Password managers are important tools that enable us to use stronger passwords, freeing us from the cognitive burden of remembering them. Despite this, there are still many users who do not fully trust password managers. In this paper, we focus on a feature that most password managers offer that might impact the user's trust, which is the process of generating a random password. We survey which algorithms are most commonly used and we propose a solution for a formally verified reference implementation of a password generation algorithm. We use EasyCrypt as our framework to both specify the reference implementation and to prove its functional correctness and security.
翻译:密码管理者是使我们能够使用更强的密码的重要工具,使我们摆脱记忆密码的认知负担。 尽管如此,仍有许多用户不完全信任密码管理者。 在本文中,我们集中关注大多数密码管理者提供的可能影响用户信任的特征,即生成随机密码的过程。我们调查最常用的算法,并提出正式核实的密码生成算法参考实施解决方案。我们使用“简单加密”作为框架,既指定引用执行,又证明其功能正确和安全性。