Simple pasword generator/reminder
Oleg Khovayko
I tired to remember many passwords to many sites...
I wrote easy tool to generate unique password for each site.
This tool (written on JS) wholly included into single WEB-page:
You can fetch it, deposit onto any free hosting,
and get access to password reminder virtually from anywhere.
Algorithm is easy:
You enter common Master Password, and URL for some specific site.
Program mix both, and generated printable MD5 sum.
This sum you can use as password for some specific site.
Maybe, you'll found this tool is useful.
Thanks
Oleg
noauth
news:lolJm.3870$Sw5....@newsfe16.iad...
LOL, convenient way to harvest passwords, eh?
Carsten Krueger
> I wrote easy tool to generate unique password for each site.
Password Hasher is slightly more advanced and available as firefox addon,
too
http://wijjo.com/passhash/passhash.html
greetings
Carsten
--
ID = 0x2BFBF5D8 FP = 53CA 1609 B00A D2DB A066 314C 6493 69AB 2BFB F5D8
http://www.realname-diskussion.info - Realnames sind keine Pflicht
http://www.spamgourmet.com/ + http://www.temporaryinbox.com/ - Antispam
cakruege (at) gmail (dot) com | http://www.geocities.com/mungfaq/
Oleg Khovayko
>
> LOL, convenient way to harvest passwords, eh?
>
Paranoia is professional disease of cryptographers, but
amateurs can go much far ahead.
About page: This is just JavaScript, in the WEB-page.
No more.
You can save page on your computer, disconnect computer
from the Net and run this program without problems.
Also, you can analyze source -- everything in the page.
Or, you can run program together with network sniffer...
Oleg Khovayko
>
> Password Hasher is slightly more advanced and available as firefox addon,
> too
>
> http://wijjo.com/passhash/passhash.html
>
Thank you,
Really, this is more advanced tool, used same ideas.
Maaartin
> noauth wrote:
>
> > LOL, convenient way to harvest passwords, eh?
>
> Paranoia is professional disease of cryptographers, but
> amateurs can go much far ahead.
>
> About page: This is just JavaScript, in the WEB-page.
> No more.
> You can save page on your computer, disconnect computer
> from the Net and run this program without problems.
>
> Also, you can analyze source -- everything in the page.
Yes, but you could change it after I've analyzed it. Or a man in the
middle could. My problem with it is that it leads to potentially
unsafe behaviour: Entering own master password in an unknown web page
is about as wise as running an unknown executable. Unfortunatelly
there's no easy solution, as all common sandboxes (javascript,
applets, flash) allows "calling home".
Oleg Khovayko
>
> Yes, but you could change it after I've analyzed it.
I wrote in the original message:
[ You can fetch it, deposit onto any free hosting ]
Ok, I'll add here:
{{{ Or deploy onto your own computer. }}}
> Or a man in the
> middle could. My problem with it is that it leads to potentially
> unsafe behaviour: Entering own master password in an unknown web page
> is about as wise as running an unknown executable. Unfortunatelly
> there's no easy solution, as all common sandboxes (javascript,
> applets, flash) allows "calling home".
It is true.
And, I offered in the original message to make your own copy.
Phil Carmody
> noauth wrote:
>
>>
>> LOL, convenient way to harvest passwords, eh?
>>
>
> Paranoia is professional disease of cryptographers, but
> amateurs can go much far ahead.
>
>
> About page: This is just JavaScript, in the WEB-page.
> No more.
> You can save page on your computer, disconnect computer
> from the Net and run this program without problems.
>
> Also, you can analyze source -- everything in the page.
WTF????
"""
function AddUnsigned(lX,lY) {
var lX4,lY4,lX8,lY8,lResult;
lX8 = (lX & 0x80000000);
lY8 = (lY & 0x80000000);
lX4 = (lX & 0x40000000);
lY4 = (lY & 0x40000000);
lResult = (lX & 0x3FFFFFFF)+(lY & 0x3FFFFFFF);
if (lX4 & lY4) {
return (lResult ^ 0x80000000 ^ lX8 ^ lY8);
}
if (lX4 | lY4) {
if (lResult & 0x40000000) {
return (lResult ^ 0xC0000000 ^ lX8 ^ lY8);
} else {
return (lResult ^ 0x40000000 ^ lX8 ^ lY8);
}
} else {
return (lResult ^ lX8 ^ lY8);
}
}
"""
What's wrong with '+' on uints?
Phil
--
Any true emperor never needs to wear clothes. -- Devany on r.a.s.f1
Oleg Khovayko
> Oleg Khovayko <khov...@gmail.com> writes:
>>
>> Also, you can analyze source -- everything in the page.
>
> WTF????
> """
> function AddUnsigned(lX,lY) {
> var lX4,lY4,lX8,lY8,lResult;
> lX8 = (lX & 0x80000000);
> lY8 = (lY & 0x80000000);
> lX4 = (lX & 0x40000000);
> lY4 = (lY & 0x40000000);
> lResult = (lX & 0x3FFFFFFF)+(lY & 0x3FFFFFFF);
> if (lX4 & lY4) {
> return (lResult ^ 0x80000000 ^ lX8 ^ lY8);
> }
> if (lX4 | lY4) {
> if (lResult & 0x40000000) {
> return (lResult ^ 0xC0000000 ^ lX8 ^ lY8);
> } else {
> return (lResult ^ 0x40000000 ^ lX8 ^ lY8);
> }
> } else {
> return (lResult ^ lX8 ^ lY8);
> }
> }
> """
>
> What's wrong with '+' on uints?
>
I don't know.. I just copied MD5 implementation from
http://www.webtoolkit.info/, and tested it locally.
It works, and I inserted it into page.
Maybe, some JS engines have a bug in addition,
and author tried to get around.
I decided do not risk...
Mok-Kong Shen
OT but somewhat related is the fact that typing dynamic on keyboard
can be an active biometric means of authenticating a user. There is
at least one such system that is in practical use somewhere in
Germany (source: Staat & IT, 10. June 2009).
M. K. Shen