Domain: chalisque.org
Stories and comments across the archive that link to chalisque.org.
Comments · 6
-
Use string manipulation and hashes
I wrote a toy demonstration at http://pgen.chalisque.org/ and explained at http://pgen.chalisque.org/abou...
Obviously you can use something slighly more elaborate, and given either bash and standard hashes (e.g. sha256), or javascript and cryptojs, you can roll your own string manipulation.
You basically have a secret phrase or two, something obvious related to the website in question (e.g. pw://domain.name/user.name/index), combine it to produce e.g. 'mypwmachine(SuperSecretPhrase-pw://domain.name/user.name/43)', and them bung that through e.g. sha256 (or bcrypt with high cost if paranoid), take the binary output, convert to base64 and take the first 16 characters as your password. Unless you're rich or a terrorist, it isn't worth the effort to crack. Importantly the difficulty of reversing a hash means one compromised password isn't too dangerous, since unless they can reproduce your string manipulations, they can't easily generate passwords for anything else. I find it fun when a website deems the output of this process unnaceptable for e.g. not including punctuation.
-
Use string manipulation and hashes
I wrote a toy demonstration at http://pgen.chalisque.org/ and explained at http://pgen.chalisque.org/abou...
Obviously you can use something slighly more elaborate, and given either bash and standard hashes (e.g. sha256), or javascript and cryptojs, you can roll your own string manipulation.
You basically have a secret phrase or two, something obvious related to the website in question (e.g. pw://domain.name/user.name/index), combine it to produce e.g. 'mypwmachine(SuperSecretPhrase-pw://domain.name/user.name/43)', and them bung that through e.g. sha256 (or bcrypt with high cost if paranoid), take the binary output, convert to base64 and take the first 16 characters as your password. Unless you're rich or a terrorist, it isn't worth the effort to crack. Importantly the difficulty of reversing a hash means one compromised password isn't too dangerous, since unless they can reproduce your string manipulations, they can't easily generate passwords for anything else. I find it fun when a website deems the output of this process unnaceptable for e.g. not including punctuation.
-
Re: Just like trying to ban guns
You cannot make a gun with only 300 lines combined of JavaScript, HTML and php (given cryptojs). You can make a barebones secure messaging system requiring only a standard Lamp stack that easily. I did one out of boredom in about two hours, most of that looking up APIs, the result of which I dumped at http://pgen.chalisque.org/ssms... - too easy.
-
Relevant humour
The lessons enumerated at http://deardiary.chalisque.org/multistage-computer-language-evolution/ have yet to be learned in many parts of the current world of computing. This is more important when stringent resource constraints mean that the obvious 'industry standard best practice(TM) stuff' is no longer applicable and you have to work stuff out from scratch.
-
Re:Lots of good reasons.
-
Offtopic... sorry, but I wanted to share this
Who needs Kdevelop when you can use vi?
Here's proof... I'm writing my own world beating operating system to prove it!