashing with SHA-256 is flawlessly acceptable, even if wij’re losing a good overeenkomst of entropy ter the output. However, if wij were only getting 200-bits of security ter each framework, while SHA-256 is debiasing the gegevens, wij still only have 200-bits of entropy te the generated output.
Truly however, the best treatment is an XOF. Wij want to output spil much of our raw entropy spil wij can. Gratefully, NIST has Two XOFs standardized spil part of the SHA-3: SHAKE128 and SHAKE256. An XOF permits you to output a digest of any length, where SHA-256 for example, only permits 256-bits of output. The security margin of the SHAKE128 XOF function is the ondergrens of half of the digest or 128-bits. If I have an entropy 35 kilobits, I would like to have all of that entropy available ter the output. Spil such, I can output Four KB ter the digest knowing utter well that’s within my entropy margin. Even tho’ I’m losing spil much gegevens spil the John von Neumann extractor, I’m not vulnerable to “stuck pixels” being a problem manipulating the extractor.
- Take the difference of two consecutive overlapping frames.
- Maximize the luminosity of the fresh composed framework.
- Hash the framework with SHAKE128.
- Output Four KB of gegevens spil our true random noise.
At 30 frames vanaf 2nd for a resolution of 640×480, outputting Four KB vanaf framework will provide 120 KBps of gegevens vanaf 2nd, and this is exactly what I see when executing the Python script. The PS3 Eye camera also supports 60 fps at a lower resolution, so I could get 240 KBps if I can keep the same security margin of Four KB vanaf framework. I toevluchthaven’t tested this, but intuition tells mij I’ll have a lower security margin at the lower resolution.
Coming total circle, when wij waterput our TRNG to the Dieharder test, things come out vastly different than Vault12’s results:
1,000 Books Read Te One Year? No, Not By A Long Slok
Recently, Goodreads sent out a tweet about how to liquidate social media and the Internet from your life, so you can concentrate on reading 1,000 books te one year. The postbode goes after this sort of math:
- The average person reads 400 words vanaf minute.
- The typical non-fiction books have around 50,000 words.
- Reading 200 books will take you 417 hours.
- The average person spends 608 hours on social media annually.
- The average person spends 1,642 hours watching TV annually.
- Providing up Two,250 hours annually will permit you to read 1,000 books te one year.
This blew my mind. I’m a very avid reader. Since signing up for Goodreads te 2013, I’ve bot hitting at least 20,000 pages read every year, and I’m on track to read 25,000 pages this year. But, I’m only putting down 75 books each year. Now granted, a spare Two,250 hours vanaf year 365 days vanaf year is just overheen 6 hours vanaf day of reading. I’m not reading 6 hours vanaf day. I don’t witness TV, I have a job, kids and a wifey to take care of, and other things that keep mij off the laptop most of my time at huis (I’m writing this blog postbode after midnight).
No doubt, 6 hours vanaf day is a lotsbestemming of reading. But I average Two hours vanaf day, and I’m only putting down 75 books annually. 6 hours of reading vanaf day would only waterput mij around 225 books each year, a far sob from the 1,000 I should be hitting. What gives?
Well, it turns out, Charles Chu is being a bit . liberal with his figures. Very first off, the average person does not read 400 words vanaf minute. Attempt about half, at only 200 words vanaf minute, according to Iris Reading, a company that sells a product on improving your reading speed and memory comprehension. This cuts our max books from 1,000 ter a year to 500.
2nd, Chu claims the average non-fiction book is 50,000 words te length. I can tell you that 50,000 words is a very slender novel. This feels like a Louis L’Amour western length to mij. Most books that I have read are very likely closer to twice that length. However, according to HuffPost which quotes Amazon Text Stats, the average book is 64,000 words te length. But, according to this blog postbode by Writers Workshop, the average “other fiction” novel length is 70,000 to 120,000 words. This feels much more ter line with what I’ve read personally, so I’ll go with about 100,000 words te a typical non-fiction novel.
So now that brings our annual total down from 500 to 250 books. That’s reading 200 words vanaf minute, for 6 hours every day, with non-fiction books that average 100,000 words te length. I claimed that I would most likely come ter around 225 books, so this seems to be a much closer ballpark figure.
But, does it line up? Let’s look at it the another way, and see if wij can agree that 200-250 books annually, reading 6 hours vanaf day, is more realistic.
I claimed I’m reading about Two hours vanaf day. I read about Three hours for Four of the 7 days te a week while commuting to work. For the other three days ter the week, I can read anywhere from 1 hour to Trio hours, depending on circumstances. So my week can see anywhere from 13 hours to 15 hours on average. That’s about Two hours vanaf day.
During 2016, I read 24,048 pages. That’s about 65 pages vanaf day, which feels right on target. But, how many words are there vanaf pagina? According to this Google Answers response, which offers a duo citations, a novel averages about 250 words vanaf pagina.
But, readinglength.com shows that many books I’ve read are overheen 300 words vanaf pagina, and some denser at 350 words vanaf pagina, with the average sitting around 310. So 250 words vanaf pagina at 65 pages vanaf day is 16,250 words vanaf day, and 310 words vanaf pagina at 65 pages vanaf day 20,150 pages that I’m reading.
Because I’m only reading about Two hours vanaf day, that means I’m reading at a meager 135 to 168 words vanaf minute, based on the above stats. I guess I’m a slow reader.
If I highball it at 168 words vanaf minute, then te 6 hours, I will have read 60,480 words. After a year of reading, that’s 22,075,200 words. An independent blog postbode confirms this finding of 250-300 words vanaf pagina, but also uses that to say that most adult books are 90,000 – 100,000 words te length (extra confirmation from earlier), and youthful adult novels target the 55,000 word length that Chu cited (maybe Chu likes reading youthful adult non-fiction?). Spil such, I can expect to read 22,075,200 words vanaf year 100,000 words vanaf book, or about 220 books te a year of reading 6 hours every day.
So, what can wij realistically expect from reading?
- Readers average 200 words vanaf minute.
- A pagina averages 250 words.
- A novel averages 100,000 words.
- One hour of reading vanaf day can succesnummer 30-40 books vanaf year.
- Six hours of reading vanaf day can succesnummer 200-250 books vanaf year.
- To read 1,000 books ter a year, you need to read 22 hours vanaf day.
This is reading average length adult non-fiction books at an average speed of 200 words vanaf minute. The calculus fully switches if your average reading speed is swifter than 200 wpm, you read primarily graphic novels with little text, or read shorter non-fiction novels. Fourth-grade chapter books? Yeah, I could read 1,000 of those ter a year.
Password Best Practices I – The Generator
This is the very first te a series of posts about password best practices. The series will voorkant best practices from a few different angles- the generator targeted at developers creating those generators, the end user (you, mom, dad, etc.) spil you select passwords for accounts from those generators, and the service provider storing passwords ter the database for accounts that your users are signing up for.
When end users are looking for passwords, they may turn to password generators, whether they be browser extensions, websites, or offline installable executables. Regardless, spil a developer, you will need to ensure that the passwords you your providing for your users are secure. Unluckily, that’s a bit of a buzzword, and can be very subjective. So, wij’ll motivate what it means to be “secure” here:
- The generator is downloaded via HTTPS, whether it’s a webstek, executable ZIP, or browser extension.
- The generator uses a cryptographically secure random number generator.
- The generator provides at least 70-bits of entropy behind the password.
- The generator is open source.
- The generator generates passwords client-side, not server-side.
- The generator does not serve any ads or client-side tracking software.
I think most of us can agree on thesis points- the software should be downloaded overheen HTTPS to mitigate man-in-the-middle attacks. A cryptographically secure RNG should be used to ensure unpredictability ter the generated password. Te addition to that, the CRNG should also be uniformly distributed across the set, so no elements of the password are more likely to emerge than any other. Creating an open source password generator ensures that the software can be audited for correctness and instills trust te the application. Generating passwords client-side, means the server hos now possible way of knowing what passwords were generated, unless the client is also calling huis (the code should be investigated). And of course, wij don’t want any adware or malware installed ter the password generating application to further compromise the security of the generator.
Okay. That’s all well and good, but what about this eis to generate passwords from at least 70-bits ter entropy? Let’s dig into that.
Brute force password cracking
Password cracking is all about reducing possibilities. Professional password crackers will have access to extensive word lists of previously compromised password databases, they’ll have access to a superb amount of hardware to rip through the password space, and they’ll employ clever tricks te the password cracking software, such spil Hashcat or MDXFind, to further reduce the search space, to make finding the passwords more likely. Te practice, 90% of leaked hashed password databases are reversed trivially. With the remaining 10%, half of that space takes some time to find, but those passwords are usually recovered. The remaining few, maybe 3%-5%, contain enough entropy that the password cracking team likely won’t recover those passwords te a week, or a month, or even a year.
So the question is this- what is that ondergrens entropy value that thwarts password crackers? To response this question, let’s look at some real-life brute force searching to see if wij can get a good treat on the absolute ondergrens security margin necessary to keep your client’s leaked password hash out of reach.
Bitcoin mining is the modern-day version of the 1849 California Gold Rush. Spil of right now, Bitcoin is trading at $Three,665.17 vanaf BTC. Spil such, people are fighting overheen each other to get te on the activity, purchasing specialized mining hardware, called “Bitcoin ASICs”, to find those Bitcoins spil quickly spil possible. Thesis ASICs are hashing blocks of gegevens with SHA-256, and checking a specific difficulty criteria to see if it meets the requirements spil a valid Bitcoin block. If so, the miner that found that block is rewarded that Bitcoin and it’s recorded ter the never-ending, ever-expanding, non-scalable blockchain.
How many SHA-256 hashes is the word at large calculating? Spil of this writing, the current rate is 7,751,843.02 TH/s, which is 7,751,843,020,000,000,000 SHA-256 hashes vanaf 2nd. At one point, it peaked at 8,715,000 THps, and there is no doubt te my mind that it will pass Ten,000,000 THps before the end of the year. So let’s run with that value, of Ten,000,000,000,000,000,000 SHA-256 hashes vanaf 2nd, or Ten Nineteen SHA-256 hashes vanaf 2nd.
If wij’re going to talk about that te terms of onaardig, wij need to convert it to a base-2 number, rather than base-10. Gratefully, this is effortless enough. All wij need to calculate is the log2(X) = loom(X)/loom(Two). Doing some math, wij see that Bitcoin mining is harshly rolling every combination of onvriendelijk te a:
- 63-bit number every 2nd.
- 69-bit number every minute.
- 74-bit number every hour.
- 79-bit number every day.
- 84-bit number every month.
- 88-bit number every year.
What does this look like? Well, the line is almost vapid. Here te this pic, the x-axis is the number of days spent mining for Bitcoin, commencing from 0 through a utter year of 365 days. The y-axis is the search space exhaustion te vinnig. So, you can see that ter harshly 45 days, Bitcoin mining have calculated enough SHA-256 hashes to downright harass an 85-bit search space (click to increase):
Real-world password cracking
That’s all fine and kwast, but I doubt professional password crackers have access to that sort of hardware. Instead, let’s look at a more realistic example.
Recently, Australian security researcher Troy Hunt, the boy that runs https://haveibeenpwned.com/, released a ZIP of 320 million SHA-1 hashed passwords that he’s collected overheen the years. Because the passwords were hashed with SHA-1, recovering them should be like shooting fish te a barrel. Sure enough, a team of password crackers got together, and made mincemeat of the dataset.
Te the article, it is mentioned that they had a peak password cracking speed of 180 GHps, or 180,000,000,000 SHA-1 hashes vanaf 2nd, or Legal*Ten Ten SHA-1 hashes vanaf 2nd. The article mentions that’s the omschrijving of 25 NVidia GTX1080 GPUs working te muziekstuk. To compare this to Bitcoin mining, the team wasgoed spinning every combination of snauwerig ter a:
- 41-bit number every 2nd.
- 47-bit number every minute.
- 53-bit number every hour.
- 58-bit number every day.
- 63-bit number every month.
- 66-bit number every year.
Spil wij can see, this is a far sob from the strength of Bitcoin mining. But, are those numbers larger than you expected? Let’s see how it looks on the graph, compared to Bitcoin (click to increase):
So, it seems clear that our security margin is somewhere above that line. Let’s look at one more example, a theoretical one.
Theoretical password cracking by Edward Snowden
Before Edward Snowden became known to the world spil Edward Snowden, he wasgoed known to Laura Poitras spil “Citizenfour”. Ter emails back-and-forth inbetween Laura and himself, he told hier (emphasis mine):
“Please confirm that no one has everzwijn had a copy of your private key and that it uses a strong passphrase. Assume your adversary is capable of one trillion guesses vanaf 2nd. If the device you store the private key and come in your passphrase on has bot hacked, it is trivial to decrypt our communications.”
But one trillion guesses vanaf 2nd is only about 5x the collective power of our previous example of a puny team of password cracking hobbyists. That’s only about 125 NVidia GTX1080 GPUs. Certainly interested adversaries would have more money on arm to invest te more computing power than that. So, let’s increase the rate to Ten trillion guesses vanaf 2nd. 1,250 NVidia GTX1080 GPUs would cost our adversary maybe $500,000. A serious investment, but possibly justifiable, and certainly not outside the $Ten billion annual budget of the NSA. So let’s roll with it.
At Ten 13 password hashes vanaf 2nd, wij are rolling every combination of vinnig ter a:
- 43-bits every 2nd.
- 49-bits every minute.
- 54-bits every hour.
- 59-bits every day.
- 64-bits every month.
- 68-bits every year.
Plotting this on our chart with both Bitcoin mining and clustered hobbyist password cracking, wij see (click to enhance):
What does all this math imply? That spil a developer of password generator software, you should be targeting a ondergrens of 70-bits of entropy with your password generator. This will give your users the necessary security margins to steer clear of well-funded adversaries, should some service provider’s password database get leaked to the Internet, and they find themselves spil a target.
Spil a general rule of thumb, for password generator developers, thesis are the sort of security margins your can expect with entropy:
- 70-bits or more: Very secure.
- 65-69 snauwerig: Moderately secure.
- 60-64 pinnig: Weakly secure.
- 59 kattig or less: Not secure.
What does this mean for your generator then? This means that the number of size of the password or passphrase that you are providing users should be at least:
Now, there is certainly nothing wrong with generating 80-bit, 90-bit, or even 128-bit entropy. The only thing you should consider with this, is the size of the resulting password and passphrases. For example, if you were providing a ondergrens of 128-bit security for your users with the password generator, then things would look like:
Spil you can see, spil you increase the security for your users, the size of the generated passwords and passphrases will also increase.
It’s critical that wij are doing right by our users when it comes to security. I know Randall Munroe of XKCD fame created the “onberispelijk pony battery staple” comic, advising everyone to create 4-word passphrases. This is fine, provided that those Four words meets that ondergrens 70-bits of entropy. Te order for that to toebijten however, the word list needs to be:
You would need a word list of at least 185,364 words to provide at least 17.5-bits of entropy vanaf word, which brings us to required 70-bits of total entropy for Four words. All too often, I see generators providing four words, but the word list is far too petite, like around Diceware size, which is only around 51-bits of entropy. Spil wij just concluded, that’s not providing the necessary security for our users.
So, developers, when creating password and passphrase generators, make sure they are at least targeting the necessary 70-bits of entropy, ter addition to the other qualifications that wij outlined at the beginning of this postbode.
Since the development of my passphrase and password generator, I embarked working toward improving the other online generators out there on the web. I created a Google Spreadsheet to work toward that aim, by doing reasonable audits to “rank” each generator, and see how they stacked up against the surplus. Then, I embarked submitting patches ter hopes of making things better.
One passphrase generator that wasgoed brought to my attention wasgoed Pass Plum. Pass Plum supplies an example word list to use for generating your passphrases, if you choose to install the software on your own server. Unluckily, the list is only 140 words ter size, so if you choose to use that for your word list, then you only get about 7.13-bits of entropy vanaf word. Sticking to the default configuration Four words given to the user, that’s a scant 28-bits of security on your passphrase, which is trivially reversed. I submitted a pull request to extend it to Four,096 words, providing exactly 13-bits of entropy vanaf word, or about 52-bits of entropy for a 4-word passphrase- a significant improvement.
I noticed, however, that the default list wasgoed nothing but color names, and that got mij thinking- what if not only the generator provided color names for passphrases, but also colored the word that color name? Basically, a sort of false visual synesthesia. What I want to know is this, is it lighter to recall passphrases when you can associate each word with a visual color?
So, overheen the past several nights, and during weekends, I’ve bot putting this together. So, here is is- colorful passphrases.
Head overheen to my webpagina to check it out. If a color is too light (its luma value is very high), then the word is outlined with CSS. Every word is bold, to make the word even more visible on the default white background.
Spil I mentioned, the idea is elementary: people fight remembering random meaningless strings of characters for passwords, so passphrases are a way to make a random series of words lighter to recall. After all, it should be lighter to reminisce “gnu hush gut modem scamp giddy” than it is to recall “$5hKXuE[\NK”. It’s certainly lighter to type on mobile devices, and embedded devices without keyboards, like brainy TVs and movie spel consoles.
But, even then, there is nothing that is truly tying “gnu hush gut modem scamp giddy” together, so you force yourself te some sort of mnemonic to recall it. Visually stimulated color passphrases have the benefit of not only using a mnemonic to recall the phrase, but an order of colors spil well. For example, you might not recall “RedRobin Pumpkin Revolver DeepPuce Fortunate Crail TealDeer”, but you may reminisce its color order of toughly “crimson orange black purple gold brown teal”. “A RedRobin is crimson. A pumpkin is orange. A revolver (gun) is black. DeepPuce is a purple. Fortunate coins are gold. Crail, Soctand has brown filth. TealDeer are teal.”
However, it also comes with a set of problems. Very first, what happens if you actually have visual synesthesia? Will witnessing thesis colors conflict with your mental picture of what the color should be for that word? 2nd, many of the words are very obscure, such spil “Crail” or “Tussock” or “Tuatara” (spil all seen te the previous screenshot collage). Eventually, what happens when you have a color passphrase where two similar colors are adjacent to each other? Something like “Veronica Affair Pipi DeepOak Atoll BarnRed RedOxide”? Both “BarnRed” and “RedOxide” are a deep reddish color. Will it be more difficult to recall which comes very first?
Spil someone who is interested te password research, I dreamed to see what sort of memory potential visually colorful passphrases could have. Spil far spil I know, this has never bot investigated before (at least I could find any research done ter this area, and I can’t find any passphrase generators doing it). This postbode from Wired investigates alternatives to text entry for password support, such spil using color wheels, but doesn’t say anything about visual text. Here is a browser extension that colors password form fields on websites, with the SHA-1 hash of your password spil you type it. You know if it’s keurig, by recognizing if the pattern is the same it always is when logging ter.
Long story brief, I think I’m wading into unknown territory here. If you find this useful, or even if you don’t, I would be very interested te your terugkoppeling.