How do I demonstrate that .NET class Random is not suitable for generating passwords?

Question

Very often I see .NET class Random being used for passwords generation.

On one hand, this question I asked earlier shows that generating a bunch of "secret" data using class Random yields rather predictable data. On the other hand, I'm currently trying to perform that exact prediction and my code works at speed of about six million seed guesses per day on a single core - not extremely fast, it will take almost a year to enumerate all possible seed values at that rate.

Is there a clearer and faster way to show that passwords generated using data from class Random() are much weaker than typically expected?

Answer 1

Let me put it this way: Pick a random number generator that is adequate for the number of passwords you want to generate. With an alphabet size of 36 (digits and only uppercase or only lowercase letters) you extract only a small fraction of the internal state of the RNG. And even if you generate 40000 characters that way, that's still only about 21 bits of information. Your algorithm in the other question only generates 4 random characters in addition to the prefix. It would be easier for an attacker to brute-force all possible passwords instead of brute-forcing the RNG state in order to figure out the next password to be generated.

Actually, the worst mistake you can do when using a simple RNG to generate passwords is to generate a large number of them. If you only generate them on demand and always with a freshly-seeded RNG, an attacker will have a hard time figuring out the seed and thus the password. The default implementation of System.Random takes the time passed since system start in milliseconds as seed. Good luck figuring that out.

Answer 2

In your original question no one says Random is not good for generating random passwords (in fact the word "password" does not appear anywhere in the question, answers or the comments). You will have a hard time proving this because in order to do this the system will have to generate a number of random passwords at once. Also the attacker will need to match username and password somehow even if he manages to get hold of a good number of passwords.

Answer 3

From my understanding, the Random class generates random values based on a "Psuedo-random algorithm", so in fact they are not random what-so-ever. they are based on a concrete implementation of a mathmatical algorithm, so the results are predictable.

So if I was trying to break this algorithm, for a security breach, not that I would, I need to know certain information: I know what the algorithm is, it's publically accessible through the .Net framework, what is the input values (the seed)?

Again you can't just magic up these input values, they must be based on something, so what?

In your example your trying, as I understand it, to generate all possible seed values. This like you said takes a long time!

But why would I do this? the most intelligent approach is to try and guess what your using to generate your input values? i.e. are you using time? When do the passwords get reset? When was this password generated? What subset of values does this give me? How big a number are you using?

If you can test 6 million seeds in a day, how many values does applying some logic narrow the set of possible values down to? If it's < 6 million I could break your password in 24 hours.

That said if you can make your subset of seeds large enough and unpredicatble enough then this is hard. So the question, like many things in security comes down do, how secure does this need to be? Nothing's 100%!