Show HN: Correct Horse Battery Staple password generator (opens in new tab)

(correcthorse.pw)

44 pointsquantum56y ago93 comments

93 comments

63 comments · 19 top-level

ThA0x26y ago· 10 in thread

You can achieve this with a one-liner:

shuf -n 4 /usr/share/dict/words

1e-96y ago

This may not be cryptographically secure. Shuf can default to using a small amount of entropy.[1,2,3] To be certain, you can add the --random-source option:

shuf --random-source=/dev/urandom -n 4 /usr/share/dict/words

[1] https://www.gnu.org/software/coreutils/manual/html_node/Rand...

[2] https://github.com/coreutils/coreutils/blob/v8.5/gl/lib/rand...

[3] https://github.com/coreutils/coreutils/blob/v8.32/gl/lib/ran...

Edit: As ThA0x2 points out in a reply, the latest version of shuf uses /dev/urandom to generate a default nonce, which vastly improves upon older versions. As long as your version of coreutils is at least 8.6 or later and your OS has /dev/urandom, the default should be fine. If you don't have /dev/urandom, even the latest version of shuf (version 8.32, as of June 15, 2020) will still default to an insecure nonce.

dllthomas6y ago

I'm curious how practical an RNG attack actually is here (which absolutely isn't meant to serve as criticism of your surfacing the issue!).

In any case, I expect it's much harder than a random "free password gen!" website saving results on the sly (... which is meant to be mild criticism of your framing, but not your recommendation :-p).

2 more replies

ThA0x26y ago

shuf uses randint(), which defaults to /dev/urandom as the nonce source:

https://github.com/coreutils/coreutils/blob/v8.31/gl/lib/ran...

Your "--random-source=/dev/urandom" line is superfluous. My original line is as secure as yours.

1 more reply

kelnos6y ago

... which is useless for your average non-technical user who wants to increase their password security but isn't comfortable with a terminal emulator.

The main objection I have to sites like this is that they encourage people to use a random untrusted site to generate a password for, say, their bank account.

RandomBacon6y ago

This reminds me of the infamous Dropbox comment: https://news.ycombinator.com/item?id=9224

noneeeed6y ago

Thanks. I had no idea that shuf existed, cool. Another useful tool for my occasional command line work.

iampivot6y ago

I don't think they'll appreciate you posting the source code to their application!

waynesonfire6y ago

serioludicrous simpleheartedness seminiferal phrenologize

no thanks.

1e-96y ago

For easier-to-remember passphrases, you can download the EFF wordlist from https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt and specify that file instead of /usr/share/dict/words

ARandomerDude6y ago

This is top comment material.

CPLX6y ago· 5 in thread

Can someone explain to me why 1password doesn't have something like this built in? You can use words, or random/symbols, but not both. Which fails miserably every time you're faced with some sort of silly password requirement to have a symbol and a number and a capital or whatever.

daveoc646y ago

Passphrases are easy for people to remember, but if you have a password manager, you're better off getting it to generate a 50+ character random password (including uppercase, lowercase, numbers and symbols).

That should meet pretty much any password requirement, be virtually impossible to guess or brute force, and you won't have trouble remembering it (because you don't have to!).

asdkhadsj6y ago

> you're better off getting it to generate a 50+ character random password (including uppercase, lowercase, numbers and symbols).

Lol I wish. Almost all of the important sites I use, like various bills and loans, use terrible password schemes. One even, until recently, enforced an 8 character limit! I think they raised it to 16 iirc. Oy.

Hell, even the company I work for frequently fails my password generator settings. The arbitrary character requirements of my ~20 character password would sometimes not be satisfied when I was creating accounts in our dev system/etc. Which is annoying as hell, but I can't convince management, because our users (older) tend to use some of the worst passwords out there.. so I can understand where it's coming from.

Security & UX is hard.

CPLX6y ago

I heartily disagree.

All it takes is the one time, for whatever reason, that you have to type in a string of a few dozen random characters by hand on a phone keyboard or something because you're on a new device, or cut and paste is disabled, or whatever, and you'll understand why long random passwords should be reserved for web servers and so on and never used with consumer web applications like a hotel reservation program, or rental car app, or similar.

sixstringtheory6y ago

Lately I'll use the word-based recipe in 1PW and add in a capital letter, special character and number before saving. This should be very easy to automate, I too am surprised they haven't offered this yet as an e.g. "salted passphrase."

noneeeed6y ago

Yeah, I find myself having to generate a passphrasea and then change the capitalisation and add a number.

staplers6y ago· 5 in thread

While I would love to use something like this, almost every site I can think of enforces worthless password rules like "Must include number, letter, special character" etc which effectively blocks these types of passwords.

brewdad6y ago

Much like /u/hprotagonist above, I tend to use passwords like this for my pw manager, full disk encryption, PGP, etc. where I get to set the rules. Web sites or other uses outside my control get a randomly generated string of varying length.

It doesn't have to be all or nothing and is probably better if it isn't.

the_pwner2246y ago

Just add A1! to the end of every password

emsal6y ago

I don't think the password managers do, for master passwords. So if you ever consider it, you can set your master password to a strong one generated here and let the pw manager generate those 30 char random strings that fill all of the requirements for the other sites.

quantum5OP6y ago

There is an option on correcthorse.pw to add a number and/or a special character as needed.

tedunangst6y ago

You can always 1337 the password.

mlaci6y ago· 5 in thread

Problem with generators and this scheme, they allow regeneration. Most people not using the first version, they generate a new until they like it enough to stop, which is not that random anymore as they think.

mlyle6y ago

A mild amount of regeneration doesn't hurt, though. If you generate 4 and pick your favorite, you've shaved less than 2 bits of entropy off.

mlaci6y ago

It's just a bare minimum that you reduced, if you add some preference it's worse than that. I did some test, maybe I'm just lucky, but i got password with a word starting with b at the 3rd generation, and i got adjective-noun pair in that order at the 5th generation.

1 more reply

pkhamre6y ago

So you're saying that generating a new password looses entropy?

mlaci6y ago

Yes, if the regeneration depends on your preference of the generated words, the words order or link between them. The individual generations independent from each other, so if your choice – how many regeneration you do - not depends on the generations outcome, for example on your birthday date or favorite number, their randomness are equal.

But randomness are not enough, it's possible the first generated version correlate with your preference and that situation does not really matter why are you stopped generating new password.

Predictability of this scheme very good, because the strict rules. All implementation using common english words. For words smaller length, easy spelling, less ambiguity are preferred. Mixing nouns verbs and adjectives are more meaningful, order also adds more meaning. Word count very limited. Preference on the separator character also very rigid. Personal preference more known, because hidding your preference on all english words very hard and mostly unconscious.

setr6y ago

Choosing is the problem here -- it's now only as random as your preference

Eg the scheme doesn't do its job well if you don't know the word, so the dictionary can be reduced by that much

1 more reply

quantum5OP6y ago· 4 in thread

Background: I liked the xkcd-style password generation scheme as it was easy to remember, but existing generators online (that I could find, at least) all use Math.random() or other cryptographically insecure random number generators. While an actual attack on the RNG seems far-fetched, the very idea doesn't sit well with my crypto nerd side. So I decided to create my own that uses a CSPRNG that I can trust. This was a while ago.

Recently, I decided to package it up with a nice domain name and publish it in hopes that it would be useful to others.

perl4ever6y ago

What about https://www.random.org/? Why even use a PRNG if you can have the real thing?

quantum5OP6y ago

Because instead of just trusting your system, you'd also have to trust an external service to remain honest. CSPRNG is widely deemed acceptable for use as key material (unlike standard PRNGs), so there is no reason to add an external dependency.

2 more replies

1e-96y ago

There is always the risk that such a website is, or could become, malicious and save generated numbers for future attacks; or, it could suffer from a hardware, software, or environmental issue that reduces entropy. While I would not fully trust a website-generated random number for anything important; you can XOR a number from a website such as www.random.org with a number from your system's PRNG so that you don't have to fully trust either. Even better, you can XOR again with some dice-generated numbers, your own custom PRNGs, or whatever else you can think of. That way, as long as at least one subset of your sources has sufficient entropy, you are safe.

Jaruzel6y ago

Nice idea. Not sure I'm going to remember the 9,999 word password it just generated for me :)

hprotagonist6y ago· 4 in thread

I tend to rely on https://www.rempe.us/diceware/#eff for my typeable password needs.

80% of my passwords are just line noise, because they live in a keepass database. 20% (workstation account logins, etc) are diceware.

bagacrap6y ago

you type "glove blinks abruptly avatar salvaging marbled" every time you need to unlock your screen?

jxcl6y ago

I don't know about GP, but I certainly do.

tomlagier6y ago

Mine's a more meaningful sentence, but about the same length, yes.

It doesn't take long to type a wholly-memorized sentence.

1 more reply

hprotagonist6y ago

i type quickly.

shaggyfrog6y ago· 3 in thread

Nice work!

A passphrase, as opposed to a password, has spaces between each word.

If you added those it would be easier to read, especially for mobile, if you used a multiline textarea, because the generated content isn’t fully readable at a glance. (Or don’t use a form input field at all — just put the passphrase in a div so the word breaks flow normally.)

quantum5OP6y ago

I just updated the site to display the password on multiple lines for mobile.

james-skemp6y ago

Yup. With the ability to add a separator (like a space, -, .) I'd switch over to this.

Currently I use and recommend https://preshing.com/20110811/xkcd-password-generator/

quantum5OP6y ago

Good idea, just added separators to the website.

1 more reply

matmann20016y ago· 3 in thread

I know XKCD made a comic and everything, but isn't this type of password exactly why dictionary attacks exist?

loa_in_6y ago

In the original comic it is shown that entropy of these passwords is still higher than the method with random words and substitutions. That means more combinations even with full knowledge of used dictionary

resoluteteeth6y ago

The whole point of the xkcd comic is that even if someone is using the same dictionary, the phrase has sufficient entropy to be secure.

chiph6y ago

They're not bad, if the password is long enough. So if you have 3 shorter words, add another word or two to increase it's length.

atoponce6y ago· 2 in thread

I audit web-based password generators as a hobby, and this one does well.

What it does well on:

The source code is open source licensed. Passwords are generated in the client, not on the server. The generator is random. The generator is cryptographically secure. The generator is unbiased. Mobile devices are supported. There are no JavaScript trackers loaded on the page. The site is not calling out to external resources without SRI.

Unfortunately, by only choosing 4 random words, the security margin of the passphrase is 52 bits (13 bits per word). This is practical for a hobbyist password cracker to exhaust in an offline attack. The security would be better if 6 random words were chosen instead.

Audit: https://docs.google.com/spreadsheets/d/1ucaqJ4U3X3nNEbAAa06i...

quantum5OP6y ago

Thank you for the audit!

The default was chosen as 4 words due to usability concerns with longer passwords or more obscure words, but it is adjustable. The strength meter is yellow at 4 words to indicate the less-than-optimal entropy, but I felt it was better than turning a new user off by making it too hard to remember. But that's a decision I plan on revisiting.

If you are security conscious, you can save a more secure default for yourself (in local storage, nothing is ever transmitted to a server).

atoponce6y ago

No problem. I dig the project. Very cool.

I would recommend the default be 6 words, and let people choose down to 4, but not lower. At last that way, users know what a "secure default" looks like. Granted, it breaks the four-word "correct horse battery staple" XKCD format, but Randall was in some error with that comic anyway.

beardedwizard6y ago· 2 in thread

So we are really getting passwords from remote hosted websites? Are people really about to copy, paste and use these right out of the browser?

daveoc646y ago

What is the risk exactly?

Even if the site knew for certain that you had used one of the passwords, they would have no idea where you used the password, and they wouldn't know your username or other credentials.

They might not even have any way of accessing the system you're putting the password into.

I'm sure a lot of people will use these sorts of sites to generate a whole bunch of passwords, and not even use any of them.

asdkhadsj6y ago

I'd imagine the risk is pretty great, for the same reason I wouldn't paste a password here that I use. Sure, you may not know who I am, but if you were the site itself you get a ton of information on me.. which is more than I'd like you to know if you _also_ know one of my passwords.

I agree, the risk is minimal. Nevertheless.. security, heh.

1 more reply

tzs6y ago· 1 in thread

For passwords I might have to enter by hand, such as WiFi passwords, I liked the pronounceable password option that 1Password used to have. The passwords were several single syllables string together by a separator. An example: neg-pen-nau-eng-fri-dot. There were options to change the separator, and to toss in digits and upper case if I remember correctly. Syllables were 2 to 4 letters long, I believe.

At some point 1Password dropped that, replacing it something similar to "correct horse battery staple". It's words (3-10) separated by hyphen, space, period, comma, or underscore. E.g., "plasma.haggis.arrange.stultify".

pkulak6y ago

Me too. I actually built my "ideal" password generator because nothing else was really cutting it for me. And an online generator is a no go. Because of security, of course, but I also just want to pipe my password straight into my clipboard, for example.

https://github.com/pkulak/pgen

chaoticmass6y ago

I have bookmarked this site for my own personal use. I also shared it with my co-workers in the IT dept.

I think your site works well on selling itself if you assume the audience is coming from HN. From what I have observed, your site does not market itself well to a typical corporate IT dept who are not all programmers.

I think if we want to promote wider adoption of this good password technique, we'll need a different approach.

This is not a criticism-- You've done a job I admire. I think I might fork it and make another version that is approachable to a wider audience. Thank you!

lozf6y ago

Reminds me of the perl module `hsxkpasswd`[0] which has more configure options, and also powers the online generator at https://xkpasswd.net/s/

[0]: https://github.com/bbusschots/hsxkpasswd

chrisbai6y ago

I rely on the built in password generator of Passfindr https://passfindr.com using the same random number generator as mentioned in correcthorse.pw. When using a Password Manager, and one should, different passwords for every internet account is straight forward.

arbirk6y ago

You forgot the translate to Finnish step

professorTuring6y ago

lower, upper and numbers = 62 options | wordlist = 10 000 options:

    62^12     = 1e21
    10 000^5  = 1e20

The problem is you not using a word generator and instead relying in your invention, most of the people will use top 5000 words (5000^5 = 1e18), imagine you can even lock one of the words (a color maybe?).

So this way of thinking might be good if you know what you are doing and use uppers and lowers and symbols, if not, it is actually a bad advice.

throwaway89416y ago

If I may egregiously misuse the famous quote, "those who do not understand Unix are condemned to reinvent it, poorly."

    $ shuf --random-source=/dev/urandom -n6 /usr/share/dict/cracklib-small | paste -sd-
    circulant-conjured-reigning-buzzed-awaiting-typifies

nlawalker6y ago

See also https://theworld.com/~reinhold/diceware.html (the "original", as far as I know).

KeePassXC has a passphrase generator, although it doesn't use the Diceware list as far as I know. https://keepassxc.org/images/screenshots/linux/screen_006.pn...

EDIT: Love the simplicity of https://correcthorse.pw/, good work!

NickBusey6y ago

Shout out to the open source Bitwarden project which includes this out of the box. Check out bitwarden_rs for a good sefhosted option.

j / k navigate · click thread line to collapse

93 comments

63 comments · 19 top-level

ThA0x26y ago· 10 in thread

You can achieve this with a one-liner:

shuf -n 4 /usr/share/dict/words

1e-96y ago

This may not be cryptographically secure. Shuf can default to using a small amount of entropy.[1,2,3] To be certain, you can add the --random-source option:

shuf --random-source=/dev/urandom -n 4 /usr/share/dict/words

[1] https://www.gnu.org/software/coreutils/manual/html_node/Rand...

[2] https://github.com/coreutils/coreutils/blob/v8.5/gl/lib/rand...

[3] https://github.com/coreutils/coreutils/blob/v8.32/gl/lib/ran...

dllthomas6y ago

I'm curious how practical an RNG attack actually is here (which absolutely isn't meant to serve as criticism of your surfacing the issue!).

In any case, I expect it's much harder than a random "free password gen!" website saving results on the sly (... which is meant to be mild criticism of your framing, but not your recommendation :-p).

2 more replies

ThA0x26y ago

shuf uses randint(), which defaults to /dev/urandom as the nonce source:

https://github.com/coreutils/coreutils/blob/v8.31/gl/lib/ran...

Your "--random-source=/dev/urandom" line is superfluous. My original line is as secure as yours.

1 more reply

kelnos6y ago

... which is useless for your average non-technical user who wants to increase their password security but isn't comfortable with a terminal emulator.

The main objection I have to sites like this is that they encourage people to use a random untrusted site to generate a password for, say, their bank account.

RandomBacon6y ago

This reminds me of the infamous Dropbox comment: https://news.ycombinator.com/item?id=9224

noneeeed6y ago

Thanks. I had no idea that shuf existed, cool. Another useful tool for my occasional command line work.

iampivot6y ago

I don't think they'll appreciate you posting the source code to their application!

waynesonfire6y ago

serioludicrous simpleheartedness seminiferal phrenologize

no thanks.

1e-96y ago

For easier-to-remember passphrases, you can download the EFF wordlist from https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt and specify that file instead of /usr/share/dict/words

ARandomerDude6y ago

This is top comment material.

CPLX6y ago· 5 in thread

daveoc646y ago

That should meet pretty much any password requirement, be virtually impossible to guess or brute force, and you won't have trouble remembering it (because you don't have to!).

asdkhadsj6y ago

> you're better off getting it to generate a 50+ character random password (including uppercase, lowercase, numbers and symbols).

Security & UX is hard.

CPLX6y ago

I heartily disagree.

sixstringtheory6y ago

noneeeed6y ago

Yeah, I find myself having to generate a passphrasea and then change the capitalisation and add a number.

staplers6y ago· 5 in thread

brewdad6y ago

It doesn't have to be all or nothing and is probably better if it isn't.

the_pwner2246y ago

Just add A1! to the end of every password

emsal6y ago

quantum5OP6y ago

There is an option on correcthorse.pw to add a number and/or a special character as needed.

tedunangst6y ago

You can always 1337 the password.

mlaci6y ago· 5 in thread

mlyle6y ago

A mild amount of regeneration doesn't hurt, though. If you generate 4 and pick your favorite, you've shaved less than 2 bits of entropy off.

mlaci6y ago

1 more reply

pkhamre6y ago

So you're saying that generating a new password looses entropy?

mlaci6y ago

But randomness are not enough, it's possible the first generated version correlate with your preference and that situation does not really matter why are you stopped generating new password.

setr6y ago

Choosing is the problem here -- it's now only as random as your preference

Eg the scheme doesn't do its job well if you don't know the word, so the dictionary can be reduced by that much

1 more reply

quantum5OP6y ago· 4 in thread

Recently, I decided to package it up with a nice domain name and publish it in hopes that it would be useful to others.

perl4ever6y ago

What about https://www.random.org/? Why even use a PRNG if you can have the real thing?

quantum5OP6y ago

2 more replies

1e-96y ago

Jaruzel6y ago

Nice idea. Not sure I'm going to remember the 9,999 word password it just generated for me :)

hprotagonist6y ago· 4 in thread

I tend to rely on https://www.rempe.us/diceware/#eff for my typeable password needs.

80% of my passwords are just line noise, because they live in a keepass database. 20% (workstation account logins, etc) are diceware.

bagacrap6y ago

you type "glove blinks abruptly avatar salvaging marbled" every time you need to unlock your screen?

jxcl6y ago

I don't know about GP, but I certainly do.

tomlagier6y ago

Mine's a more meaningful sentence, but about the same length, yes.

It doesn't take long to type a wholly-memorized sentence.

1 more reply

hprotagonist6y ago

i type quickly.

shaggyfrog6y ago· 3 in thread

Nice work!

A passphrase, as opposed to a password, has spaces between each word.

quantum5OP6y ago

I just updated the site to display the password on multiple lines for mobile.

james-skemp6y ago

Yup. With the ability to add a separator (like a space, -, .) I'd switch over to this.

Currently I use and recommend https://preshing.com/20110811/xkcd-password-generator/

quantum5OP6y ago

Good idea, just added separators to the website.

1 more reply

matmann20016y ago· 3 in thread

I know XKCD made a comic and everything, but isn't this type of password exactly why dictionary attacks exist?

loa_in_6y ago

resoluteteeth6y ago

The whole point of the xkcd comic is that even if someone is using the same dictionary, the phrase has sufficient entropy to be secure.

chiph6y ago

They're not bad, if the password is long enough. So if you have 3 shorter words, add another word or two to increase it's length.

atoponce6y ago· 2 in thread

I audit web-based password generators as a hobby, and this one does well.

What it does well on:

Audit: https://docs.google.com/spreadsheets/d/1ucaqJ4U3X3nNEbAAa06i...

quantum5OP6y ago

Thank you for the audit!

If you are security conscious, you can save a more secure default for yourself (in local storage, nothing is ever transmitted to a server).

atoponce6y ago

No problem. I dig the project. Very cool.

beardedwizard6y ago· 2 in thread

So we are really getting passwords from remote hosted websites? Are people really about to copy, paste and use these right out of the browser?

daveoc646y ago

What is the risk exactly?

Even if the site knew for certain that you had used one of the passwords, they would have no idea where you used the password, and they wouldn't know your username or other credentials.

They might not even have any way of accessing the system you're putting the password into.

I'm sure a lot of people will use these sorts of sites to generate a whole bunch of passwords, and not even use any of them.

asdkhadsj6y ago

I agree, the risk is minimal. Nevertheless.. security, heh.

1 more reply

tzs6y ago· 1 in thread

pkulak6y ago

https://github.com/pkulak/pgen

chaoticmass6y ago

I have bookmarked this site for my own personal use. I also shared it with my co-workers in the IT dept.

I think if we want to promote wider adoption of this good password technique, we'll need a different approach.

This is not a criticism-- You've done a job I admire. I think I might fork it and make another version that is approachable to a wider audience. Thank you!

lozf6y ago

Reminds me of the perl module `hsxkpasswd`[0] which has more configure options, and also powers the online generator at https://xkpasswd.net/s/

[0]: https://github.com/bbusschots/hsxkpasswd

chrisbai6y ago

arbirk6y ago

You forgot the translate to Finnish step

professorTuring6y ago

lower, upper and numbers = 62 options | wordlist = 10 000 options:

    62^12     = 1e21
    10 000^5  = 1e20

So this way of thinking might be good if you know what you are doing and use uppers and lowers and symbols, if not, it is actually a bad advice.

throwaway89416y ago

If I may egregiously misuse the famous quote, "those who do not understand Unix are condemned to reinvent it, poorly."

    $ shuf --random-source=/dev/urandom -n6 /usr/share/dict/cracklib-small | paste -sd-
    circulant-conjured-reigning-buzzed-awaiting-typifies

nlawalker6y ago

See also https://theworld.com/~reinhold/diceware.html (the "original", as far as I know).

KeePassXC has a passphrase generator, although it doesn't use the Diceware list as far as I know. https://keepassxc.org/images/screenshots/linux/screen_006.pn...

EDIT: Love the simplicity of https://correcthorse.pw/, good work!

NickBusey6y ago

Shout out to the open source Bitwarden project which includes this out of the box. Check out bitwarden_rs for a good sefhosted option.

j / k navigate · click thread line to collapse