Author Topic: Diff passwords  (Read 21383 times)

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Diff passwords
« Reply #15 on: July 25, 2005, 11:16:05 PM »
Quote
How did you get my same password "c1ca8854" generated on your v0.6 instance without knowing the master password??
I left the master password empty.

Quote
I thought given the password, and the website it is impossible to reverseengineer the masterpassword
That's right. It would take many lifetimes to reverse engineer the master password -- assuming you're using one!

Quote
Is there a security hole somewhere? Hope not since this is a great piece of software.
Thank you. No, there's no security hole. You really must use a master password or you'll be susceptible to the very attack that happened here -- I happened to leave the master password field blank/empty, and got the same results as you because all the other settings were the same.

If you select a master password instead of using an empty one, it will take many lifetimes for anyone to reverse engineer your master.

Hope this answers your question -- let me know if you have any others,
Eric

Guest

  • Guest
Diff passwords
« Reply #16 on: July 25, 2005, 11:25:25 PM »
Thanks for the quick reply. Wow I feel better now!

Sound like we need some warnings to indicate a blank or insufficient length master password. Afterall the strength of the generated passwd depends on the strength of the masterpassword.

A blank password without warnings is easy to miss, since PM generates a password anyways and one (after several uses) does not pay attention and use the shortcut keys to copy pwds.

Please consider adding a warning in the next patch. Thanks much!

RogueMD

  • Guest
Diff passwords
« Reply #17 on: July 26, 2005, 06:14:59 AM »
I really have been out of town and really haven't used it, so sry for such a late response.

Well this is what i'm getting. With 0.6 and 0.7.2 i get the same pw minus the master pw, all things being set the same. When i put in the master pw the first digit of the pw gets moved to the back of the new password with 0.7.2.

ie  0.6  = 0abccab125

    0.7.2= abccab1250

I have been able to duplicate at my work pc and on the online version.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Diff passwords
« Reply #18 on: July 26, 2005, 02:25:33 PM »
Quote
Please consider adding a warning in the next patch.
OK, I will do that.

RogueMD, what characters have you specified in the Characters field for PasswordMaker 0.7.2?
« Last Edit: July 26, 2005, 06:15:49 PM by Eric H. Jung »

Guest

  • Guest
Diff passwords
« Reply #19 on: July 26, 2005, 06:13:41 PM »
In the new update it is fixed, but i put in 0123456789abcdef.

really is odd, there is no reason that if i get the same pw in both versions that just adding the master pw should change the overall pw

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Diff passwords
« Reply #20 on: July 26, 2005, 06:16:41 PM »
So everything's working for you now?

Guest

  • Guest
Diff passwords
« Reply #21 on: July 26, 2005, 06:22:02 PM »
No sir, still is not working for me.

Rogue

  • Guest
Diff passwords
« Reply #22 on: July 26, 2005, 06:23:55 PM »
sry last two post were me. just didn't put my name in

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Diff passwords
« Reply #23 on: July 27, 2005, 01:53:31 AM »
I don't understand. You wrote:

Quote
In the new update it is fixed, but i put in 0123456789abcdef.

So what's the problem you've having?

Rogue

  • Guest
Diff passwords
« Reply #24 on: July 27, 2005, 02:06:41 PM »
In 0.7.2 the charactors that are auto placed are correct. In the other versions they had the extra 0 between the 9 and the A.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Diff passwords
« Reply #25 on: July 27, 2005, 02:31:55 PM »
OK, so is there anything else I can help you with? It seems everything's working for you now...

Offline Rogue

  • Normal Members
  • *
  • Posts: 2
Diff passwords
« Reply #26 on: July 27, 2005, 06:15:12 PM »
Yes i'm still having this problem.

Well this is what i'm getting. With 0.6 and 0.7.2 i get the same pw minus the master pw, all things being set the same. When i put in the master pw the first digit of the pw gets moved to the back of the new password with 0.7.2.

ie 0.6 = 0abccab125

0.7.2= abccab1250

I have been able to duplicate at my work pc and on the online version.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Diff passwords
« Reply #27 on: July 27, 2005, 06:32:37 PM »
OK, now I understand. This bug is being discussed here, too.

Please read that thread and post your suggestion about what to do over there...

Thank you,
Eric

Offline Rogue

  • Normal Members
  • *
  • Posts: 2
Diff passwords
« Reply #28 on: July 27, 2005, 08:45:01 PM »
Sry for all of the confustion that i put you threw. Thanks for the link. I will check back on the forums to see the final outcome of this issue. I will just go and change all my pw's to the 0.7.2 version. Sounds like that is just going to be the easiest way to fix the problem.

Might want to make a locked post explaining this problem, so you don't have to go threw this again. I know you have spent alot of time on just this thread, again sry for that and keep up the solid work.

PasswordMaker Forums

Diff passwords
« Reply #28 on: July 27, 2005, 08:45:01 PM »