PaulDotCom mailing list archives
Password scheme for websites: How wll would this work, and has it already been done?
From: iamnowonmai at gmail.com (iamnowonmai)
Date: Wed, 29 Jul 2009 21:11:55 -0400
I think it has even been mentioned on PSW within the past year and a half or so...Could be wrong though. Besides. IRONGEEK needs to use the IRONKEY!!!!! :) On Wed, Jul 29, 2009 at 7:44 PM, Vincent Lape <vlape at me.com> wrote:
I think this has already been done. If memory serves me correctly Steve
Gibson talked about it on Security Now.
On Jul 29, 2009, at 4:40 PM, Adrian Crenshaw wrote:
I'm sure by now the many of you here have heard of the asshatery that is
zero for 0wned (zf05.txt) and it's started me thinking about password
management across websites.
Remembering a unique password for each and every site is hard to manage.
Now, what I currently do is have one password for finance stuff, another for
website related stuff and yet another for forums I've visited, sort of by
level of how much I care if they get compromised. Still, it's a pain to go
around changing passwords when you hear Binrev or Hak5 got hacked and your
not sure if they got your credintials.
I was wondering if this schem is workable from a security standpoint, and
if someone has already implemented it into a Firefox plugin. Lets say you do
this, take a password you use everywhere, conatinate it with the domain name
of the site you are making a password for, then take the md5 hash and use it
as your password.For example, if my password was "mypassword" and I were
using it on Pauldotcom.com:
md5("mypasswordpauldotcom.com") = "4b7958e4302cae2836f1c05532f835f4"
This way, it's still easy to remeber, but even if an attacker gets the
plain text from what is store on the site (4b7958e4302cae2836f1c05532f835f4
in this case), they can't use it to compromise account on other sites since
your password would be different, for example:
md5("mypasswordirongeek.com") = "1c96d14e6e048924cabf3009b064958f"
Do you see any major weaknesses in this scheme? Anyone know how to
implement a Firefox plugin to simplify it?
Thanks,
Adrian
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090729/1415316f/attachment.htm
Current thread:
- Password scheme for websites: How wll would this work, and has it already been done? Adrian Crenshaw (Jul 29)
- Password scheme for websites: How wll would this work, and has it already been done? Vincent Lape (Jul 29)
- Password scheme for websites: How wll would this work, and has it already been done? iamnowonmai (Jul 29)
- Password scheme for websites: How wll would this work, and has it already been done? Chris Biettchert (Jul 29)
- Password scheme for websites: How wll would this work, and has it already been done? Adrian Crenshaw (Jul 30)
- Password scheme for websites: How wll would this work, and has it already been done? Jim Halfpenny (Jul 30)
- Password scheme for websites: How wll would this work, and has it already been done? Shawn Bernard (Jul 30)
- Password scheme for websites: How wll would this work, and has it already been done? iamnowonmai (Jul 29)
- Password scheme for websites: How wll would this work, and has it already been done? Vincent Lape (Jul 29)