 |
|
| Science Forum Index » Cryptography Forum » Simple pasword generator/reminder... |
|
Page 1 of 1 |
|
| Author |
Message |
| Oleg Khovayko... |
 Posted: Sat Nov 07, 2009 4:11 pm |
|
|
|
Guest
|
Hello,
I tired to remember many passwords to many sites...
I wrote easy tool to generate unique password for each site.
This tool (written on JS) wholly included into single WEB-page:
http://olegh.ath.cx:5701
You can fetch it, deposit onto any free hosting,
and get access to password reminder virtually from anywhere.
Algorithm is easy:
You enter common Master Password, and URL for some specific site.
Program mix both, and generated printable MD5 sum.
This sum you can use as password for some specific site.
Maybe, you'll found this tool is useful.
Thanks
Oleg |
|
|
| Back to top |
|
|
|
| noauth... |
| Posted: Sat Nov 07, 2009 4:11 pm |
|
|
|
Guest
|
"Oleg Khovayko" <khovayko at (no spam) gmail.com> wrote in message
news:lolJm.3870$Sw5.2475 at (no spam) newsfe16.iad...
[quote]Hello,
I tired to remember many passwords to many sites...
I wrote easy tool to generate unique password for each site.
This tool (written on JS) wholly included into single WEB-page:
http://olegh.ath.cx:5701
You can fetch it, deposit onto any free hosting,
and get access to password reminder virtually from anywhere.
Algorithm is easy:
You enter common Master Password, and URL for some specific site.
Program mix both, and generated printable MD5 sum.
This sum you can use as password for some specific site.
Maybe, you'll found this tool is useful.
Thanks
Oleg
[/quote]
LOL, convenient way to harvest passwords, eh? |
|
|
| Back to top |
|
|
|
| Maaartin... |
| Posted: Sat Nov 07, 2009 4:41 pm |
|
|
|
Guest
|
On Nov 8, 2:52 am, Oleg Khovayko <khova... at (no spam) gmail.com> wrote:
[quote]noauth wrote:
LOL, convenient way to harvest passwords, eh?
Paranoia is professional disease of cryptographers, but
amateurs can go much far ahead.
About page: This is just JavaScript, in the WEB-page.
No more.
You can save page on your computer, disconnect computer
from the Net and run this program without problems.
Also, you can analyze source -- everything in the page.
[/quote]
Yes, but you could change it after I've analyzed it. Or a man in the
middle could. My problem with it is that it leads to potentially
unsafe behaviour: Entering own master password in an unknown web page
is about as wise as running an unknown executable. Unfortunatelly
there's no easy solution, as all common sandboxes (javascript,
applets, flash) allows "calling home".
> Or, you can run program together with network sniffer... |
|
|
| Back to top |
|
|
|
| Carsten Krueger... |
| Posted: Sat Nov 07, 2009 8:21 pm |
|
|
|
Guest
|
|
| Back to top |
|
|
|
| Oleg Khovayko... |
| Posted: Sat Nov 07, 2009 8:52 pm |
|
|
|
Guest
|
noauth wrote:
[quote]
LOL, convenient way to harvest passwords, eh?
[/quote]
Paranoia is professional disease of cryptographers, but
amateurs can go much far ahead.
About page: This is just JavaScript, in the WEB-page.
No more.
You can save page on your computer, disconnect computer
from the Net and run this program without problems.
Also, you can analyze source -- everything in the page.
Or, you can run program together with network sniffer... |
|
|
| Back to top |
|
|
|
| Oleg Khovayko... |
| Posted: Sat Nov 07, 2009 8:56 pm |
|
|
|
Guest
|
[quote]
Password Hasher is slightly more advanced and available as firefox addon,
too
http://wijjo.com/passhash/passhash.html
[/quote]
Thank you,
Really, this is more advanced tool, used same ideas. |
|
|
| Back to top |
|
|
|
| Oleg Khovayko... |
| Posted: Sat Nov 07, 2009 9:59 pm |
|
|
|
Guest
|
Maaartin wrote:
[quote]
Yes, but you could change it after I've analyzed it.
[/quote]
I wrote in the original message:
[ You can fetch it, deposit onto any free hosting ]
Ok, I'll add here:
{{{ Or deploy onto your own computer. }}}
[quote]Or a man in the
middle could. My problem with it is that it leads to potentially
unsafe behaviour: Entering own master password in an unknown web page
is about as wise as running an unknown executable. Unfortunatelly
there's no easy solution, as all common sandboxes (javascript,
applets, flash) allows "calling home".
[/quote]
It is true.
And, I offered in the original message to make your own copy. |
|
|
| Back to top |
|
|
|
| Phil Carmody... |
| Posted: Sun Nov 08, 2009 5:40 am |
|
|
|
Guest
|
Oleg Khovayko <khovayko at (no spam) gmail.com> writes:
[quote]noauth wrote:
LOL, convenient way to harvest passwords, eh?
Paranoia is professional disease of cryptographers, but
amateurs can go much far ahead.
About page: This is just JavaScript, in the WEB-page.
No more.
You can save page on your computer, disconnect computer
from the Net and run this program without problems.
Also, you can analyze source -- everything in the page.
[/quote]
WTF????
"""
function AddUnsigned(lX,lY) {
var lX4,lY4,lX8,lY8,lResult;
lX8 = (lX & 0x80000000);
lY8 = (lY & 0x80000000);
lX4 = (lX & 0x40000000);
lY4 = (lY & 0x40000000);
lResult = (lX & 0x3FFFFFFF)+(lY & 0x3FFFFFFF);
if (lX4 & lY4) {
return (lResult ^ 0x80000000 ^ lX8 ^ lY8);
}
if (lX4 | lY4) {
if (lResult & 0x40000000) {
return (lResult ^ 0xC0000000 ^ lX8 ^ lY8);
} else {
return (lResult ^ 0x40000000 ^ lX8 ^ lY8);
}
} else {
return (lResult ^ lX8 ^ lY8);
}
}
"""
What's wrong with '+' on uints?
Phil
--
Any true emperor never needs to wear clothes. -- Devany on r.a.s.f1 |
|
|
| Back to top |
|
|
|
| Oleg Khovayko... |
| Posted: Sun Nov 08, 2009 10:38 am |
|
|
|
Guest
|
Phil Carmody wrote:
[quote]Oleg Khovayko <khovayko at (no spam) gmail.com> writes:
Also, you can analyze source -- everything in the page.
WTF????
"""
function AddUnsigned(lX,lY) {
var lX4,lY4,lX8,lY8,lResult;
lX8 = (lX & 0x80000000);
lY8 = (lY & 0x80000000);
lX4 = (lX & 0x40000000);
lY4 = (lY & 0x40000000);
lResult = (lX & 0x3FFFFFFF)+(lY & 0x3FFFFFFF);
if (lX4 & lY4) {
return (lResult ^ 0x80000000 ^ lX8 ^ lY8);
}
if (lX4 | lY4) {
if (lResult & 0x40000000) {
return (lResult ^ 0xC0000000 ^ lX8 ^ lY8);
} else {
return (lResult ^ 0x40000000 ^ lX8 ^ lY8);
}
} else {
return (lResult ^ lX8 ^ lY8);
}
}
"""
What's wrong with '+' on uints?
[/quote]
I don't know.. I just copied MD5 implementation from
http://www.webtoolkit.info/, and tested it locally.
It works, and I inserted it into page.
Maybe, some JS engines have a bug in addition,
and author tried to get around.
I decided do not risk... |
|
|
| Back to top |
|
|
|
| Mok-Kong Shen... |
| Posted: Thu Nov 12, 2009 4:27 pm |
|
|
|
Guest
|
OT but somewhat related is the fact that typing dynamic on keyboard
can be an active biometric means of authenticating a user. There is
at least one such system that is in practical use somewhere in
Germany (source: Staat & IT, 10. June 2009).
M. K. Shen |
|
|
| Back to top |
|
|
|
|
|
All times are GMT - 5 Hours
The time now is Mon Dec 07, 2009 8:35 pm
|
|