stepchowfun / hashpass Goto Github PK
View Code? Open in Web Editor NEWA simple password manager with a twist.
Home Page: https://stepchowfun.github.io/hashpass/
License: Other
A simple password manager with a twist.
Home Page: https://stepchowfun.github.io/hashpass/
License: Other
I think it would be nice if you can easily change domain field. For example if you want to use your password to access subdomain of website.
Makes passwords a little harder to crack
Hi,
My question is how does it work if the service domain name changes from www.facebook.com
to login.facebook.com
?
In case it is using the domain name of the password box as-is, it may fail to produce the same password.
Hello,
I really like the idea of a stateless password manager but who do I know my username then?
I could of course choose the same user for every page, but might not want to do that. On some sites it also might already be taken.
After reading this advice:
If a generated password is ever compromised, you don't need to memorize a whole new secret key and update all of your passwords. For that service only, just add an incrementing index to your secret key. Such a tiny change in your secret key results in a completely new password for that service. For example, if your key was bananas, just use bananas2. If you can't remember which iteration of your secret key you used for a particular service, simply try them all in order.
I think this is not very practical nor elegant. On some sites I only have a few tries and if I change my password on a regular basis (which is advised in some cases) the account might get frozen before you reach the correct iteration.
For this both problems a simple solution would be to save the user and the creation date in some kind of database. This might contradict the principle of hashpass in a way, but keep in mind only non-critical information would be saved. A possible attacer that gets the database wouldn't be able to do much with it still without the master password.
Instead of:
Hashpass combines the current domain name and your secret key with a / as follows:
www.facebook.com/bananas. It then computes the SHA-256 hash of that string
It would include the creation date in the hashing input:
I supposed you have already thought through this problems and might have come up with conclusions/solutions. Let me know what you think.
Hi,
first of all, great project, I really like your idea!
So much in fact, that I implemented a compatible client for the command line over here: https://github.com/binaryplease/go-hashpass
I hope that is okay, I don't want to steal any of work and ideas. You link a compatible python script at the bottom of your repo, I wrote my app in Go because it allows me to run the binary on any system without having to install python.
Just wanted to leave a comment in case you want to link to the project in the README.
Cheers!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.