Hello Keith,
I typed a lengthy reply earlier today, but my machine froze before I finished. :wtf:
So I came up with this precise same idea about a year ago. I'm a slow mover, though,
You and I have a lot in common.
Was this my idea working its way over to you or did you come up with the same idea independently at about the same time?
I indepedently thought of the idea 2-3 years ago, but sat on it for quite some time. It wasn't until October or so of 2004 that I did something about it. My initial motivation was to learn how to write Firefox/Mozilla extensions, and I thought this idea would give me a reasonable goal towards that end.
Luckily, I researched what had been done before I started work. I only found three implementations, all of which were severely limited IMHO
- Nic Wolff's simplistic javascript version
- PwdHash by Blake Ross et. al. Blake Ross is one of the core developers of Firefox, and at the young age of 19 (last year?) made the cover of Wired Magazine. Surprisingly, PwdHash only had an online version and a limited IE plugin--nothing Firefox/Mozilla related, and this from Mr. Firefox the Second (next to Ben Goodger, perhaps), himself. PwdHash was/is an undergraduate research project that had clearly met its time/energy commitment limits.
- Ian Murphy's (I think that was his name) PasswordMaker toolbar for Firefox 0.7. Note his page, which is still online, references Nic Wolff's implementation. In any case, Ian had basically abandoned PasswordMaker by then. When I tried to further its development and involve him on http://passwordmaker.mozdev.org (the original home of PasswordMaker before we had our own domain), he really had little interest. Eventually, he conceded all rights and work to me. However, there really isn't any resemblance between PasswordMaker 0.1 and the versions of today. The original code in CVS is a baseline version of what Ian started.
PasswordMaker today strives for the following:
- Fervent dedication to open-source, community involvement, and peer-review.
- Implementations on numerous platforms--not solely browsers--in order to provide a fully-integrated account management.
- Community-driven product evolution.
That said, we would
love your involvement in any capacity. If you have programming experience, we have numerous editions of PasswordMaker which need work (WAP/WML, PHP, J2ME, C/C++, Konfabulator, Firefox/Mozilla, and of course IE).
On a related note, has anyone written a paper for an academic security conference about this idea? If not, would you like to collaborate on one at some point?
I would be very interested in this. The only papers I know about are
this one and
this one. I am already a published author and have relevant credentials, so that might be beneficial. I'd be happy to show you a resume if you like.
Also, I have a friend who works in the internal security division of Cisco who I had told about the idea and thought it was a good idea. He had volunteered to promote it for use by Cisco employees. I assume that you wouldn't mind if I were to point him to this.
Would be grateful! Please do so.
Regards,
Eric Jung