PasswordMaker

I came across PasswordMaker on the most recent MozillaZine Independent Status Report. It’s a password generator – a bit like Blake’s PwdHash, but it takes the approach I recommended in my comments of getting people to take an explicit action to fill in the password.

Unfortunately, I can’t recommend it, because (and this is why this post is in the Usability category) the authors seem to have gone out of their way to make the program extra complex. To see what I mean, have a look at the online version, which you are supposed to use when you don’t have access to a copy of the extension.

Now, the ideal UI for something like this would be one where you enter your master password once, and then enter URLs, and an appropriate password comes back to you. At most, you have to enter two pieces of information. However, with PasswordMaker, you also need to enter:

  • “Use l33t” – whether you want to put the text through a l33t-speak generator at various points in the process. I can’t see the point of this, apart from to create more settings to remember. It doesn’t make the generated passwords any more compatible.
  • “l33t level” – a parameter for configuring the l33t feature.
  • “Hash algorithm” – why would a user ever want to choose the hash algorithm? The implementor should just pick any of the suitable ones, and stick with it. Yet another thing to remember, and gratuitous incompatibility and complexity. Note the number of JS algorithm libraries the page has to include.
  • “URL components” – choose which URL components are included in the hash to make up the password. I can’t see a use for this either – clearly, you should include the protocol, port, domain and path but not the query parameters. Sadly, in the online UI, that’s not one of the options – “query parameters” are bound to “path” in the same checkbox.
  • “Length of generated password” – this should just be the length which is long enough to be secure, and compatible with most restrictions people place on forms. I’d suggest 8, but you’d need to do research.
  • “v0.1 compatibility mode” – a.k.a. they didn’t think about all this stuff hard enough first time round ;-). Note that you can only select this if you remember that version 0.1 used MD5 as the hash algorithm – but it doesn’t say that anywhere.

In summary, PasswordMaker is an excellent idea, but it has a terminal case of featureitis. My recommendation: do a (backwardly-incompatible) version 2 with sensible defaults and no configuration, and it could really take off.

6 thoughts on “PasswordMaker

  1. I completely agree with your criticisms that this UI is far too complicated, making it impossible to recommend this to anybody as a way of simplifying things.

    However I’m not sure about your assertion that the path should be included in the URL: there are several websites which allow you to log in in multiple places, especially those where there is functionality available to non-logged-in users and you only need to log in for some tasks; I think Amazon may be such a site.

    You’re right that making the user choose is too complicated for most users though. I think it’d be better just use the protocol, port, and domain. The risk then is of sharing a password between two independent websites on a domain, but the kinds of websites that share domains (GeoCities _et al_) don’t tend to be the kinds of places where users have to log in — and even if a user does share a password between such a pair of sites, they’re probably no worse off than the current situation of using the same password on all sites everywhere.

  2. Hash functions provide collision-resistance. Depending on how these password-generating programs use hash functions, it might be very easy for an attacker to choose a protocol+hostname+port such that knowing the password generated for his site allows him to determine the password for a specific target site. I don’t think hash functions are the correct cryptographic primitive to use for generating passwords.

    A psuedo-random function (providing indistinguishability from a truly random function) might make more sense. Or maybe a digital signature scheme (providing unforgability). I’d have to think about it more.

  3. Hash functions provide collision-resistance. Depending on how these password-generating programs use hash functions, it might be very easy for an attacker to choose a protocol+hostname+port such that knowing the password generated for his site allows him to determine the password for a specific target site.

    That’s equivalent to reversing the hash algorithm – and that’s exactly the part that’s supposed to be computationally infeasible, isn’t it?

  4. The only thing that is supposed to be computationally infeasible is finding a pair of strings with the same hash (a collision). You’re partially right: as long as the domain is substantially bigger than the range, being able to reverse the hash function (given a target hash, find a string with that hash) does imply being able to find collisions. But being able to do what I described (given a string and an oracle for the hash function, find the hash of that string without running the hash algorithm on that exact string) does not imply being able to reverse the hash function for a given target hash.

    This type of attack is more similar to forging a message in a digital signature scheme than finding a collision in a hash function. (The attacker has an oracle for the hash function but not its key, and wants to find the hash of a given string without querying its oracle with that exact string.) I believe I have seen examples of real-life hash functions that are collision-resistant but not resistant to this type of attack.

  5. I completely agree with you that PasswordMaker is just too complicated. I found it about a week ago and considered using it. Then I checked out the online version and was just so confused I gave up.
    Owen

  6. Hi, I am the author of PasswordMaker. Thanks for all the feedback, guys. You have to remember that PasswordMaker is only in its 0.4.x release — and I didn’t write 0.1. In other words, it’s still young. I’m eagerly looking for feedback — like you’ve provided here — to make the tool more usable, friendly, secure.

    I’ll post your comments in the News section of the site (http://passwordmaker.mozdev.org/news.html) where I track features for next releases.

    Thanks again, and please let me know of any other suggestions you have,
    Eric H. Jung