~seirdy/moac

ref: v0.2.0 moac/README.md -rw-r--r-- 8.4 KiB
86be58a3Rohan Kumar Chore: add Makefile 9 months ago

#MOAC

godocs.io sourcehut GitLab mirror GitHub mirror

moac is a tool that takes a unique approach to generating passwords and analyzing their strength. It's concerned only with password strength, and knows nothing about the context in which passwords will be used; as such, it makes the assumption that password guessability is the only metric that matters, and a brute-force attack is constrained only by the laws of physics. It's inspired by a blog post I wrote: Becoming physically immune to brute-force attacks.

Users provide given values like the mass available to attackers, a time limit for the brute-force attack, and the energy available. moac outputs the likelihood of a successful attack or the minimum password entropy for a possible brute-force failure. Entropy is calculated with the assumption that passwords are randomly generated.

moac can also generate passwords capable of withstanding a brute-force attack limited by given physical quantities.

My original intent when making this tool was to illustrate how easy it is to make a password whose strength is "overkill". It has since evolved into a generic password generator and evaluator.

Note: until version 1.0.0 is released, MOAC is only suitable for educational/exploratory use and should not be considered stable. Do not use it with your actual passwords yet.

#Installation

Latest stable version:

GO111MODULE=on go install git.sr.ht/~seirdy/moac/cmd/moac@latest

Bleeding edge version:

GO111MODULE=on go install git.sr.ht/~seirdy/moac/cmd/moac@master

Usage
-----

``` text
moac - analyze password strength with physical limits
USAGE:
  moac [OPTIONS] [COMMAND] [ARGS]

OPTIONS:
  -h	Display this help message.
  -q	Account for quantum computers using Grover's algorithm
  -r	Interactively enter a password in the terminal; overrides -p
  -e <energy>	Maximum energy used by attacker (J).
  -s <entropy>	Password entropy.
  -m <mass>	Mass at attacker's disposal (kg).
  -g <energy>	Energy used per guess (J).
  -P <power>	Power available to the computer (W)
  -t <time>	Time limit for brute-force attack (s).
  -p <password>	Password to analyze (do not use a real password).
  -l <length>	minimum generated password length; can override (increase) -s
  -L <length>	maximum generated password length; can override (decrease) -s

COMMANDS:
  strength	Calculate the liklihood of a successful guess 
  entropy-limit	Calculate the minimum entropy for a brute-force attack failure.
  pwgen	generate a password resistant to the described brute-force attack,
       	using charsets specified by [ARGS] (defaults to all provided charsets)

#Bottlenecks and redundancy

If a value is provided and that value can be computed from other given values, the computed value will replace the provided value if the computed value is a greater bottleneck.

If the user supplies both mass and energy, the given energy will be replaced with the mass-energy of the provided mass if the given mass-energy is lower.

If the user supplies both a password and a password entropy, the given entropy will be replaced with the calculated entropy of the provided password if the calculated entropy is lower. If the user does not supply entropy or the physical values necessary to calculate it, the default entropy is 256 (the key length of AES-256).

Time and energy are the two bottlenecks to computation; the final result will be based on whichever is a greater bottleneck. Unless the lower bound of the energy per guess is orders of magnitude below the Landauer limit, energy should always be a greater bottleneck.

When physical quantities are not given, default physical quantities are the mass of the visible universe and the power required to achieve Bremermann's limit at the energy efficiency given by the Landauer limit.

#Example: a password the Earth cannot crack

The novel The Hitchhiker's Guide to the Galaxy revealed the Earth to be a supercomputer built to understand "the answer to Life, the Universe, and Everything". The computation was supposed to finish sometime around now.

Let's assume this is a maximally efficient quantum computer powered by the Earth's mass-energy:

  • Age of the Earth: ~4.6 billion years, or ~1.45e17 seconds
  • Mass of the Earth: ~5.97e24 kg
$ moac -qm 5.97e24 -t 1.45e17 entropy-limit
427

Understanding the answer to Life, the Universe, and Everything requires less than 2^427 computations. If the same computer instead tried to brute-force a password, what kind of password might be out of its reach?

$ moac -qm 5.97e24 -t 1.45e17 pwgen lowercase uppercase numbers symbols latin
,ȿĢıqɽȂīIJďɖȟMǧiœcɪʊȦĻțșŌƺȰ&ǡśŗȁĵɍɞƋIŀƷ?}ʯ4ůʑʅęȳŞ

If the same computer instead tried to guess the password ,ȿĢıqɽȂīIJďɖȟMǧiœcɪʊȦĻțșŌƺȰ&ǡśŗȁĵɍɞƋIŀƷ?}ʯ4ůʑʅęȳŞ, there's a chance that it wouldn't have succeeded in time.

Note: given that the Earth wasn't hollow during the book's opening, it's unlikely that the Earth consumed its own mass to compute. Further research is necessary; perhaps it used solar power, or secret shipments of tiny black-hole batteries? Organic life was supposed to provide a large part of its functionality, so maybe we should restrict ourselves to the Earth's biomass.

#Roadmap

#Roadmap for 0.2.0

  • [X] Securely enter passwords (rather than using a cmdline arg)
  • [X] zxcvbn-go has a lot of functionality that moac doesn't need; write an entropy estimator that's a bit simpler but gives similar results, optimized for pseudorandom passwords (no dictionary words, focus on estimating charset size and repetitions/patterns).
  • [X] Makefile
  • [X] Output computed entropy
  • [X] Support min/max length for dealing with bad password validators

#Roadmap for 0.3.0

0.3.0 should have full functionality.

  • [ ] CLI: Separate global and command-specific options
  • [ ] CI/CD
  • [ ] Manpage for CLI
  • [ ] Read from a config file.
  • [ ] Manpage for config file
  • [ ] Add a command to output requirements for a brute-force attack (time/energy/mass required) with the given constraints.
  • [ ] Shell completion

#Roadmap for 1.0.0

  • Set up signed releases
  • Get moac's code reviewed by some people with more experience in software security.
  • Link to it in my old blog post on brute-force immunity

#Ideas for other programs that can use moac

  • A separate program to "benchmark" external password-generation programs/scripts by repeatedly running them and giving measurements of the worst output.
  • A GUI
  • Plugins for existing password managers. Account for key length used in encryption; if the key length is lower than the password entropy, the key length is the bottleneck.

#Alternatives

#License

Copyright (C) 2021 Rohan Kumar

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see https://www.gnu.org/licenses/.