Extra Cheese

A Blog

Human-Readable Encryption Keys

Dec 28, 2007

For BitBacker, we use 128-bit AES encryption, which means our keys are really long and annoying - 32 characters long when printed in hex. And not only do the users sometimes have to type them in, but they have to write them down on paper. (We can't store the key on our servers because then we'd be able to read the user's files; and we obviously can't trust it to their hard drive because that's what we're backing up.)

Somehow, we have to present these random 128-bit keys to the user, and I think I've found a pretty good way. We use RFC 1751, which defines a "Convention for Human-Readable 128-bit Keys" - basically just a mapping of blocks of bits to strings of English words. Here's an example in Python using the RFC 1751 module in PyCrypto:

>>> key = os.urandom(16) # Generate 16 random bytes (128 bits)
>>> bin_to_hex(key) # Show the key in hex (32 characters)
'61aa60e43a5e7fdb4b86a4897b52a0dc'
>>> y = RFC1751.key_to_english(key)
>>> y # Show the pass phrase version of the key
'BUSY BARN RUB DOLE TAUT TOOK ALTO PRY KIT WALL MUG CURT'
>>> # The transformation is always reversible
>>> bin_to_hex(RFC1751.english_to_key(y))
'61aa60e43a5e7fdb4b86a4897b52a0dc'

The keys are still *very* long, of course, and this is unavoidable for our application. But when translated to words, I think it's easier to write them down or type them in without making a mistake. The image below shows BitBacker giving me a pass phrase. (This feature hasn't even gone into beta yet - it's little more than a mockup. So please don't judge it too harshly!)

Screen shot of BitBacker's pass phrase handling

When the user clicks "Continue" here, BitBacker actually makes him re-enter the generated pass phrase he wrote down. To be honest, BitBacker's pass phrase handling is quite annoying. But that's a heck of a lot better than losing your pass phrase, which would make your backups inaccessible! This is the one place in all of BitBacker that isn't optimized for "least user annoyance". Encryption keys are just way too important to mess around with, and I think that most existing software is far too lax with them (including BitBacker's competitors).

(This was derived from a comment I left on Jeff Atwood's "Software Registration Keys" post.)

Tagged as: , ,
5 comments

Showing 5 comments

Posted by John at Sat Dec 29 09:30:41 2007

What about the risk to international users that one of these words might be obscene in a different language. It's a good idea, but you are not going to offend anyone with hex digits.

Posted by Bubble Babble at Sat Dec 29 12:42:45 2007

Bubble Babble is similar to this, but without the dictionary of words.

Posted by cwillu at Sat Dec 29 12:45:19 2007

John:  That's what localization is for.

Honestly, you could make the same case for any english dialog, that some word used by the unlocalized application (installed by some hapless foreign user who didn't understand why the os asked  what language he spoke) would be offensive.

Somebody offended by a randomly generated word from a different language (!) is simply asking to be condescended to.  I'll take their money, apologize profusely and so forth, but I'm not going to actually worry about it.

Posted by mcow at Sat Dec 29 13:23:54 2007

How would you prevent insulting/confusing English phrases? I gave some examples in the reddit comment thread: http://programming.reddit.com/info/6428l/comments/c02rpce

Even though there are no specifically offensive words in the dictionary (although "ORGY" is in there), combinations of words open up a whole universe of unexpected contextual meanings. A lot of users will realize that the phrases are randomly generated, but some users won't.

Consider, for example, if you used this to generate license keys. Someone pays for your software and gets the following automated email:

"Thank you for purchasing X.

Your license key is: GET A LIFE TUBE SOCK

Please keep this key somewhere safe."

Since license keys are traditionally strings of alphanumeric gibberish, could you blame the customer for interpreting this as a deliberate insult?

Posted by Gary Bernhardt at Sun Dec 30 17:10:05 2007

mcow (and others),

I've thought about the issue of potentially offensive keys as well.  I pretty much agree with "reventlov"'s response in the reddit thread: yes, the occasional user might find a key offensive, but it's WAY better to offend a user than to lose their data, even if the loss would've been their fault in some sense.  It's my job to do whatever I can to help the user avoid making that mistake in the first place.

The whole issue of offending the user is also mitigated somewhat by the (poorly named) "Generate Again" button, and that's actually why it's there.  If the pass phrase is really a problem for them, they can generate a new one.

Name:


E-mail:


URL:


Comment:


Gary Bernhardt,
Creator and Destroyer of Software

CodeTwitterEmailRSS

Blog archive

2010
2009
2008
2007
2006