Author Topic: A couple ideas  (Read 28387 times)

Offline Brathna

  • Normal Members
  • *
  • Posts: 8
A couple ideas
« on: August 03, 2005, 05:00:46 AM »
I'll try to explain this as best I can:

Have the script run through a set of characters randomly that will stop at a pre-determined password strength? Let's say you create a new account, and set the username, use this url, counter, etc, then click on a button and the script will go through characters (that the user has specified) until it reaches or exceeds a password strength the user has set.

Say I put:

0123456789abcdef

and the script will randomize this:

0a3190cedff212d

or whatever until it reaches the pw strength specified.

Which brings me to my other idea:

Enter whatever characters you want and click a button that will randomize those characters automatically. But, unlike my idea above, this feature should only use a character once:

0123456789abcdef

randomized:

0af21de34b59c678

So, instead of having the standard 0-9a-z or whatever, this should mix things up a bit.
« Last Edit: August 03, 2005, 05:03:07 AM by Brathna »

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
A couple ideas
« Reply #1 on: August 03, 2005, 05:42:36 AM »
Hi Brathna,

I like the randomize idea. Tyrantmizar requested that there be character "presets" (e.g., a-zA-Z, all numbers, all characters and all numbers, etc). I can add another "preset" for randomizing a set of characters the user enters.

As for password strength, well, the password strength algorithm needs some work. It's not very accurate at the moment. I like the idea you suggested, but ultimately most of the passwords generated by PasswordMaker will be extremely secure so long as you give it a broad range of characters and sufficient length (i.e., 6 or more chars)

-Eric

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
A couple ideas
« Reply #2 on: August 03, 2005, 12:14:18 PM »
I like the idea, but...

How reliably would PM be able to generate the same password every time? Wouldn't it be possible for more than one password to match the required strength?

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
A couple ideas
« Reply #3 on: August 03, 2005, 03:44:37 PM »
Quote
Wouldn't it be possible for more than one password to match the required strength?
Yes. That's one reason I wouldn't implement this precisely as Brathna describes. I think we should just stick with the other idea: the ability to populate the Characters field with a random character set.

Tyrantmizar, can you add this to the feature list?

-Eric
« Last Edit: August 03, 2005, 03:44:55 PM by Eric H. Jung »

Offline Tyrantmizar

  • Sr. Member
  • ****
  • Posts: 307
A couple ideas
« Reply #4 on: August 03, 2005, 08:27:09 PM »
It's added.

One thing though.

You would have to implement a warning or something for the random character list, because you would never get the same set twice.  Maybe once someone used it, they should be able to add that set as an additional option in the list of pre-set character sets.  Or are you allowing additions to the character set list already?
Tyrantmizar
- <a href="http://tyrantmizar.blogsome.com/">Check out my blog</a> (shameless plug :P)
- Lord of the Feature Requests / Enhancements Forum - BWAHAHAHAHA!!!!
- Lord of the other one, the [url=http://forums.passwordmaker.o

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
A couple ideas
« Reply #5 on: August 03, 2005, 08:49:02 PM »
Hm, I hadn't even thought of providing the ability to edit the list of predefined character sets. I can do that, though (time, time, need more time!)

I'm not sure someone would want to use the same randomized character set again. What would be the point? Things are even more secure if you use different character sets for each account. In any case, I can provide the option to add/remove your own character sets to the predefined list, including random ones.

-Eric

Offline quixin

  • Hero Member
  • *****
  • Posts: 538
A couple ideas
« Reply #6 on: August 03, 2005, 09:10:26 PM »
Quote
I'm not sure someone would want to use the same randomized character set again. What would be the point? Things are even more secure if you use different character sets for each account.
What about using this with the online version,  how would one go about using that random string?  Maybe adding the import ability to the online version?

Also, if someone were to perhaps loose all data and not be able to recover their password file, not having a backup, they would also need to recreate this.

Am I off base with this?



Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
A couple ideas
« Reply #7 on: August 03, 2005, 09:38:14 PM »
Quote
What about using this with the online version, how would one go about using that random string? Maybe adding the import ability to the online version?
You'd either have to memorize the random string (NOT!) or import the file to the online version. We should add the latter to the feature request list -- it's been requested before. In fact, I used to have a button on the online version for "Import Settings" which just said "coming soon."

This isn't a trivial task. I have to use RAP or a similar RDF parser for PHP to get this data. It would, of course, require a submit to the server -- something the online version doesn't currently do. Fortunately, you'll only need to do the submit IF you want to import settings.

Quote
Am I off base with this?
Nope

-Eric

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
A couple ideas
« Reply #8 on: August 03, 2005, 09:42:59 PM »
Quote
Quote
I'm not sure someone would want to use the same randomized character set again. What would be the point? Things are even more secure if you use different character sets for each account.

What about using this with the online version, how would one go about using that random string? Maybe adding the import ability to the online version?

Also, if someone were to perhaps loose all data and not be able to recover their password file, not having a backup, they would also need to recreate this.

Am I off base with this?

I don't think so - I was wondering the same thing. The more you relied on PM, and the more Accounts you accumulated, the nastier it could get if you lost your Account settings.

But I do like the idea of being able to easily make a password as strong as possible.

For someone who is paranoid about their backups (like me), it might not be that scary - but hey, crap-crud happens, and I'm certainly not perfect. I don't guess there is a perfect answer - unless Eric can come up with one.

Hey, maybe...

Eric, maybe you could start up a paid service that passwordmaker.org provides. Paying members get an account, that they can 'sync' with, that keeps their Account Settings and Prefs sync'd to passwordmaker.org's server. This would also let you have the same settings when using the on-line version as well.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
A couple ideas
« Reply #9 on: August 03, 2005, 10:00:00 PM »
Quote
Eric, maybe you could start up a paid service that passwordmaker.org provides. Paying members get an account, that they can 'sync' with, that keeps their Account Settings and Prefs sync'd to passwordmaker.org's server. This would also let you have the same settings when using the on-line version as well.
Yep. This has already been discussed in other threads via an FTP option for storing passwordmaker.rdf (the settings file). This is rather easy to do, believe it or not. I just have to change the source of the file from the local drive to the FTP site. Synch'ing two or more copies (merging) is the difficult part.

p.s. I wouldn't charge. Donations welcome :)
« Last Edit: August 03, 2005, 10:00:35 PM by Eric H. Jung »

Offline tanstaafl

  • God Member
  • ******
  • Posts: 1363
A couple ideas
« Reply #10 on: August 05, 2005, 08:39:49 PM »
(Sorry for hijacking this thread... maybe you could move these posts to the appropriate FTP sync thread you mentioned?)

Couldn't you just have some kind of internal 'version' stamp (that didn't rely on a potentially incorrect date/time from a computer) in the file, and the newest version always simply overwrites the older?

I really don't like the idea of 'merging'. Too much room for file corruption. Just let the most current overwrite the older (with ample warnings of course), and as a last resort, it should have some kind of rollback capability (keep multiple previous versions - User definable).

Since PM's only real value is when you are online, that is the only time you would make changes to the file, so the chances of you making changes to the file without being able to sync with passwordmaker.org are low, and the chances of an unsuccessful sync are even more remote if you allow for multiple FTP servers to sync with (and the User takes advantage of it).

Just my .02 clad coins worth...

Charles

'd'

  • Guest
A couple ideas
« Reply #11 on: August 30, 2005, 05:06:03 PM »
Greetings from LeonSprings, Texas,

Instead of having all of this work of adding something to a good idea that will cause more problems that may last for months, just recomend to the "USER" they backup a copy of "passwordmaker.rdf" and place it in a HIDDEN folder and rename it so it is not searchable as "passwordmaker.bku" and write it down in a ledger as to where it is so when updating and if the settings are 'overwritten' just a retore to the original name.

Just a suggestion, besides I do not know what you are talking about nor what I am,

'd'

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
A couple ideas
« Reply #12 on: August 30, 2005, 08:15:05 PM »
Thanks "d"

David

  • Guest
A couple ideas
« Reply #13 on: October 02, 2005, 07:54:40 AM »
Eric,

I would love to have a character set with all Unicode characters in it. I could add it myself if/when user-defined sets become available, but it might take a while (without writing some kind of code to generate the list and then copying and pasting it into PM). Together with the random feature, this would pretty much take the cake. (No, I don't use that phrase frequently.)

Also, just a thought: perhaps the character sets in the drop-down list could be descriptions instead of showing the characters?--I don't know what comes past the ... without choosing that option and taking a look. E.g., All Latin Characters, All Unicode Characters (hint hint ;) )

Thanks for the consideration :) 0.8.7 rocks!!

David

  • Guest
A couple ideas
« Reply #14 on: October 02, 2005, 08:02:39 AM »
Oops, I guess the Unicode + random was sort of another request--ability to pick a character set and then randomize it-as I think the random feature right now is based on latin + punctuation only?

PasswordMaker Forums

A couple ideas
« Reply #14 on: October 02, 2005, 08:02:39 AM »