Elegant Password Generation with Oplop
by Joshua Dick (josh@joshdick.net)
Password strength, policies, generation, and management are hot-button topics for the security-minded.
In the wake of recent high-profile online security breaches such as those against Gawker Media, Epsilon, Sony and many others, it is more important than ever to choose and manage passwords in a way that maintains the integrity of your online accounts and identities.
There are efforts underway to change the password security playing field such as OpenID and OAuth, but these technologies are just starting to become widely adopted, and they come with their own sets of issues. For now, typical computer users still have to rely on using passwords. Debates and personal preferences abound regarding what constitutes a strong password and how to best manage various account credentials in a secure manner. Everyone has their own system, and this article will outline my system.
In sharing it with you, I hope to get you to think carefully about how you choose and manage passwords, and whether your own system could use some improvement.
A long time ago...
... in a galaxy far, far before the aforementioned Gawker breach, I used one of three or so different passwords for all of my online accounts.
Then the Gawker breach happened, and my Gawker account credentials were included in the leaked information. Gawker stored hashed versions of their users' passwords, but used an archaic hashing algorithm that left simple passwords vulnerable to discovery by brute-force attack.
The breach was a wake-up call for me.
If my password had been discovered through brute-forcing, then my other online accounts using that same password were potentially accessible to malicious individuals. I also used the same password in combination with other e-mail addresses/account names for various accounts; anyone with an ounce of Googling skills could have searched around for my identities on other sites, connected some dots, and tried that same password on those other sites.
This brings me to what I believe is the golden rule of passwords: Never use the same password for multiple accounts.
It sounds obvious, and most of us have heard this before, but some of us are still guilty of doing this.
I was guilty of this as well until the Gawker breach happened. I then realized that any site that I supplied with a password could potentially have the same kind of breach, and that I was trusting those sites to store my password in a way that it is protected in the event of a breach. Using the same password on multiple sites means that if your password is compromised in one place, then it's also compromised in every other place used. I knew that it was time to start using unique passwords for all of my accounts online and I started researching methods to generate unique passwords.
By far, the simplest way to create a unique password is to have a computer randomly generate one.
The problem with randomly generated passwords is that there's no way any mere mortal can memorize and associate a randomly generated password with each of their online accounts. The only realistic way to use randomly generated passwords is to utilize password management/vault software that stores passwords in an encrypted database and often helps automate the process of logging into web sites.
Randomly generated passwords make things very difficult if the password manager's database becomes corrupted or lost. Some password managers also make it difficult for users to switch to a different password manager. I did not want to be exposed to these issues, so rather than using randomly generated passwords, I wanted a way of creating unique passwords that was easily reproducible if I ever had to recover or re-generate my passwords from scratch.
I researched methods for generating unique passwords in a reproducible fashion.
Nearly all of the methods I found involved combining a strong "base password" with something else that was unique to the site, or to the password's purpose, yielding a unique password. Most of the techniques I found for coming up with the base password involved using mnemonics with song lyrics, initials and birthdays, etc. While the basic idea of "base password" + "unique information" = "unique password" seemed sound to me, I wanted a password generation process that wasn't error-prone, and that didn't require an unnecessary amount of thinking or effort to use it.
I did not want to have to hum a song to remember its lyrics every time I wanted to type a password. There had to be something better.
Enter Oplop
After even more research, I stumbled across the oddly-named Oplop. Oplop is a password hashing algorithm conceived by Brett Cannon (a core developer of the Python programming language).
Oplop works on the same "base password" + "unique information" = "unique password" principle mentioned earlier. In Oplop terms, the "base password" is referred to as a "master password" and the "unique information" is referred to as a "nickname".
In a nutshell, you provide Oplop with a master password and a unique nickname, and Oplop uses those two pieces of information to generate a unique password. When fed a particular master password/nickname pair, the algorithm always generates the same unique password. Bear in mind that there are other password-generation algorithms that work very similarly to Oplop (master password plus a "nickname" or a "keyword" yields a unique password,) and the majority of the information in this article is still relevant for those other algorithms, even though the article will refer to Oplop specifically.
Here's an excerpt from the "How It Works" page on Oplop's official web site, starting with the algorithm in its entirety:
- Concatenate the master password with the nickname (in that order!).
- Generate the MD5 hash of the concatenated string.
- Convert the MD5 hash to URL-safe Base64.
- See if there are any digits in the first 8-characters. If no digits are found...
- a.) Search for the first uninterrupted substring of digits.
- b.) If a substring of digits is found, prepend them to the Base64 string.
- c.) If no substring is found, prepend a 1.
- Use the first 8-characters as the account password.
These steps guarantee that the account password is always at least alphanumeric, if not alphanumeric with - and/or _ characters (this is technically incorrect as there is a 0.0000004% chance the account password will be numeric-only, but that is obviously a very rare occurrence so it's not a possibility that Oplop guards against). It also guarantees the account password is 8-characters which is typically a required length of passwords.
You do not need to worry about the use of MD5 as the hashing algorithm as compared to SHA-256 or some other hashing algorithm. You can read about MD5's weaknesses such as the preimage and collision attacks if you want, but remember that MD5 is being used more for a consistent randomness factor than for its cryptographic strength. It does not matter if someone has the same unique account password for a completely different pairing of nickname and master password. The important thing is someone cannot work backwards from an account password to your master password.
Oplop's official web site has much more technical information about the algorithm, its threat model, the strength of the passwords it generates, and its strengths over other similar password generation algorithms.
How I Use Oplop
The Master Password
I use a single master password to create all of my Oplop passwords so I don't have to remember multiple master passwords and can rely on muscle memory. This is how Oplop is supposed to be used, but you might instead choose to use multiple master passwords. Ideally, a master password should:
- Be common across all of the Oplop-generated passwords you've created for a particular place/category. (For example, one master password for all personal accounts, another master password for all work accounts)
- Be a strong password; at bare minimum, the same strength as Oplop-generated passwords (eight-character alphanumeric)
- Never be shared - if compromised, all of your Oplop-generated passwords could potentially be re-created by someone else
- Never be used as an account password; it should only be used inside of Oplop, for the same reason as above.
Nickname Generation
To make Oplop-generated passwords easily reproducible with minimum thought, one needs to use a foolproof system for picking nicknames that will be used to generate those passwords.
Since all of my Oplop-generated passwords are used with online accounts, I create nicknames by taking the root level domain name for the web site in lower case (since Oplop is case-sensitive), stripping the top-level domain, then stripping all non-alphanumeric characters from it.
Examples of nickname generation (web site → nickname):
- amazon.com --> amazon
- my.ebay.com --> ebay
- forums.any-site-here.com --> anysitehere
I use this simple procedure to create the vast majority of my nicknames.
You can pick a procedure that works best for you, provided that you can easily and unambiguously produce a consistent nickname given a certain web site or URL.
In the case where an account's password policy requires periodic password changes (a great security practice) or in the event of a Gawker-like security breach, Oplop has you covered; if you slightly modify the nickname when your password needs to be changed (gawker1, gawker2, etc.), Oplop will generate a completely different unique password for each nickname used.
Hopefully you can recognize what constitutes a good nickname and can take the concept further for your specific needs. Here are two more examples for choosing nicknames:
- If you'd like to use Oplop to generate passwords for an account on a given machine, you can use the machine's hostname as your nickname.
- If you'd like to use Oplop to generate a password for an account at your organization or company, you can use the organization/company name itself as your nickname. Or maybe even [organization name]-[tool or system name]. You get the idea.
Password Management
So now you're all ready to update all of your existing accounts to use Oplop-generated passwords, but won't it be a hassle to re-generate the password every time you need to type it somewhere?
Well, yes, it would. That's where using a password manager/password vault application can help.
A password manager simply stores lists of accounts, their passwords, and other relevant information for later retrieval or use. Every decent password manager will store this information in an encrypted form, protected by a password (which can also be generated by Oplop.) I don't recommend using your Oplop master password to unlock the password manager; your master password should only be used inside of Oplop.
Many of password managers also come with web browser extensions that, once unlocked with their password, automatically fill web login forms with the appropriate account information that has been stored in the vault.
So, once you generate passwords with Oplop, you can store them in the password manager and then essentially forget about them, letting the password manager enter the generated passwords into web sites for you. If the password manager's data gets corrupted or otherwise lost, you have nothing to worry about since you can still re-create your Oplop passwords using your master password and nicknames. If you had been using randomly-generated passwords and the same data loss happened, you'd be in a much more dire situation.
As to which password manager to use, there is a wide variety of choices available for all major desktop and mobile platforms. I personally use a commercial offering called 1Password.
Other popular choices include KeePass/KeePassX (free and open-source standalone applications) and LastPass ("freemium" web application.)
Why I Like Oplop
There are several factors that drew me to Oplop and that have kept me using it to this day.
1. It's elegant.
The algorithm is easy to understand and is well thought out, with compelling technical documentation.
2. It's reproducible.
A particular nickname/master password combination will always yield the same unique password from Oplop. So regardless of the method or software you use to manage your passwords, your passwords are safeguarded against data loss since you're always able to recover Oplop-generated passwords as long as you can remember your master password and re-create your nicknames.
3. It's flexible.
As quoted earlier, Oplop-generated passwords are mixed-case alphanumeric (but can contain dashes and underscores,) and are always 8-characters long. These aspects make the generated passwords strong and flexible enough for everyday use. They'll be rated favorably by password strength checkers and will most likely comply with the average IT-sanctioned password policy, though you may have to add punctuation onto the generated passwords to comply with stricter password policies.
4. It's available on a huge variety of platforms.
Because of the simplicity of the algorithm, Oplop is easy to implement on many different platforms. Oplop is available as an (offline capable) web application, a Python command-line application, an iPhone/iPod Touch/iPad web application, an Android application, a Kindle application, and more. This means that it's easy to generate passwords with Oplop regardless of your platform or device of choice.
Although the official Oplop web application is great, I made my own version (source code available) that has some minor usability improvements. My web application can be used offline in web browsers that support offline applications, and also doubles as an iOS web application as well as a Google Gadget.
Closing Thoughts
In a time when password security matters more than ever, Oplop and algorithms like it strike a decent compromise between encouraging good security practices (unique passwords,) generating relatively strong passwords, and being easy to use in practice.
Hopefully this article has taught you something new, or has at least made you think about how you can improve the process(es) you use to pick and manage passwords.
Well, it would seem that you'e been reading long enough.
It's time to go generate some passwords.