[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Request for review of a new package's description

(Please CC me on your replies, thanks!)


I'd like your comments on the following package description for

Description: Per-site password generator for Iceweasel and Iceape
 PwdHash is a browser extension which transparently converts a user's
 password into a domain-specific password. The user can activate this hashing
 by choosing passwords that start with a special prefix (@@) or by pressing a
 special password key (F2). PwdHash automatically replaces the contents of
 these password fields with a one-way hash of the pair (password, domain-name).
 As a result, the site only sees a domain-specific hash of the password, as
 opposed to the password itself. A break-in at a low security site exposes
 password hashes rather than an actual password. The hash function that is used
 is public and can be computed on any machine which enables users to login to
 their web accounts from any machine in the world. Hashing is done using a
 Pseudo Random Function (PRF).
 A major benefit of PwdHash is that it provides a defense against password
 phishing scams. In a phishing scam, users are directed to a spoof web site
 where they are asked to enter their username and password. Using PwdHash the
 phisher only sees a hash of the password specific to the domain hosting the
 spoof page. This hash is useless at the site that the phisher intended to

This description is mostly taken from the upstream site and to be honest,
I'm not very satisfied with it as a package description, but I'm not too
sure what to cut or how to improve it.


Reply to: