Author Topic: Syncronize Diferent Versions Options and Defaults & Remove Superfluous Options  (Read 9367 times)

Offline kwanbis

  • Jr. Member
  • **
  • Posts: 15
Hello everybody. I have been looking at passwordmaker since a long time ago.

I think the idea is brilliant, and very well implemented.

But i have three sugestions.

1) would it be possible to have the same defaults between different versions? Or at least between Firefox and JavaScript versions?

2) would it be possible to have the same options? For example, i can choose the algorithm in the JS version, but the FF version, i have to edit a file!

3) would it help a lot to remove unsecure, options. For example, what is the point of having 13 different algorithms? What is the difference between HMAC-MD5, and HMAC-MD5 v0.6? HMAC-SHA-256 and HMAC-SHA-256 Version 1.5.1? does it makes sense to have MD4 and MD5? and SHA-1 and SHA-256? Maybe there could be a default of only 6 algorithms, MD5, SHA-256, RIPEMD-160, HMAC-MD5, HMAC-SHA-256, HMAC-RIPEMD-160, or whatever is more secure, and an option to have "old algorithms", if needed.

As i said, i really like this application. I have seen it 2 or 3 years ago, and at that time, i feel exactly like today. Thanks for listening.


Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
1) Needs to be fixed. Someone just needs to take the time to do so.

2) Advance view on FF, it's there.

3) the 0.6 ones can be removed if we use this trim parameter that I introduced on some editions I made. By default, it's true, but the 0.6 would be false (and using the Hex character set) HMAC-SHA-256 1.5.1 was a fix of a bug that actually produced invalid HMAC-SHA-256 hashes (so if you were in a position that you could copy PasswordMaker's code in your own protect, assuming it was JavaScript, then it would not match up as nicely)

I dunno, maybe a way to reduce the list is to have HMAC be a flag instead?
"I'm not drunk, just sleep deprived."

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
Hi,

Quote
would it help a lot to remove unsecure, options. For example, what is the point of having 13 different algorithms?

No, it wouldn't help anything. There are lots of algorithms because people have different preferences. As to whether or not one is "more secure" than the other, for the purposes of PasswordMaker -- password generation -- they are all pretty secure. Even with some of the "insecure" hash algorithms like MD-4, there are so many variables in PasswordMaker from which to choose (leet, prefix, suffix, modifier, character set, URL, pwd length, etc) that the problem space is huge. The hash algorithm and master password alone aren't enough to crack generated passwords.

Hope you start using PasswordMaker!

Eric

Offline kwanbis

  • Jr. Member
  • **
  • Posts: 15
2) Advance view on FF, it's there.
sorry, i keep looking, but i can not find it :S

I dunno, maybe a way to reduce the list is to have HMAC be a flag instead?
That would be good. Maybe the order of algorithms could from more secure to less, if such a thing exists.

Offline kwanbis

  • Jr. Member
  • **
  • Posts: 15
No, it wouldn't help anything. There are lots of algorithms because people have different preferences. As to whether or not one is "more secure" than the other, for the purposes of PasswordMaker -- password generation -- they are all pretty secure. Even with some of the "insecure" hash algorithms like MD-4, there are so many variables in PasswordMaker from which to choose (leet, prefix, suffix, modifier, character set, URL, pwd length, etc) that the problem space is huge. The hash algorithm and master password alone aren't enough to crack generated passwords.
Well, second option would be, IMHO, to have all versions with the best possible defaults ...

Hope you start using PasswordMaker!
I have already started ;)

Offline kwanbis

  • Jr. Member
  • **
  • Posts: 15
The algorithm option is located under the "accounts" options, as is there is no global setting.

Offline Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
You're editing the default account right? It's used when the other accounts don't match the site you're going to.
"I'm not drunk, just sleep deprived."

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
1) would it be possible to have the same defaults between different versions? Or at least between Firefox and JavaScript versions?

Thanks to Miquel, this is now complete!

PasswordMaker Forums