Tormeron on 25 Jun 2015 23:43 wrote:once again, I didn't say I will not consider making it open source
It already is open-source. Unpacking the .exe (which is just an interpreter wrapper around the plain script) was trivially easy once I realized the language the program was written in.
the 2 keys password generator is that so there is no predefined key by which to rotate the passwords, they are rotated by your own key.
the idea of the words on the side are just suggestions to what you can use that password for.
OK, I think I now understand what you are trying to provide. It's just that the program's labels make it counterintuitive. When I look at it, here's how I think: "It asks two passwords from me. Why two passwords? Why not just one? And then it generates only four application/website passwords. I need far more than that, I need hundreds of passwords. And I don't even use FaceBook, although I guess I could use the FaceBook password for, Idunno, RnP forum. But then I'd have to remember that 'FaceBook' == 'RnP' and that's annoying." I didn't even think of running the program several times for each website I use.
The predefined labels are confusing if the whole idea is to have a separate "Word / Number" for each target website.
it will give me 4 diffferent keys to use for gmail
Why would I want 4 keys for GMail? I can only use one. What's the point of the other 3? And why are they labeled "FaceBook", "Microsoft account" and so on? I was generating a key for GMail. Or Steam. Or RnP forum.
now say i want a password for facebook that is unique, i shall use my same password "password"
but change the word to "facebook" this way, i won't have to recall 2 passwords, but just the service it is for and the password i can remember.
Your program needs some sort of "go back" logic to return to the previous page to enter a new password or application name. It'll be horribly annoying to have to close and re-open it for every site.
Using keepassx uses a storage system which in the end is it's weakness, having a database (whether encrypted or not) can be hacked, having none removes the chance of your database being hacked.
Your program can be made to regenerate all the relevant keys just by knowing the user's password, and figuring out the application naming schema they use.
it's like saying i'll buy a safe to hold my precious keys for all kinds of doors, now i'll place all the keys in the same safe hoping that the security of that safe is strong enough
with my program i don't rely on a safe to hold it, I've hidden each key behind a different safe, meaning someone will have to guess where your safe is and then also guess the combination you used (ofcourse there are no actual database files saved, but it's just for the demonstration)
On the other hand you have a device that creates a new key from a blank template, but only requires one master key to operate. If I have the master key, I can operate the machine and recreate the keys for all your safes.
Also, Gergel I'd love it if you would explain what you meant by the short passwords thing, I could perhaps solve the issue you are referring to, but i can't quite understand what you meant, the program is not supposed to create more than 4 passwords.
I was under the impression that you were planning to make the program generate more than 4 passwords.
- Code: Select all
Local $p1 = _crypt_encryptdata($num, $pass1, $calg_aes_256)
$p1 = _stringtohex($p1)
Assuming both $num and $pass1 are only one character long (which is a really bad idea, but this is proof-of-concept), the length of the string returned by _stringtohex() is 68 characters. That's sufficient for 6 10-character generated passwords, but if you decide to add more generated-passwords fields, you would run out of string. Longer passwords, of course, generate longer strings. Of course now I know that you're not in fact planning to do so, so the point is moot.
If you'd like i could create you a container for your keys in a 4096 encrypted database, though theoretically takes forever to crack, all you need is to know the one password that person uses, I really don't think building stronger walls for the safe is the way to go with protection of my passwords.
Thanks, but I'm very happy with my 256bit AES container. Bottom line: I think I'll stick with it.
