Main Area and Open Discussion > General Software Discussion

finding an old password program ...

<< < (2/5) > >>

mwb1100:
There's a chrome browser extension called hashpass: https://github.com/stepchowfun/hashpass

That repository has links to some other implementations (Android, python, etc) in case you were using this or some variation on it.

wraith808:
There's a chrome browser extension called hashpass: https://github.com/stepchowfun/hashpass

That repository has links to some other implementations (Android, python, etc) in case you were using this or some variation on it.
-mwb1100 (May 02, 2018, 02:07 AM)
--- End quote ---


Nice!  Of note from the repo:

Suppose your secret key is bananas, and you're signing up for Facebook. Hashpass combines the current domain name and your secret key with a / as follows: www.facebook.com/bananas. It then computes the SHA-256 hash of that string. Then it hashes it again and again, 2^16 times in total. Finally, it outputs the first 96 bits of the result, encoded as 16 characters in Base64. In this example, the final output is sWwtmA9uA6X9SyXD. This result can be reproduced using the Python script near the bottom of this document.

--- End quote ---

Looks pretty nice.  Might start using that instead of the LastPass extension.  A bit more work, but worth it, I think.

A couple of warnings from them:
If an adversary has your secret key, they have access to all of your accounts. Hashpass never reveals your secret key. But we must make sure that an adversary can't determine it from the generated passwords.

-snip-

A common defense against these attacks is to add random bits to your key. This is called a salt, and it ensures you don't use the same key as anyone else. Most security software will automatically add a salt to your key and store it. Since Hashpass doesn't store anything, it cannot add a salt for you. It is up to you to pick a key with enough entropy to defend against dictionary attacks. Longer is better. More random is better. Don't use a single word. Definitely don't use bananas. Hashpass doesn't limit the size of your secret key—take advantage of this.

--- End quote ---

Deozaan:
Is it LessPass?

Keep in mind that, as f0dder mentioned in that thread (well, he linked to something written by someone else), these kinds of password generators have drawbacks that may not be readily apparent. So if you can find the one you used to generate your passwords, you may want to consider moving to a different password system.

If that's not the one, then as I said, perhaps you should check out the LastPass Alternatives thread.

Good luck!

cranioscopical:
Any of these?

link to list

wraith808:
Is it LessPass?

Keep in mind that, as f0dder mentioned in that thread (well, he linked to something written by someone else), these kinds of password generators have drawbacks that may not be readily apparent. So if you can find the one you used to generate your passwords, you may want to consider moving to a different password system.

If that's not the one, then as I said, perhaps you should check out the LastPass Alternatives thread.

Good luck!
-Deozaan (May 02, 2018, 09:45 AM)
--- End quote ---

I'd forgotten about that one, and I'm the OP.  I think the concerns there are expressed in the blocks I quoted above, i.e. the lack of the salt, as it's not stored.  Been trying to find an alternative; xmarks' deprecation was more of a reason for me to find something rather than LastPass breaches.  Tried sticky password on recommendation from here; even bought a lifetime license.  But performance issues already have me regretting that decision.

Navigation

[0] Message Index

[#] Next page

[*] Previous page