Re: Have I been hacked?
On Friday 16 January 2015 14:38:09, Joel Rees wrote :
> > I can remember "TwasBrilligAndTheSlithyToves" and associate it with an
> > account.
> >
> > Before signing up I do
> >
> > echo TwasBrilligAndTheSlithyToves | sha1sum | base64 | cut -c -30
> >
> > The output is what I give to a site as a password.
>
> Now you're talking sense. Maybe I don't need to answer your questions
> about IP spoofing and using strategy instead of pure brute force after
> all.
>
> Although, when you don't have access to a command line that gives you
> sha1sum, you're back to having to work hard to remember what you gave
> that site for a password.
>
> Frankly, rot13 or rot42 would get pretty close. But I would prefer a
> tool of my own making that I can use to exclusive-or the site name
> with my chosen pass-phrase before I pass it to the predictable
> shuffle.
That looks like https://www.passwordmaker.org/passwordmaker.html which is
available as a firefox/iceweasel plugin and a chrome plugin (if I'm not
mistaken).
That tool takes one master password (you only have to remember that one) and
use it to derive a site specific password based on that password, the url and
possibly the user name used on the site.
The generated password can be computed at any time and on any computer with
those informations and various other options (such as the hash algorithm, the
characters included in the password, the password length and so on).
Due to the hash algorithm, it is impossible to find the master password from
one or even many generated passwords. Nor is it possible to compute the
password for another site from passwords harvested on compromised sites.
If one site is compromised and the owner ask you to change your existing
password, simply change one option in PasswordMaker to generate a new
password.
Frederic
Reply to: