AFP548 Site News August 17, 2015 at 6:05 am

(Design of, and) How to Generate ‘Memorable’ Passwords

As part of a security initiative to make distinct firmware passwords per machine and escrow them to Crypt’s newly distinct ‘secrets’ database table, I came up with the idea to make an analogue to the Password Assistant you see in Keychain Access or the Accounts pane of System Preferences. And now a somewhat opaque riddle: why did the duck keep losing their ducklings? Because ducks can only count to three. Horse battery correct stapler is indeed memorable, but one word too long. When using the ‘Memorable’ type in Apple’s Password Assistant, their guidance and design is pretty instructive: they use two words of different-seeming length at the beginning and end, with numbers and/or non-alphanumeric characters in the middle. Agile Bits 1Password includes a ‘veni-vidi-vici’ format in their ‘recipe’ choices, also based around real or ‘pronounceable’ words (which I would love to know their heuristics for) broken up in sections.

While I should be nicer to my coworkers and make something more predictable and shorter, I hope I’ve absorbed enough design ideas to find a good balance. One influence was musical time signatures; 4/4 was the winner long ago of what is the most accessible set size is that musical ‘phrases’ should be divided into, so I cap digits at that. You hear people reading off things like credit card numbers in sets of 3 or 4 over the phone, like the license-plate FV2 key.

There are a few other guidelines I followed: it had to be long enough to resist brute force, obscure and random enough to avoid actual memorization or guessing (according to research about what patterns are commonly used), and yet memorable to the point that when you need to read it off a screen to manually enter it with another keyboard you only need to look back at it two or three times, max. For length, 16 digits is considered a pretty good minimum when security is a concern. The higher odd digits, 5, 7, and 9, are found less often in common passwords (when alone with no others in a sequence, but…), so I wanted to favor those when pulling digits at random. The ‘memorability’ aspect of the words themselves is where things get interesting.

With these collected design wishes, I then went looking for how Apple puts their version together, to ensure as few dependencies as possible.

In the GUI there’s a pipeline between generating the password and checking its complexity, which you see as a red-to-green bar, which it turns out is based on an open source tool called cracklib, which ships with every Mac, in /usr/share. It’s included in many different distributions and even has an accompanying 4.5MB(compressed! just plain text and control chars!) list of common words. That’s a bit overkill for us to ship around, so I was still on the hunt for how Apple does it.

Looking further into how OS X does that checking, the rules for what the System Preferences Accounts pane considers unacceptable are in a file called com.apple.security.pwapolicy.plist, located in /System/Library/Frameworks/SecurityFoundation.framework/Resources/English.lproj. On the creation side, I used my famous, un-scientific, ‘dtrace until something works’ technique to find a bunch of dev/random activity after accessing /System/Library/Frameworks/SecurityInterface.framework/Resources/pwa_dict_en.gz. Paydirt. The 287kb’s are a bit skimpy, but it’s still full of memorable enough words to select from that it’s worth it for our purposes.

(And as always, the indominitable Michael Lynn did all of the spelunking to figure out its wacky file format, I just went along for the ride and reaped all the rewards.)

->And here it is!<-
With no arguments passed, by default it generates 20 character-length passwords with words between 6 and 9 characters on each end. It fills in numbers randomly chosen between 5, 7, and 9 in the middle, with non-alphanumeric symbols if it needs to fill in more than 4. You get some really great ones back sometimes, like cranked7559dribblers or essayist\%9555plunks. I should allow the digits in the middle to be a little more random, but I should stop playing and move on to implementing escrow. Huzzah!

Leave a reply

You must be logged in to post a comment.