I certainly don't want to start a holy war about which algorithm is better, but I really don't have a clue...That question is as religious as askng, "Which is better: linux or windows?", but clearly you recognize that :P The short answer to your question is i've already addressed it in the
faq....
Which hash algorithm should I use?
All of the algorithms are cryptographically strong, but of the algorithms PasswordMaker offers, many people regard SHA-256 and HMAC-MD5 as the strongest.
Disclaimer: I am
not an encryption expert, although I will claim to have more knowledge than the average joe about security and encryption. There are certainly many more people out there more knowledable in this are than me, primarily because my degree is in Computer Science, not Mathematics or Applied Mathematics.
I've been using SHA-256 because the 256 suggests to me 256 bits, which seems more secure than the others
If you're asking this question, you need to to understand the two types of "attacks" on hashed passwords. I go into this to some extent towards the bottom of the
home page, but I'll elaborate a little more here. The bottom line is that larger hash values (bitcounts) don't necessarily mean more security: the strength of the underlying algorithm is a major factor.
The two types of attacks are
hash collisions and
pre-image attacks. Despite the strange names, they're quite easy to understand.
What is a hash collision?A hash collision is simply two (or more) inputs that, after the hash algorithm is applied, yield the same output. Let's say, for example, the master password you choose is
hoodooguru and you choose MD-5 as the hash algorithm. The url is gmail.com. The 8-character password in this case is
8583f029 when the character set is 0123456789abcdef (
get the 0.6.1 beta to define a different character set). In the context of PasswordMaker, a hash collision simply means someone has found another master password that yields
8583f029 when MD-5 is applied to gmail.com for the same character set.
The odds of this occuring are mathematically small, especially when you throw in the fact that the attacker must know if you've applied l33t, which level, if you're using a counter, your username, etc. This is because many of the extra security features are applied
after the hash algorithm. It's still worth mentioning -- for those who wear aluminum foil on their heads -- that a few collisions have been found for MD4, MD5, RIPEMD, HAVAL-128, and SHA-1. BUT there is no generalized solution for finding collisions for these algorithms, which means you are still safe using these algorithms for many years to come. FYI, yahoo.com uses MD5 for its hashing; take a look at the source of
mail.yahoo.com to see what I mean.
No collisions have been found to date for SHA-256, HMAC-MD4, HMAC-MD5, and HMAC-SHA1 (new for 0.6.1). Contrary to the similarity in name between SHA-1 and HMAC-SHA1, they are different algorithms.
What is a pre-image attack?A pre-image attack is much more severe than a hash collision. A pre-image attack (in the context of PassowrdMaker) means the attacker has reverse engineered the generated password and discovered your master password.
No pre-image attacks have ever been reported for any of the hash algorithms used by PasswordMaker. Theoretically, a successful pre-image attack would enable the attacker to determine all of your passwords (because he's reverse-engineered your master password).
However, he must first deduce all the other settings you've defined in PasswordMaker
for each account. That is, he must determine things like leetlevel, when leet is applied (before, after, before&after, or not at all), password length, url to use (if different than the target website), counter (if any), and, of course, your username of the target website. The attacker must do this for each and every web site that you've created an account for or, at a minimum, the Default Settings you've chosen.
I hope you'll agree the likelihood of the attacker deducing all of these variables, even after achieveing what no one else in the world has -- a pre-image attack on any these algorithms -- is slim. :)
Regards,
Eric
