giving it an extremely brief run-through, I'd say that you've made a different compromise than the app-maker chose in making the limit 8.
the choice of 8 base64 digits out of the 24 given by the md5 appears to have been explicitly done to combat attempts to attack the master password, or other account passwords, based on the possession of any one (or several) account passwords and nicknames or labels. while you may have succeeded in making your individual passwords somewhat harder to brute-force, you've also used a larger portion of the md5, increasing the amount of information an attacker is given by the compromise of an individual password, and shrinking the number of possible candidate md5s they would have to guess to attempt to collide in hopes of getting your master password. in addition, they would likely have to have at least another of your passwords and nicknames to confirm the plausibility of the correctness of a given collision for a given MD5 guess, if I understand it correctly. there may have been some oversights in the conception of the scheme which weaken it but are not immediately apparent to me. I haven't given it a good look, and I am probably not the right person to look at it and contribute meaningfully to the discussion anyway. (http://code.google.com/p/oplop/wiki/HowItWorks http://code.google.com/p/oplop/wiki/ThreatModel) only using base64 strings with numbers in them, and prepending a 1 in some cases... this seems like it would shrink the keyspace/randomness by at least a few bits. shrug. On Fri, Nov 16, 2012 at 10:46 AM, Uncle Zzzen <[email protected]> wrote: > On Sat, Nov 17, 2012 at 1:10 AM, Jeffrey Walton <[email protected]> wrote: >> >> On Fri, Nov 16, 2012 at 12:34 PM, Uncle Zzzen <[email protected]> >> wrote: >> > Hi. >> > I need peer review for loplop >> > https://github.com/thedod/loplop >> For the whole scheme, or just the change? > > The whole scheme (including the change), or course. If it's bad, it doesn't > matter why it's bad. > >> >> If its the whole scheme, a >> recent discussion relating to password managers can be found at >> "Master Password," >> http://lists.randombit.net/pipermail/cryptography/2012-May/002920.html. > > I already discuss it (to the best of my abilities) at > https://dubiousdod.org/go/PasswordGenerators > IIUC, what Marsh Ray says there doesn't necessarily mean loplop is insecure, > but the fact that a *specific* attack wouldn't work on loplop doesn't > comfort me much :) > >> >> Heuristically, a longer password is *not* less secure than a shorter >> password. So you probably did not lessen the security of the system. > > That's what my intuition tells me, but these things can be tricky, so I'm > glad to hear this is also your intuition. > >> >> (But the system may be insecure from the start, in which case its a >> moot point). > > Indeed. > I guess I'm actually asking for peer review of oplop by proxy, but it's > about time somebody took a look at it: I know quite a few people using it > (it's ideal for backpackers), and such things get more dangerous the more > popular they get (as Marsh Ray points out). > > Best case scenario is if I could tell people "don't use oplop, use loplop", > but - depending on what people say here - maybe I should only say the first > part of the sentence :) > > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography > -- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
