### Password Management with the PasswordCard

Categories: [ IT ]

It all started a few days ago with this Xkcd strip. Someone pointed it out passwordcard.com to me, and it made me wonder how safe are the passwords generated with that tool. Those passwords are meant to be used on all those websites that require you to create a user account with a password. Using a single password for all those web sites means that when the attacker of one of those websites gets your password, he can access your account on every other website where you have an account.

Beware that I'm no mathematician, and neither am I a specialist in cryptography or information theory, but here are my thoughts on this system.

The generator is based on what looks like a 64-bit key, so in theory, the
entropy is 64 bits, which is reasonnably much (it would take 6x10^{8}
years to break at 1000 attempts per second). However, since you need to feed
the key to an unknown web server, the practical entropy is much less, since
someone else than you knows the key. But let's assume you can generate the
card yourself on a secure computer.

The symbols on the card are upper- and lower-case letters, and digits, which makes overall 62 possible combinations. This gives 5.95 bits of entropy per such symbol, if the symbol is randomly generated. Since the card is generated from 64 bits of entropy, you can take up to 10.7 symbols to generate one or more passwords without loosing any entropy. That is, a password made of one symbol will have 5.95 bits of entropy, a password made of two symbols will have twice that (11.9 bits), three symbols will be 17.9 bits and so on. If you take more than 10.7 symbols, the entropy of each symbol will be reduced, so that the entropy of the symbols in all your passwords altogether will never exceed 64 bits. For example, if you take 16 symbols to make 2 passwords of 8 symbols each, the entropy of each password will be 32 bits instead of the 47.6 bits of a single, 8-symbol password. A 32-bits-of-entropy password takes 50 days to break (at the example rate above) against about 7000 years for the 47.7-bit-of-entropy password.

Here are a few examples of password types and strengths:

- 1 password of 6 symbols: 35.7 bits of entropy, cracked in 1.8 years
- 1 password of 7 symbols: 41.7 bits of entropy, cracked in 112 years
- 1 password of 8 symbols: 47.7 bits of entropy, cracked in 7000 years
- 2 passwords of 6 symbols each: 32 bits of entropy, cracked in 50 days
- 2 passwords of 7 symbols each: 32 bits of entropy, cracked in 50 days

However, if the card is stolen, the thief only has to test a few tens of thousands combinations to find a password made of 4-8 symbols (29 x 8 symbols, 8 reading directions and 5 possible password-lengths is 55680), which represent 15.8 bits of entropy and takes less than a minute to crack. Loosing the card is therefore a bad move.

As a conclusion, the password card is fine on the following three conditions:

- Use a real random number for the key (e.g., by rolling 25 times a 6-sided die) or a hardware random number generator (there will be a post on that soon).
- Use the card for passwords totalizing no more than 10 symbols (best to use only one password of 8, 9 or 10 symbols).
- Do not lose your PasswordCard.

*Disclaimer: once again, I'm no specialist in cryptography or information
theory, but the above is based on how I understand those things. It may be
completely wrong.*

Software random number generators are usually so-called pseudo-random number generators, because they produce a deterministic sequence of numbers that have some of the properties of true random numbers. Obtaining genuinly random numbers howerver requires ...