[Password Generation] Crowdsource information about password to meet sites' requirements |
|||||||||||
Issue descriptionCrowdsource information about passwords in security- and privacy-respectful manner to adjust the password generator's settings to sites' requirements.
,
Jun 6 2018
The votes are critical for M69 feature. We have to collect data before M69. The code is safe and very well tested. The change doesn't affect on user experience, just votes collection.
,
Jun 6 2018
Per #2, approving merge for M68. Branch:3440
,
Jun 7 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3f6da36c6f2c77a581b103f16afcf3331dd05bbc commit 3f6da36c6f2c77a581b103f16afcf3331dd05bbc Author: Maxim Kolosovskiy <kolos@chromium.org> Date: Thu Jun 07 04:10:07 2018 [Merge M68] [Password Generation] Crowdsource password attributes to adjust password generator settings to sites' requirements. This CL implements crowdsourcing of one of the following flags: - whether a password has any special symbol - whether a password has any digit - whether a password has any lowercase letter - whether a password has any uppercase letter A flag is crowdsourced only on the first save. The flag is distorted with the randomized response technique (https://en.wikipedia.org/wiki/Randomized_response). Bug: 849243 Change-Id: I340290c5c27d0dbc3f5a5e2aedc5baf457776a71 Reviewed-on: https://chromium-review.googlesource.com/1084928 Commit-Queue: Maxim Kolosovskiy <kolos@chromium.org> Reviewed-by: Vadym Doroshenko <dvadym@chromium.org> Reviewed-by: Vaclav Brozek <vabr@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#564545}(cherry picked from commit 6008adcfe020a068a0303cec3e7b005b21d1322d) Reviewed-on: https://chromium-review.googlesource.com/1090430 Reviewed-by: Maxim Kolosovskiy <kolos@chromium.org> Cr-Commit-Position: refs/branch-heads/3440@{#231} Cr-Branched-From: 010ddcfda246975d194964ccf20038ebbdec6084-refs/heads/master@{#561733} [modify] https://crrev.com/3f6da36c6f2c77a581b103f16afcf3331dd05bbc/components/autofill/core/browser/form_structure.cc [modify] https://crrev.com/3f6da36c6f2c77a581b103f16afcf3331dd05bbc/components/autofill/core/browser/form_structure.h [modify] https://crrev.com/3f6da36c6f2c77a581b103f16afcf3331dd05bbc/components/autofill/core/browser/form_structure_unittest.cc [modify] https://crrev.com/3f6da36c6f2c77a581b103f16afcf3331dd05bbc/components/autofill/core/browser/proto/server.proto [modify] https://crrev.com/3f6da36c6f2c77a581b103f16afcf3331dd05bbc/components/password_manager/core/browser/password_form_manager.cc [modify] https://crrev.com/3f6da36c6f2c77a581b103f16afcf3331dd05bbc/components/password_manager/core/browser/password_form_manager.h [modify] https://crrev.com/3f6da36c6f2c77a581b103f16afcf3331dd05bbc/components/password_manager/core/browser/password_form_manager_unittest.cc
,
Jun 26 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3cef527f99e2593122e718855c2f9073d1843728 commit 3cef527f99e2593122e718855c2f9073d1843728 Author: Maxim Kolosovskiy <kolos@chromium.org> Date: Tue Jun 26 10:18:55 2018 [Password Generation] Crowdsource noisified password length to adjust password generator settings to sites' requirements. This CL implements crowdsourcing noisified password length. The length is distorted in the following way: - do report the true length L in 20% of cases. - otherwise, do report a random value from the range [1, L-1] Bug: 849243 Change-Id: I77d622bf44b6e4ffe60e5cc2fb5bf2b5c9164532 Reviewed-on: https://chromium-review.googlesource.com/1113443 Commit-Queue: Maxim Kolosovskiy <kolos@chromium.org> Reviewed-by: Vaclav Brozek <vabr@chromium.org> Reviewed-by: Vadym Doroshenko <dvadym@chromium.org> Reviewed-by: Dominic Battré <battre@chromium.org> Cr-Commit-Position: refs/heads/master@{#570363} [modify] https://crrev.com/3cef527f99e2593122e718855c2f9073d1843728/components/autofill/core/browser/form_structure.cc [modify] https://crrev.com/3cef527f99e2593122e718855c2f9073d1843728/components/autofill/core/browser/form_structure.h [modify] https://crrev.com/3cef527f99e2593122e718855c2f9073d1843728/components/autofill/core/browser/form_structure_unittest.cc [modify] https://crrev.com/3cef527f99e2593122e718855c2f9073d1843728/components/autofill/core/browser/proto/server.proto [modify] https://crrev.com/3cef527f99e2593122e718855c2f9073d1843728/components/password_manager/core/browser/password_form_manager_unittest.cc [modify] https://crrev.com/3cef527f99e2593122e718855c2f9073d1843728/components/password_manager/core/browser/vote_uploads_test_matchers.h [modify] https://crrev.com/3cef527f99e2593122e718855c2f9073d1843728/components/password_manager/core/browser/votes_uploader.cc [modify] https://crrev.com/3cef527f99e2593122e718855c2f9073d1843728/components/password_manager/core/browser/votes_uploader_unittest.cc
,
Jun 27 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2198fc5fa743a2959ccf5a6d6f1be99dc5a90368 commit 2198fc5fa743a2959ccf5a6d6f1be99dc5a90368 Author: Maxim Kolosovskiy <kolos@chromium.org> Date: Wed Jun 27 08:20:32 2018 [Password Generation] Fix crash in length crowdsourcing That CL (https://chromium-review.googlesource.com/c/chromium/src/+/1113443) introduced a crash if a saved password has only one character (it called base::RandGenerator(0)). The goal of VotesUploader::GeneratePasswordAttributesVote is to report the maximum observed password length for a site in a privacy preserving way. To achieve this, the true length, L, of the password is reported in in 20% of cases. In the remaining 80% of cases, a random value from the range [1, L-1] is reported. This is not well defined for L = 1, which caused the crash after https://crrev.com/c/1113443 landed. The fix, introduced in this CL, is to always report 1 if L = 1. This is still privacy preserving (if a client reports 1, the true length could have been anything) and does not violate the invariant that the maximal password length gets reported. Bug: 849243 Change-Id: I5bf5ec03746f4339c20f1c7c3447fad3ce7d2ee2 Reviewed-on: https://chromium-review.googlesource.com/1116541 Commit-Queue: Maxim Kolosovskiy <kolos@chromium.org> Reviewed-by: Vaclav Brozek <vabr@chromium.org> Cr-Commit-Position: refs/heads/master@{#570694} [modify] https://crrev.com/2198fc5fa743a2959ccf5a6d6f1be99dc5a90368/components/password_manager/core/browser/votes_uploader.cc [modify] https://crrev.com/2198fc5fa743a2959ccf5a6d6f1be99dc5a90368/components/password_manager/core/browser/votes_uploader_unittest.cc
,
Sep 12
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4be13a13e9682f95fca44d2967b3a633839c6de9 commit 4be13a13e9682f95fca44d2967b3a633839c6de9 Author: Maxim Kolosovskiy <kolos@chromium.org> Date: Wed Sep 12 10:01:35 2018 [Password Generation] Don't crowdsource password attributes for non-ascii passwords Chrome generates only ascii passwords (uppercase and lowercase English letters, numeric, 32 special symbols). So, info about non-ascii characters cannot be used for generation. Moreover, crowdsourcing password attributes for non-ascii passwords distorts the server side data. For example, users generate passwords only in Japanese. Then the server side data would say that none of letters, numerics or special symbols can be used in passwords - the generator's vocabulary would be empty. Bug: 849243 Change-Id: I447f7d0af5cdea4109ae0fa493ee4ad57370de06 Reviewed-on: https://chromium-review.googlesource.com/1194367 Commit-Queue: Maxim Kolosovskiy <kolos@chromium.org> Reviewed-by: Christos Froussios <cfroussios@chromium.org> Cr-Commit-Position: refs/heads/master@{#590632} [modify] https://crrev.com/4be13a13e9682f95fca44d2967b3a633839c6de9/components/password_manager/core/browser/votes_uploader.cc [modify] https://crrev.com/4be13a13e9682f95fca44d2967b3a633839c6de9/components/password_manager/core/browser/votes_uploader_unittest.cc
,
Sep 13
This is a tiny change, super safe. It is just introduce new functions for character type classification (upper/lowercase, numeric, special symbols). It doesn't affect on user experience, but will help to collect data faster.
,
Sep 13
Christos: could you please merge it when it has been approved?
,
Sep 13
The bug is marked as P3 or Feature. It should not be merged as M70 is in beta. Please contact the approriate milestone owner if you have questions. Owners: benmason@(Android), kariahda@(iOS), geohsu@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 14
Increasing priority which was just left at the default level. To be explicit, this request is about https://crrev.com/4be13a13e9682f95fca44d2967b3a633839c6de9
,
Sep 14
This bug requires manual review: M70 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: benmason@(Android), kariahda@(iOS), geohsu@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 14
branch:3538
,
Sep 17
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6fbc5d545a065fb6ed442b86639b77d7ae6488a6 commit 6fbc5d545a065fb6ed442b86639b77d7ae6488a6 Author: Maxim Kolosovskiy <kolos@chromium.org> Date: Mon Sep 17 08:52:58 2018 [Password Generation] Don't crowdsource password attributes for non-ascii passwords Chrome generates only ascii passwords (uppercase and lowercase English letters, numeric, 32 special symbols). So, info about non-ascii characters cannot be used for generation. Moreover, crowdsourcing password attributes for non-ascii passwords distorts the server side data. For example, users generate passwords only in Japanese. Then the server side data would say that none of letters, numerics or special symbols can be used in passwords - the generator's vocabulary would be empty. Bug: 849243 Change-Id: I447f7d0af5cdea4109ae0fa493ee4ad57370de06 Reviewed-on: https://chromium-review.googlesource.com/1194367 Commit-Queue: Maxim Kolosovskiy <kolos@chromium.org> Reviewed-by: Christos Froussios <cfroussios@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#590632}(cherry picked from commit 4be13a13e9682f95fca44d2967b3a633839c6de9) Reviewed-on: https://chromium-review.googlesource.com/1226603 Cr-Commit-Position: refs/branch-heads/3538@{#441} Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811} [modify] https://crrev.com/6fbc5d545a065fb6ed442b86639b77d7ae6488a6/components/password_manager/core/browser/votes_uploader.cc [modify] https://crrev.com/6fbc5d545a065fb6ed442b86639b77d7ae6488a6/components/password_manager/core/browser/votes_uploader_unittest.cc |
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by bugdroid1@chromium.org
, Jun 5 2018