moac

README

MOAC

The MOAC repository consists of tools and libraries that take a unique approach to generating passwords and analyzing their strength. This software is concerned only with password strength, and knows nothing about the context in which passwords will be used; as such, it makes the assumption that password guessability is the only metric that matters, and a brute-force attack is constrained only by the laws of physics. It's inspired by a blog post I wrote: Becoming physically immune to brute-force attacks.

Users provide given values like the mass available to attackers, a time limit for the brute-force attack, and the energy available. moac outputs the likelihood of a successful attack or the minimum password entropy for a possible brute-force failure. Entropy is calculated with the assumption that passwords are randomly generated.

moac-pwgen can also generate passwords capable of withstanding a brute-force attack limited by given physical quantities.

My original intent when making this tool was to illustrate how easy it is to make a password whose strength is "overkill". It has since evolved into a generic password generator and evaluator.

Project Status

MOAC is actively developed as of September 2021. It's almost ready for a v1.0.0 release; I'd just like to hear some opinions/feedback before I tag+push.

Installation

Dependencies

• Go toolchain
• make (tested with GNU Make, bmake, and OpenBSD Make)
• scdoc (for building manpages)

sudo make install # Install in /usr/local/ by default

Usage (with examples)

For full usage of the command-line executables, see moac(1) and moac-pwgen(1). Manpage sources are in doc/.

Bottlenecks and redundancy

If a value is provided and that value can be computed from other given values, the computed value will replace the provided value if the computed value is a greater bottleneck.

If the user supplies both mass and energy, the given energy will be replaced with the mass-energy of the provided mass if the given mass-energy is lower.

If the user supplies both a password and a password entropy, the given entropy will be replaced with the calculated entropy of the provided password if the calculated entropy is lower. If the user does not supply entropy or the physical values necessary to calculate it, the default entropy is 256 (the key length of AES-256).

Time and energy are the two bottlenecks to computation; the final result will be based on whichever is a greater bottleneck. Unless the lower bound of the energy per guess is orders of magnitude below the Landauer limit, energy should always be a greater bottleneck.

When physical quantities are not given, default physical quantities are the mass of the visible universe and the power required to achieve Bremermann's limit at the energy efficiency given by the Landauer limit.

Example: a password the Earth cannot crack

The novel The Hitchhiker's Guide to the Galaxy revealed the Earth to be a supercomputer built to understand "the answer to Life, the Universe, and Everything". The computation was supposed to finish sometime around now.

Let's assume this is a maximally efficient quantum computer powered by the Earth's mass-energy:

• Age of the Earth: ~4.6 billion years, or ~1.45e17 seconds
• Mass of the Earth: ~5.97e24 kg

$ moac -qm 5.97e24 -t 1.45e17 entropy-limit
427

Understanding the answer to Life, the Universe, and Everything requires less than 2^427 computations. If the same computer instead tried to brute-force a password, what kind of password might be out of its reach?

$ moac-pwgen -qm 5.97e24 -t 1.45e17 lowercase uppercase numbers symbols latin
ɥìƄ¦sČÍM²ȬïľA\ɻ¨zŴǓĤúǓ¤ʬƗ;ɮĢƃƅǞɃƜʌȴɖǃƨǥ_Ǝ3ſǹDžɃ8ɟ

If the same computer instead tried to guess the password ,ȿĢıqɽȂīIJďɖȟMǧiœcɪʊȦĻțșŌƺȰ&ǡśŗȁĵɍɞƋIŀƷ?}ʯ4ůʑʅęȳŞ, there's a chance that it wouldn't have succeeded in time.

Note: given that the Earth wasn't hollow during the book's opening, it's unlikely that the Earth consumed its own mass to compute. Further research is necessary; perhaps it used solar power, or secret shipments of tiny black-hole batteries? Organic life was supposed to provide a large part of its functionality, so maybe we should restrict ourselves to the Earth's biomass.

Ideas for other programs that can use moac

• A separate program to "benchmark" external password-generation programs/scripts by repeatedly running them and giving measurements of the worst output.
• A GUI
• Plugins for existing password managers. Account for key length used in encryption; if the key length is lower than the password entropy, the key length is the bottleneck.

FAQ

Why did you make MOAC?

Two reasons: the blog post I wrote (linked at the top) got me itching to implement its ideas, and I also want to use a good password generator in a password manager I'm working on.

How does MOAC measure password entropy?

It takes a very naive approach, assuming that any attacker is optimizing for randomly-generated passwords. More specifically, it measures password entropy as if moac-pwgen generated the password. All it does it guess which charsets are used and measure permutations of available characters for the given password length.

Why do these passwords look impossible to memorize or type?

MOAC is not meant to be used to generate passwords to type by hand. It's intended to be used with a password manager that auto-types or copies passwords for you.

For contexts in which you can't paste a password (e.g. a full-disk encryption password entered during boot), use something else.

Why are there so many weird characters in the generated passwords?

Those "weird characters" are configurable; check the manpages or GoDoc for more info. I admit that charsets like ipaExtensions were mostly added for fun, but they can be quite useful for detecting bugs in other software that accepts text input.

Starting with v0.3.2, password generation defaults to alphanumerics and basic QWERTY symbols. I figured that this is probably for the best, as long as most of us have to work with software that breaks when encountering non-QWERTY symbols. After all, everyone knows that password entry existed long before languages besides English were invented.

Alternatives

• libpwquality
• zxcvbn
• pwgen
• cracklib
• The password generator/evaluator in KeePassXC

Documentation

Overview

Package moac provides the utilities to calculate password strength given physical constraints.

Index

• Constants
• Variables
• func BruteForceability(givens *Givens, quantum bool) (float64, error)
• func MinEntropy(givens *Givens, quantum bool) (entropy float64)
• type Givens

Constants

const (
	// C is the speed of light in a vacuum, m/s.
	C = 299792458
	// G is the gravitation constant, m^3/kg/s^2.
	G = 6.67408e-11
	// Hubble is Hubble's Constant, hertz.
	Hubble = 2.2e-18
	// Temp is the temperature a low estimate for the temperature of cosmic background radiation, kelvin.
	Temp = 2.7
	// Boltzmann is Boltzmann's constant, J/K.
	Boltzmann = 1.3806503e-23
	// Planck is Planck's Constant, J*s.
	Planck = 6.62607015e-35

	// UMass is the mass of the observable universe.
	UMass = C * C * C / (2 * G * Hubble)
	// Bremermann is Bremermann's limit.
	Bremermann = C * C / Planck
	// Landauer limit.
	Landauer = Boltzmann * Temp * math.Ln2

	// DefaultEntropy is the number of bits of entropy to target if no target entropy is provided.
	DefaultEntropy = 256
)

Variables

var (
	ErrMissingValue = errors.New("not enough given values")
	ErrMissingEMT   = fmt.Errorf("%w: missing energy, mass, and/or time", ErrMissingValue)
	ErrMissingPE    = fmt.Errorf("%w: missing password and/or entropy", ErrMissingValue)
)

Errors for missing physical values that are required to compute desired values.

Functions

func BruteForceability

func BruteForceability(givens *Givens, quantum bool) (float64, error)

BruteForceability computes the liklihood that a password will be brute-forced given the contstraints in givens. if 0 < BruteForceability <= 1, it represents the probability that the password can be brute-forced. if BruteForceability > 1, it represents the number of times a password can be brute-forced with certainty.

func MinEntropy

func MinEntropy(givens *Givens, quantum bool) (entropy float64)

MinEntropy calculates the maximum password entropy that the MOAC can certainly brute-force. Passwords need an entropy greater than this to have a chance of not being guessed.

Types

type Givens

type Givens struct {
	Password         string
	Entropy          float64
	Energy           float64
	Mass             float64 // mass used to build a computer or convert to energy
	Time             float64 // Duration of the attack, in seconds.
	EnergyPerGuess   float64
	Power            float64
	GuessesPerSecond float64
}

Givens holds the values used to compute password strength. These values are all physical quantities, measured using standard SI units.