#571189 makepasswd: Insecure password distibution if several password lengths possible

#571189#5
Date:
2010-02-24 07:50:52 UTC
From:
To:
makepasswd has the following command line arguments: --minchars and --maxchars.
They allow generating passwords of length from minchars to maxchars. Default
settings is to generate passwords of length from 8 to 10 characters.

The problem is algorithm makepasswd uses to select length of password it generates.

It chooses length of password with equal probability. So for example if --minchars=1
and --maxchars==10 then with probability 1/10 an absolutely insecure password
of length 1 will be generated.

For real world examples (default --minchars=8, --maxchars=10) the problem is not
so killing but exists also because default probability of a 10-character password
is 1/3/62^10 ~=~ 4e-19 but probability of an 8-character password is much greater
1/3/62^8 ~=~ 1.5e-15.

I suggest to choose length of generating password not with equal probability but
according to amount of passwords of given possible length. For example for
--minchars=8 and --maxchars=10 amount of passwords of length 8 is 62^8, of length 9
is 62^9 and of length 10 is 62^10. So ideally
probability of length 8 should be 62^8/(62^8+62^9+62^10) ~=~ 0.00026,
probability of length 9 should be 62^9/(62^8+62^9+62^10) ~=~ 0.016 and
probability of length 10 should be 62^10/(62^8+62^9+62^10) ~=~ 0.98.

It is also clearly seen that there is no reason to specify range of password lengths
because the absolute majority of passwords come from the maximal length. So I suggest
to set default --minchars and --maxchars to the same value - for example 10.