PasswordMaker Forums

Firefox/SeaMonkey/Mozilla/Netscape/Flock Browser Extension => Feature Requests / Enhancements => Topic started by: danielpublic on February 09, 2011, 10:35:54 PM

Title: bcrypt ?
Post by: danielpublic on February 09, 2011, 10:35:54 PM

OK, I've read my daily dosage of /. (http://it.slashdot.org/story/11/02/09/1317253/Are-You-Sure-SHA-1Salt-Is-Enough-For-Passwords#comments) and read this (http://passwordmaker.org/Faq.html#What_about_recent_press_concerning_MD5_AND_SHA-1_.22cracks.22.3F) (FAQ), it surely will increase my electric bill (ok, not really...) but anyhow.. bcrypt (http://codahale.com/how-to-safely-store-a-password/), I can has it.. hm?

Yay | Nay | Lol and what?

Cheers! /D. :)

Title: Re: bcrypt ?
Post by: Miquel 'Fire' Burns on February 10, 2011, 03:03:45 AM

Using bcrypt is more for storing the passwords on the servers you would use PasswordMaker on. There's also the fact the attacker has to know you're using PasswordMaker, and has to hope the sites he has your hash from the databases he stole, that you used the same setup on each site.

The type of passwords created by PasswordMaker might make the attacker think you're using KeePass or something like it to keep track of your passwords anyway.

The main issue with bcrypt is adding that work level to the UI, otherwise, it will be about a useful as MD5 in the long run when you need to up it.

Also, the hashes included are really slow in Firefox anyway.

Title: Re: bcrypt ?
Post by: Miquel 'Fire' Burns on February 10, 2011, 07:56:25 PM

I did think up an area of PasswordMaker that would do REALLY well to switch to bcrypt.

Step one, find a JavaScript version of bcrypt.