Diceware Implementation (Part 2)

Last time I presented an implementation of the Diceware method for generating a secure password. Today I'd like to finish up with a few details.

First, the careful reader might wonder why I generated 4 random bytes with RAND_bytes instead of 2. After all, 2 bytes is more than enough to express 7,776 so we've wasted two bytes worth of entropy. The reason is that the modulo operation gives a slight bias against the higher numbers and this bias is more pronounced when the modulus and largest random integer are closer together. For example using 2 bytes, the 65,536 integers results in the numbers 0–3,326 being generated 9 times but the numbers 3,327–7,775 are generated only 8 times. That means that the lower numbers are generated 1.125 times as often as the high numbers. That's a significant bias.

By using 32-bit random integers we get the numbers 0–2,558 generated 552,337 times and the numbers 2,559–7,775 generated 552,336 times. Thus, while there is still a bias it is much less: the lower numbers are generated 1.0000018 times more often than the high numbers.

Second, Apple has deprecated RAND_bytes as of Lion but Google doesn't know why or what they anticipate will replace it (or at least my Google-fu is insufficient to discover these things). If anyone knows what's going on here, please leave a comment.

Third, RAND_bytes uses /dev/urandom to seed the PRNG. If your system doesn't have /dev/urandom (RAND_bytes will return 0) you must seed it yourself with RAND_add.

Fourth, compile the C code with

gcc -Wall -lcrypto diceware.c

Finally, a word about master passwords. As I said in the previous post, you really want to have one master password that is strong but reasonably easy to remember that protects all your other passwords. The question is, how do you store those other passwords safely? The obvious answer to is use a password manager such as 1password or KeePass but if you don't want to spend money or deal with third party software, you can keep them in an encrypted Org file as explained in this Minor Emacs Wizardry post. This is what I do and it works out fine except that it isn't integrated into my Web browser the way some of the password managers are. If you roll your own with Emacs and Org mode, make sure you generate strong passwords for your other accounts. You can use something like the makepw utility that I wrote about in my old blog, for instance. If you do use makepw, you might want to have it generate 20 characters instead of 10.

In any event, once you choose a way to manage your passwords, you can use a master password generated by the Diceware method.

This entry was posted in Programming and tagged . Bookmark the permalink.

One Response to Diceware Implementation (Part 2)

  1. macinstosh_plus says:

    I'm in the same case RAND_bytes. What to replace?
    Ditto for many other functions of the OpenSSL library!

Comments are closed.