[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RFR: package mozilla-pwdhash description

Review follows (note: it's not a proper patch file, just marked up like
one to make the changes easy to identify).

On Fri, Jun 05, 2009 at 11:09:21PM +1200, Francois Marier wrote:
> I'd like your comments on the following package description for
> mozilla-pwdhash:

- Description: Per-site password generator for Iceweasel and Iceape
+ Description: per-site password generator for Iceweasel and Iceape

This should be in 'is-a' form.

- PwdHash is a browser extension which transparently converts a user's
+ PwdHash is a browser extension to transparently convert a user's

PwdHash doesn't covert the password autonomously, it's a tool for a user
to leverage. (yes?)

- password into a domain-specific password. The user can activate this hashing
+ password into a site-specific password which is not tied to the
+ machine on which it was generated.

You referred to sites in the short description, not domains, so keep
this consistent. The second part helps with the below as you'll see.

- The user can activate this hashing
- by choosing passwords that start with a special prefix (@@) or by pressing a
- special password key (F2). PwdHash automatically replaces the contents of
- these password fields with a one-way hash of the pair (password, domain-name).
- As a result, the site only sees a domain-specific hash of the password, as
- opposed to the password itself. A break-in at a low security site exposes
- password hashes rather than an actual password. The hash function that is used
- is public and can be computed on any machine which enables users to login to
- their web accounts from any machine in the world. Hashing is done using a
- Pseudo Random Function (PRF).

+ .
+ Hashing is triggered by prefixing the password with '@@' or by using
+ the shortcut key 'F2'. The password field in focus is replaced by the
+ hash value. Should the site be compromised, the attacker can now only
+ see the hash of the password, not the password itself.

This whole paragraph is very detailed and unwieldy, and the potential
user will be asleep by the end of it! I've removed a lot of the
explanation and assumed that somebody considering using hashed passwords
will already understand *why* they are, or at least be close. I've also
avoided the third person and made the sentences passive.

I would avoid putting the prefix or shortcut key values in if you can,
in case they ever change or can be customised. It's one less thing to
check after a new upstream release.

- .
- A major benefit of PwdHash is that it provides a defense against password
- phishing scams. In a phishing scam, users are directed to a spoof web site
- where they are asked to enter their username and password. Using PwdHash the
- phisher only sees a hash of the password specific to the domain hosting the
+ PwdHash does not encrypt passwords, but it makes brute-force attacks
+ much less likely to succeed. It is particular useful for protection
+ against phishing sites, because the attacker 
+ sees only a hash specific to the site hosting the
  spoof page. This hash is useless at the site that the phisher intended to

Again, assume the user has some knowledge. Make it clear that this
protection is not foolproof, reduce the wordcount and refer to sites
instead of domains for consistency.

> This description is mostly taken from the upstream site and to be honest,
> I'm not very satisfied with it as a package description, but I'm not too
> sure what to cut or how to improve it.
> Thanks!
> Francois

Jonathan Wiltshire

PGP/GPG: 0xDB800B52 / 4216 F01F DCA9 21AC F3D3  A903 CA6B EA3E DB80 0B52

Attachment: signature.asc
Description: Digital signature

Reply to: