How can I re-use my password and still protect the password if it is exposed from one source?What are the cons of stateless password generators?Recompute Rainbow table with salt?Is there a better way to take advantage of current 'approved', 'proven', and memory/cpu-expensive algorithms while using salts and peppers?How can salted, hashed password storage be combined with a plaintext, nonce and hash based authentication?Password Hashing Without a Unique SaltDoes too long a salt reduce the security of a stored password hash?At what table size does salt reuse make rainbow tables cost effective?Web Service Authentication Using PBKDF2 and a Public Salt - Does the salt need to change on every request?How to verify 2 hashed values with different salts originating from the same clear-text password?
Should I self-publish my novella on Amazon or try my luck getting publishers?
A question about 'reptile and volatiles' to describe creatures
Why did the RAAF procure the F/A-18 despite being purpose-built for carriers?
Dereferencing a pointer in a for loop initializer creates a seg fault
Why was CPU32 core created, and how is it different from 680x0 CPU cores?
How to identify the wires on the dimmer to convert it to Conventional on/off switch
Atari ST DRAM timing puzzle
Is TA-ing worth the opportunity cost?
How to display a duet in lyrics?
Team goes to lunch frequently, I do intermittent fasting but still want to socialize
Are there any financial disadvantages to living significantly "below your means"?
Is this cheap "air conditioner" able to cool a room?
Looking for a new job because of relocation - is it okay to tell the real reason?
Why are the inside diameters of some pipe larger than the stated size?
sed delete all the words before a match
Is refreshing multiple times a test case for web applications?
Infeasibility in mathematical optimization models
How to translate this word-play with the word "bargain" into French?
Where to pee in London?
English - Acceptable use of parentheses in an author's name
Are any jet engines used in combat aircraft water cooled?
How to remove something from the slug/url
Do other countries guarantee freedoms that the United States does not have?
Does a code snippet compile? Or does it gets compiled?
How can I re-use my password and still protect the password if it is exposed from one source?
What are the cons of stateless password generators?Recompute Rainbow table with salt?Is there a better way to take advantage of current 'approved', 'proven', and memory/cpu-expensive algorithms while using salts and peppers?How can salted, hashed password storage be combined with a plaintext, nonce and hash based authentication?Password Hashing Without a Unique SaltDoes too long a salt reduce the security of a stored password hash?At what table size does salt reuse make rainbow tables cost effective?Web Service Authentication Using PBKDF2 and a Public Salt - Does the salt need to change on every request?How to verify 2 hashed values with different salts originating from the same clear-text password?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I know that all servers should at least store my credentials as hash(password + salt) + salt, with a secure and well known hash function and a salt unique for me, generated from a secure and well known source.
The problem is that servers should do that but may not, so as a user I can't trust them.
I am looking for what I can do to my password before sending it to the server, so that if the server is storing plaintext for example, it will not compromise the security my password on other servers.
I was thinking of sending hash(password + service) to the servers with the service being "Facebook" or "Amazon" for example. This way if someone get hash(password + service) stored in plain text from that service, that's as if they found the hash of my password + the salt, unique for that service.
I already see a problem with that idea: someone could create a rainbow table for each service, making the use of the service as a salt useless.
I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?
hash salt client-side trust client
edited 30 mins ago
Andy Lester
3242 silver badges6 bronze badges
asked 2 days ago
SinderSinder
1021 silver badge6 bronze badges
New contributor
Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I know that all servers should at least store my credentials as hash(password + salt) + salt, with a secure and well known hash function and a salt unique for me, generated from a secure and well known source.
The problem is that servers should do that but may not, so as a user I can't trust them.
I am looking for what I can do to my password before sending it to the server, so that if the server is storing plaintext for example, it will not compromise the security my password on other servers.
I was thinking of sending hash(password + service) to the servers with the service being "Facebook" or "Amazon" for example. This way if someone get hash(password + service) stored in plain text from that service, that's as if they found the hash of my password + the salt, unique for that service.
I already see a problem with that idea: someone could create a rainbow table for each service, making the use of the service as a salt useless.
I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?
hash salt client-side trust client
edited 30 mins ago
Andy Lester
3242 silver badges6 bronze badges
asked 2 days ago
SinderSinder
1021 silver badge6 bronze badges
New contributor
Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
80
The fact that you want to re-use the same password for Facebook and Amazon is the far bigger sin. Instead, use an offline password manager and create a truly random password for every website. If one leaks, only that website is affected.
– MechMK1
2 days ago
8
I would suggest a re-phrasing of your question and the problem you are trying to solve: "how can I re-use my password and still protect the password if it is exposed from one source?"
– schroeder♦
2 days ago
I doubt anyone would recognize the hash as anything but nonsense, and unless you were a high-priority target they wouldn't spend the time trying to crack your password when they could try thousands of others that aren't so secure
– Redwolf Programs
yesterday
add a comment |
I know that all servers should at least store my credentials as hash(password + salt) + salt, with a secure and well known hash function and a salt unique for me, generated from a secure and well known source.
The problem is that servers should do that but may not, so as a user I can't trust them.
I am looking for what I can do to my password before sending it to the server, so that if the server is storing plaintext for example, it will not compromise the security my password on other servers.
I was thinking of sending hash(password + service) to the servers with the service being "Facebook" or "Amazon" for example. This way if someone get hash(password + service) stored in plain text from that service, that's as if they found the hash of my password + the salt, unique for that service.
I already see a problem with that idea: someone could create a rainbow table for each service, making the use of the service as a salt useless.
I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?
hash salt client-side trust client
edited 30 mins ago
Andy Lester
3242 silver badges6 bronze badges
asked 2 days ago
SinderSinder
1021 silver badge6 bronze badges
New contributor
Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I know that all servers should at least store my credentials as hash(password + salt) + salt, with a secure and well known hash function and a salt unique for me, generated from a secure and well known source.
The problem is that servers should do that but may not, so as a user I can't trust them.
I am looking for what I can do to my password before sending it to the server, so that if the server is storing plaintext for example, it will not compromise the security my password on other servers.
I was thinking of sending hash(password + service) to the servers with the service being "Facebook" or "Amazon" for example. This way if someone get hash(password + service) stored in plain text from that service, that's as if they found the hash of my password + the salt, unique for that service.
I already see a problem with that idea: someone could create a rainbow table for each service, making the use of the service as a salt useless.
I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?
hash salt client-side trust client
hash salt client-side trust client
edited 30 mins ago
Andy Lester
3242 silver badges6 bronze badges
asked 2 days ago
SinderSinder
1021 silver badge6 bronze badges
New contributor
Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 30 mins ago
Andy Lester
3242 silver badges6 bronze badges
asked 2 days ago
SinderSinder
1021 silver badge6 bronze badges
New contributor
Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited 30 mins ago
Andy Lester
3242 silver badges6 bronze badges
edited 30 mins ago
Andy Lester
3242 silver badges6 bronze badges
edited 30 mins ago
Andy Lester
3242 silver badges6 bronze badges
3242 silver badges6 bronze badges
asked 2 days ago
SinderSinder
1021 silver badge6 bronze badges
New contributor
Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 2 days ago
SinderSinder
1021 silver badge6 bronze badges
asked 2 days ago
SinderSinder
1021 silver badge6 bronze badges
1021 silver badge6 bronze badges
New contributor
Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
80
The fact that you want to re-use the same password for Facebook and Amazon is the far bigger sin. Instead, use an offline password manager and create a truly random password for every website. If one leaks, only that website is affected.
– MechMK1
2 days ago
8
I would suggest a re-phrasing of your question and the problem you are trying to solve: "how can I re-use my password and still protect the password if it is exposed from one source?"
– schroeder♦
2 days ago
I doubt anyone would recognize the hash as anything but nonsense, and unless you were a high-priority target they wouldn't spend the time trying to crack your password when they could try thousands of others that aren't so secure
– Redwolf Programs
yesterday
add a comment |
80
The fact that you want to re-use the same password for Facebook and Amazon is the far bigger sin. Instead, use an offline password manager and create a truly random password for every website. If one leaks, only that website is affected.
– MechMK1
2 days ago
8
I would suggest a re-phrasing of your question and the problem you are trying to solve: "how can I re-use my password and still protect the password if it is exposed from one source?"
– schroeder♦
2 days ago
I doubt anyone would recognize the hash as anything but nonsense, and unless you were a high-priority target they wouldn't spend the time trying to crack your password when they could try thousands of others that aren't so secure
– Redwolf Programs
yesterday
80
80
The fact that you want to re-use the same password for Facebook and Amazon is the far bigger sin. Instead, use an offline password manager and create a truly random password for every website. If one leaks, only that website is affected.
– MechMK1
2 days ago
The fact that you want to re-use the same password for Facebook and Amazon is the far bigger sin. Instead, use an offline password manager and create a truly random password for every website. If one leaks, only that website is affected.
– MechMK1
2 days ago
8
8
I would suggest a re-phrasing of your question and the problem you are trying to solve: "how can I re-use my password and still protect the password if it is exposed from one source?"
– schroeder♦
2 days ago
I would suggest a re-phrasing of your question and the problem you are trying to solve: "how can I re-use my password and still protect the password if it is exposed from one source?"
– schroeder♦
2 days ago
I doubt anyone would recognize the hash as anything but nonsense, and unless you were a high-priority target they wouldn't spend the time trying to crack your password when they could try thousands of others that aren't so secure
– Redwolf Programs
yesterday
I doubt anyone would recognize the hash as anything but nonsense, and unless you were a high-priority target they wouldn't spend the time trying to crack your password when they could try thousands of others that aren't so secure
– Redwolf Programs
yesterday
add a comment |
6 Answers
6
active
oldest
votes
You are trying to solve a problem that you shouldn't have in the first place: Password Reuse
The concept is simple. You think of a "good" password and use that for everything. Your bank account, online shopping, your e-Mail provider, etc.
The problem is, if it gets leaked by any one of them, then all of the other accounts are potentially in danger. This is a completely unnecessary risk!
What about my suggested scheme?
You yourself said don't re-invent the wheel. If you were to actually do that, you would either have to write an application that calculates the hashes for you, or calculate them yourself and store them.
There are already applications that solve the problem of credential storage, and they do a way better job at it: Offline Password Managers
Why are Offline Password Managers better?
Because they generate truly random and unique passwords. There is no need to bring cryptography into this. No need to tie my password for my e-Mail account to it somehow containing the string "gmail.com".
Because SN2ZJ2Cw92DQx^{$OmqAC_P'xR|Md)[ is definitely a better password than the MD5 sum of hunter2+gmail.com (it's 01f9a94a0febf268495d08f5960e7f05, in case you were wondering).
answered 2 days ago
MechMK1MechMK1
5,4162 gold badges21 silver badges44 bronze badges
Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).
– Gizmo
2 days ago
24
@Gizmo What are the cons of stateless password generators?
– gronostaj
yesterday
If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.
– Gizmo
yesterday
7
@Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.
– MechMK1
yesterday
5
@user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw,4755...is the hash ofhunter2+gmail.comn, with a newline ;) Did you useecho ... | md5sum?echoalways adds a newline at the end,printf ... | md5sumwould be the solution in that case.)
– ilkkachu
20 hours ago
|
show 4 more comments
The established solution for this problem is to use different passwords for different websites along with a password manager. That way you won't have to reinvent the wheel.
I know the rule don't invent your own crypto/protocol, that's why I
want to know if there exists a know protocol for a client securing
himself?
Not every problem has to be solved by a technical, overcomplicated solution.
Not reusing password is an elegant solution.
edited 2 days ago
Benoit Esnard
10.6k7 gold badges54 silver badges56 bronze badges
answered 2 days ago
Vipul NairVipul Nair
1,9121 gold badge6 silver badges20 bronze badges
I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.
– Falco
13 hours ago
@Falco "Not reusing password is an elegant solution"
– Vipul Nair
10 hours ago
add a comment |
I used to use a browser extension which did pretty much exactly what you suggested. (It took my actual password + the URL of the site, hashed them together, and generated a password from that). It was great ... until eBay made me change my password because they had leaked their database. At that point, I had to remember which sites used one password, and which another.
The additional problem is that if any site had stored my "password" in plain text, then an attacker might have recognized how my password had been generated, and cracked it.
The final problem is sites like amazon.de, amazon.co.uk, and amazon.com which all need to share a password.
I have switched to a password manager (LastPass) secured with a strong, randomly generated (diceware), password (and 2FA on my important accounts).
answered yesterday
Martin BonnerMartin Bonner
1451 silver badge9 bronze badges
add a comment |
I'll only answer the crypto aspects of your reasoning; for discussions of the security implications of having a stateless master password, see other answers.
Conceptually, your idea is good. It would be correct in the Random Oracle model, where hash functions have independant outputs for partially identical input. However, in the real world, our hash functions have limitations, and can be vulnerable to extension attacks.
The risk, here, would be that an adversary might steal the output H(key + service1) for a compromised service, and find a more efficient way to generate H(key + service2), that doesn't require to fully recover password.
For this reason, we would not use hash(key + service/salt) as the primitive. Instead, we would use a Message Authentication Code function, MAC(key, service). MAC functions are specially designed to prevent this problem.
answered yesterday
b0fhb0fh
1212 bronze badges
add a comment |
I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?
The problem you are experiencing in the Security Engineering space is known as the "Greedy Password" model. Each website you visit thinks it is the only site on the entire web, and they think it is OK to ask you to manage/remember complex passwords. Also see Peter Gutmann's Engineering Security.
You can do as @MechMK1 suggests and use Password Manager. The problem is, it just moves the password problem around and makes it a little easier manage. You still need to use a real password at some point in time. In a risk management framework you have reduced risk but not eliminated it.
You should use throw away passwords for every non-critical account. I personally use Strong Random Password Generator to generate random 32-byte passwords for each greedy site. Humorously - in a morbid sort of way - some sites cannot handle the long or complex random passwords. Some of the sites make you provide a weaker password.
Once you log into a site they give you a token (cookie) for the site you don't need the password anymore. If you do need to re-enter the password then let the browser enter it from the credential store.
If the password is not in the credential store, then simply go through "Password Recover Password" process. The site will send you an email, and you can use the process to set another throw away password. I use it all the time for expired cookies.
The link sent in the recovery process email is known as a "Self-Authenticating URL". I believe Python uses a similar to authenticate packages. Also see Peter Gutmann's Engineering Security.
Several accounts will be important enough that you need a real password. For example, your corporate password and your Apple email account password. For them, use a strong password and write it down so it is not lost or forgotten. Then put the password in your wallet or purse. Even better, setup 2FA for the critical accounts so the attacker needs both your password + OTP/token.
Some services, like Spotify, are considering doing away with passwords all together. They are adapting the "Password Recovery Process" for authentication. When you want to log-in, you enter your email address and they send you a link for a token. You no longer need a password - you just need an email account.
The number one threat is the network attacker, and they have not managed to reach through your monitor and read your post-it notes. If they break into your password manager or browser credential store, let them collect as many throw-away passwords as they like.
I am looking for what I can do to my password before sending it to the server... I was thinking of sending hash(password + service) to the servers
If you like to do theses sort of things (risk analysis, attack modelling, etc), then you should read Peter Gutmann's Engineering Security. His PhD dissertation studied Security and User Behavior. His book is a treatment for building safer, more secure systems.
answered 2 days ago
jwwjww
6381 gold badge5 silver badges31 bronze badges
Did you allude to not using a password manager but then push people to use the browser credential storage?
– Matt Rowland
23 hours ago
add a comment |
The question you have to ask yourself is what are you trying to achieve ?
You said you want to have a unique password, that you will hash with :
Hash(Password + Service) the resulting hash, depending of the algorithm used (hint : do not create your own algorithm), will probably be 32 character long.
The first problem is see is : what if the website does not allow you to use a 32 char long password ?
Second problem : Do you plan on remembering these lenghty password for every different website ? If you plan on saving them somewhere, using a password manager to create 10 character long, unique, random password, that you won't use for any other website is both easier and more secure
If you plan on remembering these 32 char long passwords, it's still easier to remember an unique 10 char password.
To get back to my initial question : what are you trying to achieve ?
Salting and hashing the password in the database is a layer of security so that :
- if the database is compromised the hacker will have trouble finding your original password and thus he cannot compromise your other accounts on other services if you did use the same password (or small variations) on every website.
- but if you are using a different password on each website/service, even if someone gets your password for a site, he can't do much with it so you should not care
If the attacker silently compromised the service you are using and has a full access he can simply steal your sessionID to impersonnate you, he can modify the application behaviour so your clear-text password is sent to him before hashing, he can change your hashed password in the database to his own hashed password, login with his password and then change back the password in the DB to your hashed password... he basically owns the system and YOU can't do anything about it.
By hashing and salting the password, the service/site you are using are not trying to protect them, they are trying to protect your other accounts in case they get compromised.
answered 2 days ago
MaximeMaxime
393 bronze badges
"the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.
– a CVn
yesterday
I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.
– Maxime
17 hours ago
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sinder is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214854%2fhow-can-i-re-use-my-password-and-still-protect-the-password-if-it-is-exposed-fro%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
You are trying to solve a problem that you shouldn't have in the first place: Password Reuse
The concept is simple. You think of a "good" password and use that for everything. Your bank account, online shopping, your e-Mail provider, etc.
The problem is, if it gets leaked by any one of them, then all of the other accounts are potentially in danger. This is a completely unnecessary risk!
What about my suggested scheme?
You yourself said don't re-invent the wheel. If you were to actually do that, you would either have to write an application that calculates the hashes for you, or calculate them yourself and store them.
There are already applications that solve the problem of credential storage, and they do a way better job at it: Offline Password Managers
Why are Offline Password Managers better?
Because they generate truly random and unique passwords. There is no need to bring cryptography into this. No need to tie my password for my e-Mail account to it somehow containing the string "gmail.com".
Because SN2ZJ2Cw92DQx^{$OmqAC_P'xR|Md)[ is definitely a better password than the MD5 sum of hunter2+gmail.com (it's 01f9a94a0febf268495d08f5960e7f05, in case you were wondering).
answered 2 days ago
MechMK1MechMK1
5,4162 gold badges21 silver badges44 bronze badges
Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).
– Gizmo
2 days ago
24
@Gizmo What are the cons of stateless password generators?
– gronostaj
yesterday
If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.
– Gizmo
yesterday
7
@Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.
– MechMK1
yesterday
5
@user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw,4755...is the hash ofhunter2+gmail.comn, with a newline ;) Did you useecho ... | md5sum?echoalways adds a newline at the end,printf ... | md5sumwould be the solution in that case.)
– ilkkachu
20 hours ago
|
show 4 more comments
You are trying to solve a problem that you shouldn't have in the first place: Password Reuse
The concept is simple. You think of a "good" password and use that for everything. Your bank account, online shopping, your e-Mail provider, etc.
The problem is, if it gets leaked by any one of them, then all of the other accounts are potentially in danger. This is a completely unnecessary risk!
What about my suggested scheme?
You yourself said don't re-invent the wheel. If you were to actually do that, you would either have to write an application that calculates the hashes for you, or calculate them yourself and store them.
There are already applications that solve the problem of credential storage, and they do a way better job at it: Offline Password Managers
Why are Offline Password Managers better?
Because they generate truly random and unique passwords. There is no need to bring cryptography into this. No need to tie my password for my e-Mail account to it somehow containing the string "gmail.com".
Because SN2ZJ2Cw92DQx^{$OmqAC_P'xR|Md)[ is definitely a better password than the MD5 sum of hunter2+gmail.com (it's 01f9a94a0febf268495d08f5960e7f05, in case you were wondering).
answered 2 days ago
MechMK1MechMK1
5,4162 gold badges21 silver badges44 bronze badges
Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).
– Gizmo
2 days ago
24
@Gizmo What are the cons of stateless password generators?
– gronostaj
yesterday
If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.
– Gizmo
yesterday
7
@Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.
– MechMK1
yesterday
5
@user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw,4755...is the hash ofhunter2+gmail.comn, with a newline ;) Did you useecho ... | md5sum?echoalways adds a newline at the end,printf ... | md5sumwould be the solution in that case.)
– ilkkachu
20 hours ago
|
show 4 more comments
You are trying to solve a problem that you shouldn't have in the first place: Password Reuse
The concept is simple. You think of a "good" password and use that for everything. Your bank account, online shopping, your e-Mail provider, etc.
The problem is, if it gets leaked by any one of them, then all of the other accounts are potentially in danger. This is a completely unnecessary risk!
What about my suggested scheme?
You yourself said don't re-invent the wheel. If you were to actually do that, you would either have to write an application that calculates the hashes for you, or calculate them yourself and store them.
There are already applications that solve the problem of credential storage, and they do a way better job at it: Offline Password Managers
Why are Offline Password Managers better?
Because they generate truly random and unique passwords. There is no need to bring cryptography into this. No need to tie my password for my e-Mail account to it somehow containing the string "gmail.com".
Because SN2ZJ2Cw92DQx^{$OmqAC_P'xR|Md)[ is definitely a better password than the MD5 sum of hunter2+gmail.com (it's 01f9a94a0febf268495d08f5960e7f05, in case you were wondering).
answered 2 days ago
MechMK1MechMK1
5,4162 gold badges21 silver badges44 bronze badges
You are trying to solve a problem that you shouldn't have in the first place: Password Reuse
The concept is simple. You think of a "good" password and use that for everything. Your bank account, online shopping, your e-Mail provider, etc.
The problem is, if it gets leaked by any one of them, then all of the other accounts are potentially in danger. This is a completely unnecessary risk!
What about my suggested scheme?
You yourself said don't re-invent the wheel. If you were to actually do that, you would either have to write an application that calculates the hashes for you, or calculate them yourself and store them.
There are already applications that solve the problem of credential storage, and they do a way better job at it: Offline Password Managers
Why are Offline Password Managers better?
Because they generate truly random and unique passwords. There is no need to bring cryptography into this. No need to tie my password for my e-Mail account to it somehow containing the string "gmail.com".
Because SN2ZJ2Cw92DQx^{$OmqAC_P'xR|Md)[ is definitely a better password than the MD5 sum of hunter2+gmail.com (it's 01f9a94a0febf268495d08f5960e7f05, in case you were wondering).
answered 2 days ago
MechMK1MechMK1
5,4162 gold badges21 silver badges44 bronze badges
edited 17 hours ago
answered 2 days ago
MechMK1MechMK1
5,4162 gold badges21 silver badges44 bronze badges
answered 2 days ago
MechMK1MechMK1
5,4162 gold badges21 silver badges44 bronze badges
answered 2 days ago
MechMK1MechMK1
5,4162 gold badges21 silver badges44 bronze badges
5,4162 gold badges21 silver badges44 bronze badges
Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).
– Gizmo
2 days ago
24
@Gizmo What are the cons of stateless password generators?
– gronostaj
yesterday
If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.
– Gizmo
yesterday
7
@Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.
– MechMK1
yesterday
5
@user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw,4755...is the hash ofhunter2+gmail.comn, with a newline ;) Did you useecho ... | md5sum?echoalways adds a newline at the end,printf ... | md5sumwould be the solution in that case.)
– ilkkachu
20 hours ago
|
show 4 more comments
Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).
– Gizmo
2 days ago
24
@Gizmo What are the cons of stateless password generators?
– gronostaj
yesterday
If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.
– Gizmo
yesterday
7
@Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.
– MechMK1
yesterday
5
@user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw,4755...is the hash ofhunter2+gmail.comn, with a newline ;) Did you useecho ... | md5sum?echoalways adds a newline at the end,printf ... | md5sumwould be the solution in that case.)
– ilkkachu
20 hours ago
Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).
– Gizmo
2 days ago
Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).
– Gizmo
2 days ago
24
24
@Gizmo What are the cons of stateless password generators?
– gronostaj
yesterday
@Gizmo What are the cons of stateless password generators?
– gronostaj
yesterday
If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.
– Gizmo
yesterday
If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.
– Gizmo
yesterday
7
7
@Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.
– MechMK1
yesterday
@Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.
– MechMK1
yesterday
5
5
@user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw,
4755... is the hash of hunter2+gmail.comn, with a newline ;) Did you use echo ... | md5sum? echo always adds a newline at the end, printf ... | md5sum would be the solution in that case.)– ilkkachu
20 hours ago
@user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw,
4755... is the hash of hunter2+gmail.comn, with a newline ;) Did you use echo ... | md5sum? echo always adds a newline at the end, printf ... | md5sum would be the solution in that case.)– ilkkachu
20 hours ago
|
show 4 more comments
The established solution for this problem is to use different passwords for different websites along with a password manager. That way you won't have to reinvent the wheel.
I know the rule don't invent your own crypto/protocol, that's why I
want to know if there exists a know protocol for a client securing
himself?
Not every problem has to be solved by a technical, overcomplicated solution.
Not reusing password is an elegant solution.
edited 2 days ago
Benoit Esnard
10.6k7 gold badges54 silver badges56 bronze badges
answered 2 days ago
Vipul NairVipul Nair
1,9121 gold badge6 silver badges20 bronze badges
I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.
– Falco
13 hours ago
@Falco "Not reusing password is an elegant solution"
– Vipul Nair
10 hours ago
add a comment |
The established solution for this problem is to use different passwords for different websites along with a password manager. That way you won't have to reinvent the wheel.
I know the rule don't invent your own crypto/protocol, that's why I
want to know if there exists a know protocol for a client securing
himself?
Not every problem has to be solved by a technical, overcomplicated solution.
Not reusing password is an elegant solution.
edited 2 days ago
Benoit Esnard
10.6k7 gold badges54 silver badges56 bronze badges
answered 2 days ago
Vipul NairVipul Nair
1,9121 gold badge6 silver badges20 bronze badges
I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.
– Falco
13 hours ago
@Falco "Not reusing password is an elegant solution"
– Vipul Nair
10 hours ago
add a comment |
The established solution for this problem is to use different passwords for different websites along with a password manager. That way you won't have to reinvent the wheel.
I know the rule don't invent your own crypto/protocol, that's why I
want to know if there exists a know protocol for a client securing
himself?
Not every problem has to be solved by a technical, overcomplicated solution.
Not reusing password is an elegant solution.
edited 2 days ago
Benoit Esnard
10.6k7 gold badges54 silver badges56 bronze badges
answered 2 days ago
Vipul NairVipul Nair
1,9121 gold badge6 silver badges20 bronze badges
The established solution for this problem is to use different passwords for different websites along with a password manager. That way you won't have to reinvent the wheel.
I know the rule don't invent your own crypto/protocol, that's why I
want to know if there exists a know protocol for a client securing
himself?
Not every problem has to be solved by a technical, overcomplicated solution.
Not reusing password is an elegant solution.
edited 2 days ago
Benoit Esnard
10.6k7 gold badges54 silver badges56 bronze badges
answered 2 days ago
Vipul NairVipul Nair
1,9121 gold badge6 silver badges20 bronze badges
edited 2 days ago
Benoit Esnard
10.6k7 gold badges54 silver badges56 bronze badges
edited 2 days ago
Benoit Esnard
10.6k7 gold badges54 silver badges56 bronze badges
edited 2 days ago
Benoit Esnard
10.6k7 gold badges54 silver badges56 bronze badges
10.6k7 gold badges54 silver badges56 bronze badges
answered 2 days ago
Vipul NairVipul Nair
1,9121 gold badge6 silver badges20 bronze badges
answered 2 days ago
Vipul NairVipul Nair
1,9121 gold badge6 silver badges20 bronze badges
answered 2 days ago
Vipul NairVipul Nair
1,9121 gold badge6 silver badges20 bronze badges
1,9121 gold badge6 silver badges20 bronze badges
I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.
– Falco
13 hours ago
@Falco "Not reusing password is an elegant solution"
– Vipul Nair
10 hours ago
add a comment |
I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.
– Falco
13 hours ago
@Falco "Not reusing password is an elegant solution"
– Vipul Nair
10 hours ago
I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.
– Falco
13 hours ago
I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.
– Falco
13 hours ago
@Falco "Not reusing password is an elegant solution"
– Vipul Nair
10 hours ago
@Falco "Not reusing password is an elegant solution"
– Vipul Nair
10 hours ago
add a comment |
I used to use a browser extension which did pretty much exactly what you suggested. (It took my actual password + the URL of the site, hashed them together, and generated a password from that). It was great ... until eBay made me change my password because they had leaked their database. At that point, I had to remember which sites used one password, and which another.
The additional problem is that if any site had stored my "password" in plain text, then an attacker might have recognized how my password had been generated, and cracked it.
The final problem is sites like amazon.de, amazon.co.uk, and amazon.com which all need to share a password.
I have switched to a password manager (LastPass) secured with a strong, randomly generated (diceware), password (and 2FA on my important accounts).
answered yesterday
Martin BonnerMartin Bonner
1451 silver badge9 bronze badges
add a comment |
I used to use a browser extension which did pretty much exactly what you suggested. (It took my actual password + the URL of the site, hashed them together, and generated a password from that). It was great ... until eBay made me change my password because they had leaked their database. At that point, I had to remember which sites used one password, and which another.
The additional problem is that if any site had stored my "password" in plain text, then an attacker might have recognized how my password had been generated, and cracked it.
The final problem is sites like amazon.de, amazon.co.uk, and amazon.com which all need to share a password.
I have switched to a password manager (LastPass) secured with a strong, randomly generated (diceware), password (and 2FA on my important accounts).
answered yesterday
Martin BonnerMartin Bonner
1451 silver badge9 bronze badges
add a comment |
I used to use a browser extension which did pretty much exactly what you suggested. (It took my actual password + the URL of the site, hashed them together, and generated a password from that). It was great ... until eBay made me change my password because they had leaked their database. At that point, I had to remember which sites used one password, and which another.
The additional problem is that if any site had stored my "password" in plain text, then an attacker might have recognized how my password had been generated, and cracked it.
The final problem is sites like amazon.de, amazon.co.uk, and amazon.com which all need to share a password.
I have switched to a password manager (LastPass) secured with a strong, randomly generated (diceware), password (and 2FA on my important accounts).
answered yesterday
Martin BonnerMartin Bonner
1451 silver badge9 bronze badges
I used to use a browser extension which did pretty much exactly what you suggested. (It took my actual password + the URL of the site, hashed them together, and generated a password from that). It was great ... until eBay made me change my password because they had leaked their database. At that point, I had to remember which sites used one password, and which another.
The additional problem is that if any site had stored my "password" in plain text, then an attacker might have recognized how my password had been generated, and cracked it.
The final problem is sites like amazon.de, amazon.co.uk, and amazon.com which all need to share a password.
I have switched to a password manager (LastPass) secured with a strong, randomly generated (diceware), password (and 2FA on my important accounts).
answered yesterday
Martin BonnerMartin Bonner
1451 silver badge9 bronze badges
answered yesterday
Martin BonnerMartin Bonner
1451 silver badge9 bronze badges
answered yesterday
Martin BonnerMartin Bonner
1451 silver badge9 bronze badges
answered yesterday
Martin BonnerMartin Bonner
1451 silver badge9 bronze badges
1451 silver badge9 bronze badges
add a comment |
add a comment |
I'll only answer the crypto aspects of your reasoning; for discussions of the security implications of having a stateless master password, see other answers.
Conceptually, your idea is good. It would be correct in the Random Oracle model, where hash functions have independant outputs for partially identical input. However, in the real world, our hash functions have limitations, and can be vulnerable to extension attacks.
The risk, here, would be that an adversary might steal the output H(key + service1) for a compromised service, and find a more efficient way to generate H(key + service2), that doesn't require to fully recover password.
For this reason, we would not use hash(key + service/salt) as the primitive. Instead, we would use a Message Authentication Code function, MAC(key, service). MAC functions are specially designed to prevent this problem.
answered yesterday
b0fhb0fh
1212 bronze badges
add a comment |
I'll only answer the crypto aspects of your reasoning; for discussions of the security implications of having a stateless master password, see other answers.
Conceptually, your idea is good. It would be correct in the Random Oracle model, where hash functions have independant outputs for partially identical input. However, in the real world, our hash functions have limitations, and can be vulnerable to extension attacks.
The risk, here, would be that an adversary might steal the output H(key + service1) for a compromised service, and find a more efficient way to generate H(key + service2), that doesn't require to fully recover password.
For this reason, we would not use hash(key + service/salt) as the primitive. Instead, we would use a Message Authentication Code function, MAC(key, service). MAC functions are specially designed to prevent this problem.
answered yesterday
b0fhb0fh
1212 bronze badges
add a comment |
I'll only answer the crypto aspects of your reasoning; for discussions of the security implications of having a stateless master password, see other answers.
Conceptually, your idea is good. It would be correct in the Random Oracle model, where hash functions have independant outputs for partially identical input. However, in the real world, our hash functions have limitations, and can be vulnerable to extension attacks.
The risk, here, would be that an adversary might steal the output H(key + service1) for a compromised service, and find a more efficient way to generate H(key + service2), that doesn't require to fully recover password.
For this reason, we would not use hash(key + service/salt) as the primitive. Instead, we would use a Message Authentication Code function, MAC(key, service). MAC functions are specially designed to prevent this problem.
answered yesterday
b0fhb0fh
1212 bronze badges
I'll only answer the crypto aspects of your reasoning; for discussions of the security implications of having a stateless master password, see other answers.
Conceptually, your idea is good. It would be correct in the Random Oracle model, where hash functions have independant outputs for partially identical input. However, in the real world, our hash functions have limitations, and can be vulnerable to extension attacks.
The risk, here, would be that an adversary might steal the output H(key + service1) for a compromised service, and find a more efficient way to generate H(key + service2), that doesn't require to fully recover password.
For this reason, we would not use hash(key + service/salt) as the primitive. Instead, we would use a Message Authentication Code function, MAC(key, service). MAC functions are specially designed to prevent this problem.
answered yesterday
b0fhb0fh
1212 bronze badges
answered yesterday
b0fhb0fh
1212 bronze badges
answered yesterday
b0fhb0fh
1212 bronze badges
answered yesterday
b0fhb0fh
1212 bronze badges
1212 bronze badges
add a comment |
add a comment |
I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?
The problem you are experiencing in the Security Engineering space is known as the "Greedy Password" model. Each website you visit thinks it is the only site on the entire web, and they think it is OK to ask you to manage/remember complex passwords. Also see Peter Gutmann's Engineering Security.
You can do as @MechMK1 suggests and use Password Manager. The problem is, it just moves the password problem around and makes it a little easier manage. You still need to use a real password at some point in time. In a risk management framework you have reduced risk but not eliminated it.
You should use throw away passwords for every non-critical account. I personally use Strong Random Password Generator to generate random 32-byte passwords for each greedy site. Humorously - in a morbid sort of way - some sites cannot handle the long or complex random passwords. Some of the sites make you provide a weaker password.
Once you log into a site they give you a token (cookie) for the site you don't need the password anymore. If you do need to re-enter the password then let the browser enter it from the credential store.
If the password is not in the credential store, then simply go through "Password Recover Password" process. The site will send you an email, and you can use the process to set another throw away password. I use it all the time for expired cookies.
The link sent in the recovery process email is known as a "Self-Authenticating URL". I believe Python uses a similar to authenticate packages. Also see Peter Gutmann's Engineering Security.
Several accounts will be important enough that you need a real password. For example, your corporate password and your Apple email account password. For them, use a strong password and write it down so it is not lost or forgotten. Then put the password in your wallet or purse. Even better, setup 2FA for the critical accounts so the attacker needs both your password + OTP/token.
Some services, like Spotify, are considering doing away with passwords all together. They are adapting the "Password Recovery Process" for authentication. When you want to log-in, you enter your email address and they send you a link for a token. You no longer need a password - you just need an email account.
The number one threat is the network attacker, and they have not managed to reach through your monitor and read your post-it notes. If they break into your password manager or browser credential store, let them collect as many throw-away passwords as they like.
I am looking for what I can do to my password before sending it to the server... I was thinking of sending hash(password + service) to the servers
If you like to do theses sort of things (risk analysis, attack modelling, etc), then you should read Peter Gutmann's Engineering Security. His PhD dissertation studied Security and User Behavior. His book is a treatment for building safer, more secure systems.
answered 2 days ago
jwwjww
6381 gold badge5 silver badges31 bronze badges
Did you allude to not using a password manager but then push people to use the browser credential storage?
– Matt Rowland
23 hours ago
add a comment |
I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?
The problem you are experiencing in the Security Engineering space is known as the "Greedy Password" model. Each website you visit thinks it is the only site on the entire web, and they think it is OK to ask you to manage/remember complex passwords. Also see Peter Gutmann's Engineering Security.
You can do as @MechMK1 suggests and use Password Manager. The problem is, it just moves the password problem around and makes it a little easier manage. You still need to use a real password at some point in time. In a risk management framework you have reduced risk but not eliminated it.
You should use throw away passwords for every non-critical account. I personally use Strong Random Password Generator to generate random 32-byte passwords for each greedy site. Humorously - in a morbid sort of way - some sites cannot handle the long or complex random passwords. Some of the sites make you provide a weaker password.
Once you log into a site they give you a token (cookie) for the site you don't need the password anymore. If you do need to re-enter the password then let the browser enter it from the credential store.
If the password is not in the credential store, then simply go through "Password Recover Password" process. The site will send you an email, and you can use the process to set another throw away password. I use it all the time for expired cookies.
The link sent in the recovery process email is known as a "Self-Authenticating URL". I believe Python uses a similar to authenticate packages. Also see Peter Gutmann's Engineering Security.
Several accounts will be important enough that you need a real password. For example, your corporate password and your Apple email account password. For them, use a strong password and write it down so it is not lost or forgotten. Then put the password in your wallet or purse. Even better, setup 2FA for the critical accounts so the attacker needs both your password + OTP/token.
Some services, like Spotify, are considering doing away with passwords all together. They are adapting the "Password Recovery Process" for authentication. When you want to log-in, you enter your email address and they send you a link for a token. You no longer need a password - you just need an email account.
The number one threat is the network attacker, and they have not managed to reach through your monitor and read your post-it notes. If they break into your password manager or browser credential store, let them collect as many throw-away passwords as they like.
I am looking for what I can do to my password before sending it to the server... I was thinking of sending hash(password + service) to the servers
If you like to do theses sort of things (risk analysis, attack modelling, etc), then you should read Peter Gutmann's Engineering Security. His PhD dissertation studied Security and User Behavior. His book is a treatment for building safer, more secure systems.
answered 2 days ago
jwwjww
6381 gold badge5 silver badges31 bronze badges
Did you allude to not using a password manager but then push people to use the browser credential storage?
– Matt Rowland
23 hours ago
add a comment |
I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?
The problem you are experiencing in the Security Engineering space is known as the "Greedy Password" model. Each website you visit thinks it is the only site on the entire web, and they think it is OK to ask you to manage/remember complex passwords. Also see Peter Gutmann's Engineering Security.
You can do as @MechMK1 suggests and use Password Manager. The problem is, it just moves the password problem around and makes it a little easier manage. You still need to use a real password at some point in time. In a risk management framework you have reduced risk but not eliminated it.
You should use throw away passwords for every non-critical account. I personally use Strong Random Password Generator to generate random 32-byte passwords for each greedy site. Humorously - in a morbid sort of way - some sites cannot handle the long or complex random passwords. Some of the sites make you provide a weaker password.
Once you log into a site they give you a token (cookie) for the site you don't need the password anymore. If you do need to re-enter the password then let the browser enter it from the credential store.
If the password is not in the credential store, then simply go through "Password Recover Password" process. The site will send you an email, and you can use the process to set another throw away password. I use it all the time for expired cookies.
The link sent in the recovery process email is known as a "Self-Authenticating URL". I believe Python uses a similar to authenticate packages. Also see Peter Gutmann's Engineering Security.
Several accounts will be important enough that you need a real password. For example, your corporate password and your Apple email account password. For them, use a strong password and write it down so it is not lost or forgotten. Then put the password in your wallet or purse. Even better, setup 2FA for the critical accounts so the attacker needs both your password + OTP/token.
Some services, like Spotify, are considering doing away with passwords all together. They are adapting the "Password Recovery Process" for authentication. When you want to log-in, you enter your email address and they send you a link for a token. You no longer need a password - you just need an email account.
The number one threat is the network attacker, and they have not managed to reach through your monitor and read your post-it notes. If they break into your password manager or browser credential store, let them collect as many throw-away passwords as they like.
I am looking for what I can do to my password before sending it to the server... I was thinking of sending hash(password + service) to the servers
If you like to do theses sort of things (risk analysis, attack modelling, etc), then you should read Peter Gutmann's Engineering Security. His PhD dissertation studied Security and User Behavior. His book is a treatment for building safer, more secure systems.
answered 2 days ago
jwwjww
6381 gold badge5 silver badges31 bronze badges
I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?
The problem you are experiencing in the Security Engineering space is known as the "Greedy Password" model. Each website you visit thinks it is the only site on the entire web, and they think it is OK to ask you to manage/remember complex passwords. Also see Peter Gutmann's Engineering Security.
You can do as @MechMK1 suggests and use Password Manager. The problem is, it just moves the password problem around and makes it a little easier manage. You still need to use a real password at some point in time. In a risk management framework you have reduced risk but not eliminated it.
You should use throw away passwords for every non-critical account. I personally use Strong Random Password Generator to generate random 32-byte passwords for each greedy site. Humorously - in a morbid sort of way - some sites cannot handle the long or complex random passwords. Some of the sites make you provide a weaker password.
Once you log into a site they give you a token (cookie) for the site you don't need the password anymore. If you do need to re-enter the password then let the browser enter it from the credential store.
If the password is not in the credential store, then simply go through "Password Recover Password" process. The site will send you an email, and you can use the process to set another throw away password. I use it all the time for expired cookies.
The link sent in the recovery process email is known as a "Self-Authenticating URL". I believe Python uses a similar to authenticate packages. Also see Peter Gutmann's Engineering Security.
Several accounts will be important enough that you need a real password. For example, your corporate password and your Apple email account password. For them, use a strong password and write it down so it is not lost or forgotten. Then put the password in your wallet or purse. Even better, setup 2FA for the critical accounts so the attacker needs both your password + OTP/token.
Some services, like Spotify, are considering doing away with passwords all together. They are adapting the "Password Recovery Process" for authentication. When you want to log-in, you enter your email address and they send you a link for a token. You no longer need a password - you just need an email account.
The number one threat is the network attacker, and they have not managed to reach through your monitor and read your post-it notes. If they break into your password manager or browser credential store, let them collect as many throw-away passwords as they like.
I am looking for what I can do to my password before sending it to the server... I was thinking of sending hash(password + service) to the servers
If you like to do theses sort of things (risk analysis, attack modelling, etc), then you should read Peter Gutmann's Engineering Security. His PhD dissertation studied Security and User Behavior. His book is a treatment for building safer, more secure systems.
answered 2 days ago
jwwjww
6381 gold badge5 silver badges31 bronze badges
edited 2 days ago
answered 2 days ago
jwwjww
6381 gold badge5 silver badges31 bronze badges
answered 2 days ago
jwwjww
6381 gold badge5 silver badges31 bronze badges
answered 2 days ago
jwwjww
6381 gold badge5 silver badges31 bronze badges
6381 gold badge5 silver badges31 bronze badges
Did you allude to not using a password manager but then push people to use the browser credential storage?
– Matt Rowland
23 hours ago
add a comment |
Did you allude to not using a password manager but then push people to use the browser credential storage?
– Matt Rowland
23 hours ago
Did you allude to not using a password manager but then push people to use the browser credential storage?
– Matt Rowland
23 hours ago
Did you allude to not using a password manager but then push people to use the browser credential storage?
– Matt Rowland
23 hours ago
add a comment |
The question you have to ask yourself is what are you trying to achieve ?
You said you want to have a unique password, that you will hash with :
Hash(Password + Service) the resulting hash, depending of the algorithm used (hint : do not create your own algorithm), will probably be 32 character long.
The first problem is see is : what if the website does not allow you to use a 32 char long password ?
Second problem : Do you plan on remembering these lenghty password for every different website ? If you plan on saving them somewhere, using a password manager to create 10 character long, unique, random password, that you won't use for any other website is both easier and more secure
If you plan on remembering these 32 char long passwords, it's still easier to remember an unique 10 char password.
To get back to my initial question : what are you trying to achieve ?
Salting and hashing the password in the database is a layer of security so that :
- if the database is compromised the hacker will have trouble finding your original password and thus he cannot compromise your other accounts on other services if you did use the same password (or small variations) on every website.
- but if you are using a different password on each website/service, even if someone gets your password for a site, he can't do much with it so you should not care
If the attacker silently compromised the service you are using and has a full access he can simply steal your sessionID to impersonnate you, he can modify the application behaviour so your clear-text password is sent to him before hashing, he can change your hashed password in the database to his own hashed password, login with his password and then change back the password in the DB to your hashed password... he basically owns the system and YOU can't do anything about it.
By hashing and salting the password, the service/site you are using are not trying to protect them, they are trying to protect your other accounts in case they get compromised.
answered 2 days ago
MaximeMaxime
393 bronze badges
"the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.
– a CVn
yesterday
I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.
– Maxime
17 hours ago
add a comment |
The question you have to ask yourself is what are you trying to achieve ?
You said you want to have a unique password, that you will hash with :
Hash(Password + Service) the resulting hash, depending of the algorithm used (hint : do not create your own algorithm), will probably be 32 character long.
The first problem is see is : what if the website does not allow you to use a 32 char long password ?
Second problem : Do you plan on remembering these lenghty password for every different website ? If you plan on saving them somewhere, using a password manager to create 10 character long, unique, random password, that you won't use for any other website is both easier and more secure
If you plan on remembering these 32 char long passwords, it's still easier to remember an unique 10 char password.
To get back to my initial question : what are you trying to achieve ?
Salting and hashing the password in the database is a layer of security so that :
- if the database is compromised the hacker will have trouble finding your original password and thus he cannot compromise your other accounts on other services if you did use the same password (or small variations) on every website.
- but if you are using a different password on each website/service, even if someone gets your password for a site, he can't do much with it so you should not care
If the attacker silently compromised the service you are using and has a full access he can simply steal your sessionID to impersonnate you, he can modify the application behaviour so your clear-text password is sent to him before hashing, he can change your hashed password in the database to his own hashed password, login with his password and then change back the password in the DB to your hashed password... he basically owns the system and YOU can't do anything about it.
By hashing and salting the password, the service/site you are using are not trying to protect them, they are trying to protect your other accounts in case they get compromised.
answered 2 days ago
MaximeMaxime
393 bronze badges
"the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.
– a CVn
yesterday
I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.
– Maxime
17 hours ago
add a comment |
The question you have to ask yourself is what are you trying to achieve ?
You said you want to have a unique password, that you will hash with :
Hash(Password + Service) the resulting hash, depending of the algorithm used (hint : do not create your own algorithm), will probably be 32 character long.
The first problem is see is : what if the website does not allow you to use a 32 char long password ?
Second problem : Do you plan on remembering these lenghty password for every different website ? If you plan on saving them somewhere, using a password manager to create 10 character long, unique, random password, that you won't use for any other website is both easier and more secure
If you plan on remembering these 32 char long passwords, it's still easier to remember an unique 10 char password.
To get back to my initial question : what are you trying to achieve ?
Salting and hashing the password in the database is a layer of security so that :
- if the database is compromised the hacker will have trouble finding your original password and thus he cannot compromise your other accounts on other services if you did use the same password (or small variations) on every website.
- but if you are using a different password on each website/service, even if someone gets your password for a site, he can't do much with it so you should not care
If the attacker silently compromised the service you are using and has a full access he can simply steal your sessionID to impersonnate you, he can modify the application behaviour so your clear-text password is sent to him before hashing, he can change your hashed password in the database to his own hashed password, login with his password and then change back the password in the DB to your hashed password... he basically owns the system and YOU can't do anything about it.
By hashing and salting the password, the service/site you are using are not trying to protect them, they are trying to protect your other accounts in case they get compromised.
answered 2 days ago
MaximeMaxime
393 bronze badges
The question you have to ask yourself is what are you trying to achieve ?
You said you want to have a unique password, that you will hash with :
Hash(Password + Service) the resulting hash, depending of the algorithm used (hint : do not create your own algorithm), will probably be 32 character long.
The first problem is see is : what if the website does not allow you to use a 32 char long password ?
Second problem : Do you plan on remembering these lenghty password for every different website ? If you plan on saving them somewhere, using a password manager to create 10 character long, unique, random password, that you won't use for any other website is both easier and more secure
If you plan on remembering these 32 char long passwords, it's still easier to remember an unique 10 char password.
To get back to my initial question : what are you trying to achieve ?
Salting and hashing the password in the database is a layer of security so that :
- if the database is compromised the hacker will have trouble finding your original password and thus he cannot compromise your other accounts on other services if you did use the same password (or small variations) on every website.
- but if you are using a different password on each website/service, even if someone gets your password for a site, he can't do much with it so you should not care
If the attacker silently compromised the service you are using and has a full access he can simply steal your sessionID to impersonnate you, he can modify the application behaviour so your clear-text password is sent to him before hashing, he can change your hashed password in the database to his own hashed password, login with his password and then change back the password in the DB to your hashed password... he basically owns the system and YOU can't do anything about it.
By hashing and salting the password, the service/site you are using are not trying to protect them, they are trying to protect your other accounts in case they get compromised.
answered 2 days ago
MaximeMaxime
393 bronze badges
edited yesterday
answered 2 days ago
MaximeMaxime
393 bronze badges
answered 2 days ago
MaximeMaxime
393 bronze badges
answered 2 days ago
MaximeMaxime
393 bronze badges
393 bronze badges
"the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.
– a CVn
yesterday
I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.
– Maxime
17 hours ago
add a comment |
"the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.
– a CVn
yesterday
I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.
– Maxime
17 hours ago
"the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.
– a CVn
yesterday
"the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.
– a CVn
yesterday
I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.
– Maxime
17 hours ago
I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.
– Maxime
17 hours ago
add a comment |
Sinder is a new contributor. Be nice, and check out our Code of Conduct.
Sinder is a new contributor. Be nice, and check out our Code of Conduct.
Sinder is a new contributor. Be nice, and check out our Code of Conduct.
Sinder is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214854%2fhow-can-i-re-use-my-password-and-still-protect-the-password-if-it-is-exposed-fro%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
80
The fact that you want to re-use the same password for Facebook and Amazon is the far bigger sin. Instead, use an offline password manager and create a truly random password for every website. If one leaks, only that website is affected.
– MechMK1
2 days ago
8
I would suggest a re-phrasing of your question and the problem you are trying to solve: "how can I re-use my password and still protect the password if it is exposed from one source?"
– schroeder♦
2 days ago
I doubt anyone would recognize the hash as anything but nonsense, and unless you were a high-priority target they wouldn't spend the time trying to crack your password when they could try thousands of others that aren't so secure
– Redwolf Programs
yesterday