PasswordMaker 0.6.1 beta available

[Eric H. Jung]

Title says it all. Send me an email to try it out.

-Eric

[Eric H. Jung]

I've gotten too many requests to handle this individually anymore :)

You can try the download here. Beware the warning in the release notes:

HMAC-MD4, SHA-256, RIPEMD-160 are not generating the same passwords as previous versions. This is the only reason I haven't yet released 0.6.1. Do not use the passwords generated by these hash algorithms in 0.6.1 beta since they are likely to be different for the final release. I've had such a difficult time tracking down the problem that I've been paying a security consultant to help me.

If anyone is able to try the beta so that it generates passwords with umlauts and other non-English characters, please let me know. I haven't had time to look up the alt-numpad codes which allow me to enter these characters on my English-only keyboard.

Thanks,
-Eric

[koreth]

Non-English characters appear to work just fine. Latin1 characters are too easy, so I tried giving it a character set with a mixture of Chinese and ASCII characters and it used them all without incident. The password is the correct length even though some of the characters end up getting expressed as multibyte � sequences when they're sent over the wire. Obviously a lot of sites won't know what to do with Chinese characters in passwords, but that's not PasswordMaker's fault.

[koreth]

By the way, I think being able to specify your own character set is just brilliant. It is an extra layer of security above and beyond the master password. If you want to, you can repeat some of the characters to increase the chances they'll be used (punctuation marks, for example), though of course there's really no need to.

I think Leet Level is really not useful once you can specify a character set, though I guess it pretty much has to be there for backward compatibility at this point. Can the lower leet levels be folded into a predefined menu of character sets? I realize the top few levels actually insert additional characters, but the lowest ones just do substitutions, right?

[Eric H. Jung]

Hi Koreth,
Thanks for the compliments. I'm glad to hear non-English charaters work. I'm not really going to worry about double-byte characters for now. I know China's an emerging market and all, but come on :)

I think Leet Level is really not useful once you can specify a character set

I agree wholeheartedly, but I don't want to alienate existing users. It might call for a poll/vote on this site to see if it should be continued. One of the things I'm striving for is to keep generated passwords the same from release to release. The only time this didn't happen was from 0.1 to 0.2, and there was one person who complained. I don't inconvenience anyone unless absolutely necessary.

One the other hand, it certainly would simplify the GUI to remove all the l33t-related stuff.

Thoughts?

-Eric