How can I re-use my password and still protect the password if it is exposed from one source?What are the cons of stateless password generators?Recompute Rainbow table with salt?Is there a better way to take advantage of current 'approved', 'proven', and memory/cpu-expensive algorithms while using salts and peppers?How can salted, hashed password storage be combined with a plaintext, nonce and hash based authentication?Password Hashing Without a Unique SaltDoes too long a salt reduce the security of a stored password hash?At what table size does salt reuse make rainbow tables cost effective?Web Service Authentication Using PBKDF2 and a Public Salt - Does the salt need to change on every request?How to verify 2 hashed values with different salts originating from the same clear-text password?

Should I self-publish my novella on Amazon or try my luck getting publishers?

A question about 'reptile and volatiles' to describe creatures

Why did the RAAF procure the F/A-18 despite being purpose-built for carriers?

Dereferencing a pointer in a for loop initializer creates a seg fault

Why was CPU32 core created, and how is it different from 680x0 CPU cores?

How to identify the wires on the dimmer to convert it to Conventional on/off switch

Atari ST DRAM timing puzzle

Is TA-ing worth the opportunity cost?

How to display a duet in lyrics?

Team goes to lunch frequently, I do intermittent fasting but still want to socialize

Are there any financial disadvantages to living significantly "below your means"?

Is this cheap "air conditioner" able to cool a room?

Looking for a new job because of relocation - is it okay to tell the real reason?

Why are the inside diameters of some pipe larger than the stated size?

sed delete all the words before a match

Is refreshing multiple times a test case for web applications?

Infeasibility in mathematical optimization models

How to translate this word-play with the word "bargain" into French?

Where to pee in London?

English - Acceptable use of parentheses in an author's name

Are any jet engines used in combat aircraft water cooled?

How to remove something from the slug/url

Do other countries guarantee freedoms that the United States does not have?

Does a code snippet compile? Or does it gets compiled?



How can I re-use my password and still protect the password if it is exposed from one source?


What are the cons of stateless password generators?Recompute Rainbow table with salt?Is there a better way to take advantage of current 'approved', 'proven', and memory/cpu-expensive algorithms while using salts and peppers?How can salted, hashed password storage be combined with a plaintext, nonce and hash based authentication?Password Hashing Without a Unique SaltDoes too long a salt reduce the security of a stored password hash?At what table size does salt reuse make rainbow tables cost effective?Web Service Authentication Using PBKDF2 and a Public Salt - Does the salt need to change on every request?How to verify 2 hashed values with different salts originating from the same clear-text password?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








18















I know that all servers should at least store my credentials as hash(password + salt) + salt, with a secure and well known hash function and a salt unique for me, generated from a secure and well known source.



The problem is that servers should do that but may not, so as a user I can't trust them.



I am looking for what I can do to my password before sending it to the server, so that if the server is storing plaintext for example, it will not compromise the security my password on other servers.



I was thinking of sending hash(password + service) to the servers with the service being "Facebook" or "Amazon" for example. This way if someone get hash(password + service) stored in plain text from that service, that's as if they found the hash of my password + the salt, unique for that service.



I already see a problem with that idea: someone could create a rainbow table for each service, making the use of the service as a salt useless.



I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?










share|improve this question









New contributor



Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 80





    The fact that you want to re-use the same password for Facebook and Amazon is the far bigger sin. Instead, use an offline password manager and create a truly random password for every website. If one leaks, only that website is affected.

    – MechMK1
    2 days ago






  • 8





    I would suggest a re-phrasing of your question and the problem you are trying to solve: "how can I re-use my password and still protect the password if it is exposed from one source?"

    – schroeder
    2 days ago












  • I doubt anyone would recognize the hash as anything but nonsense, and unless you were a high-priority target they wouldn't spend the time trying to crack your password when they could try thousands of others that aren't so secure

    – Redwolf Programs
    yesterday

















18















I know that all servers should at least store my credentials as hash(password + salt) + salt, with a secure and well known hash function and a salt unique for me, generated from a secure and well known source.



The problem is that servers should do that but may not, so as a user I can't trust them.



I am looking for what I can do to my password before sending it to the server, so that if the server is storing plaintext for example, it will not compromise the security my password on other servers.



I was thinking of sending hash(password + service) to the servers with the service being "Facebook" or "Amazon" for example. This way if someone get hash(password + service) stored in plain text from that service, that's as if they found the hash of my password + the salt, unique for that service.



I already see a problem with that idea: someone could create a rainbow table for each service, making the use of the service as a salt useless.



I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?










share|improve this question









New contributor



Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 80





    The fact that you want to re-use the same password for Facebook and Amazon is the far bigger sin. Instead, use an offline password manager and create a truly random password for every website. If one leaks, only that website is affected.

    – MechMK1
    2 days ago






  • 8





    I would suggest a re-phrasing of your question and the problem you are trying to solve: "how can I re-use my password and still protect the password if it is exposed from one source?"

    – schroeder
    2 days ago












  • I doubt anyone would recognize the hash as anything but nonsense, and unless you were a high-priority target they wouldn't spend the time trying to crack your password when they could try thousands of others that aren't so secure

    – Redwolf Programs
    yesterday













18












18








18


3






I know that all servers should at least store my credentials as hash(password + salt) + salt, with a secure and well known hash function and a salt unique for me, generated from a secure and well known source.



The problem is that servers should do that but may not, so as a user I can't trust them.



I am looking for what I can do to my password before sending it to the server, so that if the server is storing plaintext for example, it will not compromise the security my password on other servers.



I was thinking of sending hash(password + service) to the servers with the service being "Facebook" or "Amazon" for example. This way if someone get hash(password + service) stored in plain text from that service, that's as if they found the hash of my password + the salt, unique for that service.



I already see a problem with that idea: someone could create a rainbow table for each service, making the use of the service as a salt useless.



I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?










share|improve this question









New contributor



Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











I know that all servers should at least store my credentials as hash(password + salt) + salt, with a secure and well known hash function and a salt unique for me, generated from a secure and well known source.



The problem is that servers should do that but may not, so as a user I can't trust them.



I am looking for what I can do to my password before sending it to the server, so that if the server is storing plaintext for example, it will not compromise the security my password on other servers.



I was thinking of sending hash(password + service) to the servers with the service being "Facebook" or "Amazon" for example. This way if someone get hash(password + service) stored in plain text from that service, that's as if they found the hash of my password + the salt, unique for that service.



I already see a problem with that idea: someone could create a rainbow table for each service, making the use of the service as a salt useless.



I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?







hash salt client-side trust client






share|improve this question









New contributor



Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.










share|improve this question









New contributor



Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








share|improve this question




share|improve this question








edited 30 mins ago









Andy Lester

3242 silver badges6 bronze badges




3242 silver badges6 bronze badges






New contributor



Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








asked 2 days ago









SinderSinder

1021 silver badge6 bronze badges




1021 silver badge6 bronze badges




New contributor



Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




New contributor




Sinder is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • 80





    The fact that you want to re-use the same password for Facebook and Amazon is the far bigger sin. Instead, use an offline password manager and create a truly random password for every website. If one leaks, only that website is affected.

    – MechMK1
    2 days ago






  • 8





    I would suggest a re-phrasing of your question and the problem you are trying to solve: "how can I re-use my password and still protect the password if it is exposed from one source?"

    – schroeder
    2 days ago












  • I doubt anyone would recognize the hash as anything but nonsense, and unless you were a high-priority target they wouldn't spend the time trying to crack your password when they could try thousands of others that aren't so secure

    – Redwolf Programs
    yesterday












  • 80





    The fact that you want to re-use the same password for Facebook and Amazon is the far bigger sin. Instead, use an offline password manager and create a truly random password for every website. If one leaks, only that website is affected.

    – MechMK1
    2 days ago






  • 8





    I would suggest a re-phrasing of your question and the problem you are trying to solve: "how can I re-use my password and still protect the password if it is exposed from one source?"

    – schroeder
    2 days ago












  • I doubt anyone would recognize the hash as anything but nonsense, and unless you were a high-priority target they wouldn't spend the time trying to crack your password when they could try thousands of others that aren't so secure

    – Redwolf Programs
    yesterday







80




80





The fact that you want to re-use the same password for Facebook and Amazon is the far bigger sin. Instead, use an offline password manager and create a truly random password for every website. If one leaks, only that website is affected.

– MechMK1
2 days ago





The fact that you want to re-use the same password for Facebook and Amazon is the far bigger sin. Instead, use an offline password manager and create a truly random password for every website. If one leaks, only that website is affected.

– MechMK1
2 days ago




8




8





I would suggest a re-phrasing of your question and the problem you are trying to solve: "how can I re-use my password and still protect the password if it is exposed from one source?"

– schroeder
2 days ago






I would suggest a re-phrasing of your question and the problem you are trying to solve: "how can I re-use my password and still protect the password if it is exposed from one source?"

– schroeder
2 days ago














I doubt anyone would recognize the hash as anything but nonsense, and unless you were a high-priority target they wouldn't spend the time trying to crack your password when they could try thousands of others that aren't so secure

– Redwolf Programs
yesterday





I doubt anyone would recognize the hash as anything but nonsense, and unless you were a high-priority target they wouldn't spend the time trying to crack your password when they could try thousands of others that aren't so secure

– Redwolf Programs
yesterday










6 Answers
6






active

oldest

votes


















84














You are trying to solve a problem that you shouldn't have in the first place: Password Reuse



The concept is simple. You think of a "good" password and use that for everything. Your bank account, online shopping, your e-Mail provider, etc.



The problem is, if it gets leaked by any one of them, then all of the other accounts are potentially in danger. This is a completely unnecessary risk!



What about my suggested scheme?



You yourself said don't re-invent the wheel. If you were to actually do that, you would either have to write an application that calculates the hashes for you, or calculate them yourself and store them.



There are already applications that solve the problem of credential storage, and they do a way better job at it: Offline Password Managers



Why are Offline Password Managers better?



Because they generate truly random and unique passwords. There is no need to bring cryptography into this. No need to tie my password for my e-Mail account to it somehow containing the string "gmail.com".



Because SN2ZJ2Cw92DQx^{$OmqAC_P'xR|Md)[ is definitely a better password than the MD5 sum of hunter2+gmail.com (it's 01f9a94a0febf268495d08f5960e7f05, in case you were wondering).






share|improve this answer



























  • Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).

    – Gizmo
    2 days ago







  • 24





    @Gizmo What are the cons of stateless password generators?

    – gronostaj
    yesterday











  • If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.

    – Gizmo
    yesterday






  • 7





    @Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.

    – MechMK1
    yesterday






  • 5





    @user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw, 4755... is the hash of hunter2+gmail.comn, with a newline ;) Did you use echo ... | md5sum? echo always adds a newline at the end, printf ... | md5sum would be the solution in that case.)

    – ilkkachu
    20 hours ago


















20














The established solution for this problem is to use different passwords for different websites along with a password manager. That way you won't have to reinvent the wheel.




I know the rule don't invent your own crypto/protocol, that's why I
want to know if there exists a know protocol for a client securing
himself?




Not every problem has to be solved by a technical, overcomplicated solution.


Not reusing password is an elegant solution.






share|improve this answer



























  • I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.

    – Falco
    13 hours ago











  • @Falco "Not reusing password is an elegant solution"

    – Vipul Nair
    10 hours ago


















2














I used to use a browser extension which did pretty much exactly what you suggested. (It took my actual password + the URL of the site, hashed them together, and generated a password from that). It was great ... until eBay made me change my password because they had leaked their database. At that point, I had to remember which sites used one password, and which another.



The additional problem is that if any site had stored my "password" in plain text, then an attacker might have recognized how my password had been generated, and cracked it.



The final problem is sites like amazon.de, amazon.co.uk, and amazon.com which all need to share a password.



I have switched to a password manager (LastPass) secured with a strong, randomly generated (diceware), password (and 2FA on my important accounts).






share|improve this answer
































    1














    I'll only answer the crypto aspects of your reasoning; for discussions of the security implications of having a stateless master password, see other answers.



    Conceptually, your idea is good. It would be correct in the Random Oracle model, where hash functions have independant outputs for partially identical input. However, in the real world, our hash functions have limitations, and can be vulnerable to extension attacks.



    The risk, here, would be that an adversary might steal the output H(key + service1) for a compromised service, and find a more efficient way to generate H(key + service2), that doesn't require to fully recover password.



    For this reason, we would not use hash(key + service/salt) as the primitive. Instead, we would use a Message Authentication Code function, MAC(key, service). MAC functions are specially designed to prevent this problem.






    share|improve this answer
































      0















      I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?




      The problem you are experiencing in the Security Engineering space is known as the "Greedy Password" model. Each website you visit thinks it is the only site on the entire web, and they think it is OK to ask you to manage/remember complex passwords. Also see Peter Gutmann's Engineering Security.



      You can do as @MechMK1 suggests and use Password Manager. The problem is, it just moves the password problem around and makes it a little easier manage. You still need to use a real password at some point in time. In a risk management framework you have reduced risk but not eliminated it.



      You should use throw away passwords for every non-critical account. I personally use Strong Random Password Generator to generate random 32-byte passwords for each greedy site. Humorously - in a morbid sort of way - some sites cannot handle the long or complex random passwords. Some of the sites make you provide a weaker password.



      Once you log into a site they give you a token (cookie) for the site you don't need the password anymore. If you do need to re-enter the password then let the browser enter it from the credential store.



      If the password is not in the credential store, then simply go through "Password Recover Password" process. The site will send you an email, and you can use the process to set another throw away password. I use it all the time for expired cookies.



      The link sent in the recovery process email is known as a "Self-Authenticating URL". I believe Python uses a similar to authenticate packages. Also see Peter Gutmann's Engineering Security.



      Several accounts will be important enough that you need a real password. For example, your corporate password and your Apple email account password. For them, use a strong password and write it down so it is not lost or forgotten. Then put the password in your wallet or purse. Even better, setup 2FA for the critical accounts so the attacker needs both your password + OTP/token.



      Some services, like Spotify, are considering doing away with passwords all together. They are adapting the "Password Recovery Process" for authentication. When you want to log-in, you enter your email address and they send you a link for a token. You no longer need a password - you just need an email account.



      The number one threat is the network attacker, and they have not managed to reach through your monitor and read your post-it notes. If they break into your password manager or browser credential store, let them collect as many throw-away passwords as they like.





      I am looking for what I can do to my password before sending it to the server... I was thinking of sending hash(password + service) to the servers




      If you like to do theses sort of things (risk analysis, attack modelling, etc), then you should read Peter Gutmann's Engineering Security. His PhD dissertation studied Security and User Behavior. His book is a treatment for building safer, more secure systems.






      share|improve this answer



























      • Did you allude to not using a password manager but then push people to use the browser credential storage?

        – Matt Rowland
        23 hours ago


















      0














      The question you have to ask yourself is what are you trying to achieve ?



      You said you want to have a unique password, that you will hash with :



      Hash(Password + Service) the resulting hash, depending of the algorithm used (hint : do not create your own algorithm), will probably be 32 character long.



      The first problem is see is : what if the website does not allow you to use a 32 char long password ?



      Second problem : Do you plan on remembering these lenghty password for every different website ? If you plan on saving them somewhere, using a password manager to create 10 character long, unique, random password, that you won't use for any other website is both easier and more secure



      If you plan on remembering these 32 char long passwords, it's still easier to remember an unique 10 char password.



      To get back to my initial question : what are you trying to achieve ?



      Salting and hashing the password in the database is a layer of security so that :



      • if the database is compromised the hacker will have trouble finding your original password and thus he cannot compromise your other accounts on other services if you did use the same password (or small variations) on every website.

      • but if you are using a different password on each website/service, even if someone gets your password for a site, he can't do much with it so you should not care

      If the attacker silently compromised the service you are using and has a full access he can simply steal your sessionID to impersonnate you, he can modify the application behaviour so your clear-text password is sent to him before hashing, he can change your hashed password in the database to his own hashed password, login with his password and then change back the password in the DB to your hashed password... he basically owns the system and YOU can't do anything about it.



      By hashing and salting the password, the service/site you are using are not trying to protect them, they are trying to protect your other accounts in case they get compromised.






      share|improve this answer



























      • "the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.

        – a CVn
        yesterday











      • I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.

        – Maxime
        17 hours ago













      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "162"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      noCode: true, onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );






      Sinder is a new contributor. Be nice, and check out our Code of Conduct.









      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214854%2fhow-can-i-re-use-my-password-and-still-protect-the-password-if-it-is-exposed-fro%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      6 Answers
      6






      active

      oldest

      votes








      6 Answers
      6






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      84














      You are trying to solve a problem that you shouldn't have in the first place: Password Reuse



      The concept is simple. You think of a "good" password and use that for everything. Your bank account, online shopping, your e-Mail provider, etc.



      The problem is, if it gets leaked by any one of them, then all of the other accounts are potentially in danger. This is a completely unnecessary risk!



      What about my suggested scheme?



      You yourself said don't re-invent the wheel. If you were to actually do that, you would either have to write an application that calculates the hashes for you, or calculate them yourself and store them.



      There are already applications that solve the problem of credential storage, and they do a way better job at it: Offline Password Managers



      Why are Offline Password Managers better?



      Because they generate truly random and unique passwords. There is no need to bring cryptography into this. No need to tie my password for my e-Mail account to it somehow containing the string "gmail.com".



      Because SN2ZJ2Cw92DQx^{$OmqAC_P'xR|Md)[ is definitely a better password than the MD5 sum of hunter2+gmail.com (it's 01f9a94a0febf268495d08f5960e7f05, in case you were wondering).






      share|improve this answer



























      • Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).

        – Gizmo
        2 days ago







      • 24





        @Gizmo What are the cons of stateless password generators?

        – gronostaj
        yesterday











      • If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.

        – Gizmo
        yesterday






      • 7





        @Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.

        – MechMK1
        yesterday






      • 5





        @user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw, 4755... is the hash of hunter2+gmail.comn, with a newline ;) Did you use echo ... | md5sum? echo always adds a newline at the end, printf ... | md5sum would be the solution in that case.)

        – ilkkachu
        20 hours ago















      84














      You are trying to solve a problem that you shouldn't have in the first place: Password Reuse



      The concept is simple. You think of a "good" password and use that for everything. Your bank account, online shopping, your e-Mail provider, etc.



      The problem is, if it gets leaked by any one of them, then all of the other accounts are potentially in danger. This is a completely unnecessary risk!



      What about my suggested scheme?



      You yourself said don't re-invent the wheel. If you were to actually do that, you would either have to write an application that calculates the hashes for you, or calculate them yourself and store them.



      There are already applications that solve the problem of credential storage, and they do a way better job at it: Offline Password Managers



      Why are Offline Password Managers better?



      Because they generate truly random and unique passwords. There is no need to bring cryptography into this. No need to tie my password for my e-Mail account to it somehow containing the string "gmail.com".



      Because SN2ZJ2Cw92DQx^{$OmqAC_P'xR|Md)[ is definitely a better password than the MD5 sum of hunter2+gmail.com (it's 01f9a94a0febf268495d08f5960e7f05, in case you were wondering).






      share|improve this answer



























      • Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).

        – Gizmo
        2 days ago







      • 24





        @Gizmo What are the cons of stateless password generators?

        – gronostaj
        yesterday











      • If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.

        – Gizmo
        yesterday






      • 7





        @Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.

        – MechMK1
        yesterday






      • 5





        @user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw, 4755... is the hash of hunter2+gmail.comn, with a newline ;) Did you use echo ... | md5sum? echo always adds a newline at the end, printf ... | md5sum would be the solution in that case.)

        – ilkkachu
        20 hours ago













      84












      84








      84







      You are trying to solve a problem that you shouldn't have in the first place: Password Reuse



      The concept is simple. You think of a "good" password and use that for everything. Your bank account, online shopping, your e-Mail provider, etc.



      The problem is, if it gets leaked by any one of them, then all of the other accounts are potentially in danger. This is a completely unnecessary risk!



      What about my suggested scheme?



      You yourself said don't re-invent the wheel. If you were to actually do that, you would either have to write an application that calculates the hashes for you, or calculate them yourself and store them.



      There are already applications that solve the problem of credential storage, and they do a way better job at it: Offline Password Managers



      Why are Offline Password Managers better?



      Because they generate truly random and unique passwords. There is no need to bring cryptography into this. No need to tie my password for my e-Mail account to it somehow containing the string "gmail.com".



      Because SN2ZJ2Cw92DQx^{$OmqAC_P'xR|Md)[ is definitely a better password than the MD5 sum of hunter2+gmail.com (it's 01f9a94a0febf268495d08f5960e7f05, in case you were wondering).






      share|improve this answer















      You are trying to solve a problem that you shouldn't have in the first place: Password Reuse



      The concept is simple. You think of a "good" password and use that for everything. Your bank account, online shopping, your e-Mail provider, etc.



      The problem is, if it gets leaked by any one of them, then all of the other accounts are potentially in danger. This is a completely unnecessary risk!



      What about my suggested scheme?



      You yourself said don't re-invent the wheel. If you were to actually do that, you would either have to write an application that calculates the hashes for you, or calculate them yourself and store them.



      There are already applications that solve the problem of credential storage, and they do a way better job at it: Offline Password Managers



      Why are Offline Password Managers better?



      Because they generate truly random and unique passwords. There is no need to bring cryptography into this. No need to tie my password for my e-Mail account to it somehow containing the string "gmail.com".



      Because SN2ZJ2Cw92DQx^{$OmqAC_P'xR|Md)[ is definitely a better password than the MD5 sum of hunter2+gmail.com (it's 01f9a94a0febf268495d08f5960e7f05, in case you were wondering).







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited 17 hours ago

























      answered 2 days ago









      MechMK1MechMK1

      5,4162 gold badges21 silver badges44 bronze badges




      5,4162 gold badges21 silver badges44 bronze badges















      • Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).

        – Gizmo
        2 days ago







      • 24





        @Gizmo What are the cons of stateless password generators?

        – gronostaj
        yesterday











      • If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.

        – Gizmo
        yesterday






      • 7





        @Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.

        – MechMK1
        yesterday






      • 5





        @user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw, 4755... is the hash of hunter2+gmail.comn, with a newline ;) Did you use echo ... | md5sum? echo always adds a newline at the end, printf ... | md5sum would be the solution in that case.)

        – ilkkachu
        20 hours ago

















      • Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).

        – Gizmo
        2 days ago







      • 24





        @Gizmo What are the cons of stateless password generators?

        – gronostaj
        yesterday











      • If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.

        – Gizmo
        yesterday






      • 7





        @Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.

        – MechMK1
        yesterday






      • 5





        @user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw, 4755... is the hash of hunter2+gmail.comn, with a newline ;) Did you use echo ... | md5sum? echo always adds a newline at the end, printf ... | md5sum would be the solution in that case.)

        – ilkkachu
        20 hours ago
















      Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).

      – Gizmo
      2 days ago






      Not necessarily true that password re-use is a "security issue", there is also LessPass. You still use a master password to unlock your password database. By exploiting a very very very difficult to reverse function one can generate safe passwords. It's more of a tradeoff between leaking a master password but not having to store your passwords in a file (which can also be stolen and masterkey keylogged).

      – Gizmo
      2 days ago





      24




      24





      @Gizmo What are the cons of stateless password generators?

      – gronostaj
      yesterday





      @Gizmo What are the cons of stateless password generators?

      – gronostaj
      yesterday













      If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.

      – Gizmo
      yesterday





      If an attacker has the master key and knows the algorithm used then all passwords are compromised too (that's why I always use the offline apps, if someone can keylog my PC, then someone can also extract a password database file). Also remembering things is still a thing e.g. if a website changes domains or you need to reset your password (how many times did I reset it?). Some websites also only accept specific charsets.

      – Gizmo
      yesterday




      7




      7





      @Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.

      – MechMK1
      yesterday





      @Gizmo If you were to look at the questions discussing stateless password managers, you will see the exact same points being brought up. A truly random password is the best kind of password, and any reason not to use a truly random password needs to be really, really good.

      – MechMK1
      yesterday




      5




      5





      @user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw, 4755... is the hash of hunter2+gmail.comn, with a newline ;) Did you use echo ... | md5sum? echo always adds a newline at the end, printf ... | md5sum would be the solution in that case.)

      – ilkkachu
      20 hours ago





      @user1717828, and a blurb of 16 hex digits would be a very good password if it were random, but since it's just a weak hash of a rather weak password it's somewhat suspect. (btw, 4755... is the hash of hunter2+gmail.comn, with a newline ;) Did you use echo ... | md5sum? echo always adds a newline at the end, printf ... | md5sum would be the solution in that case.)

      – ilkkachu
      20 hours ago













      20














      The established solution for this problem is to use different passwords for different websites along with a password manager. That way you won't have to reinvent the wheel.




      I know the rule don't invent your own crypto/protocol, that's why I
      want to know if there exists a know protocol for a client securing
      himself?




      Not every problem has to be solved by a technical, overcomplicated solution.


      Not reusing password is an elegant solution.






      share|improve this answer



























      • I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.

        – Falco
        13 hours ago











      • @Falco "Not reusing password is an elegant solution"

        – Vipul Nair
        10 hours ago















      20














      The established solution for this problem is to use different passwords for different websites along with a password manager. That way you won't have to reinvent the wheel.




      I know the rule don't invent your own crypto/protocol, that's why I
      want to know if there exists a know protocol for a client securing
      himself?




      Not every problem has to be solved by a technical, overcomplicated solution.


      Not reusing password is an elegant solution.






      share|improve this answer



























      • I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.

        – Falco
        13 hours ago











      • @Falco "Not reusing password is an elegant solution"

        – Vipul Nair
        10 hours ago













      20












      20








      20







      The established solution for this problem is to use different passwords for different websites along with a password manager. That way you won't have to reinvent the wheel.




      I know the rule don't invent your own crypto/protocol, that's why I
      want to know if there exists a know protocol for a client securing
      himself?




      Not every problem has to be solved by a technical, overcomplicated solution.


      Not reusing password is an elegant solution.






      share|improve this answer















      The established solution for this problem is to use different passwords for different websites along with a password manager. That way you won't have to reinvent the wheel.




      I know the rule don't invent your own crypto/protocol, that's why I
      want to know if there exists a know protocol for a client securing
      himself?




      Not every problem has to be solved by a technical, overcomplicated solution.


      Not reusing password is an elegant solution.







      share|improve this answer














      share|improve this answer



      share|improve this answer








      edited 2 days ago









      Benoit Esnard

      10.6k7 gold badges54 silver badges56 bronze badges




      10.6k7 gold badges54 silver badges56 bronze badges










      answered 2 days ago









      Vipul NairVipul Nair

      1,9121 gold badge6 silver badges20 bronze badges




      1,9121 gold badge6 silver badges20 bronze badges















      • I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.

        – Falco
        13 hours ago











      • @Falco "Not reusing password is an elegant solution"

        – Vipul Nair
        10 hours ago

















      • I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.

        – Falco
        13 hours ago











      • @Falco "Not reusing password is an elegant solution"

        – Vipul Nair
        10 hours ago
















      I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.

      – Falco
      13 hours ago





      I would say that a Password-Manager is a technical and quite complicated solution, just one you don't have to build yourself.

      – Falco
      13 hours ago













      @Falco "Not reusing password is an elegant solution"

      – Vipul Nair
      10 hours ago





      @Falco "Not reusing password is an elegant solution"

      – Vipul Nair
      10 hours ago











      2














      I used to use a browser extension which did pretty much exactly what you suggested. (It took my actual password + the URL of the site, hashed them together, and generated a password from that). It was great ... until eBay made me change my password because they had leaked their database. At that point, I had to remember which sites used one password, and which another.



      The additional problem is that if any site had stored my "password" in plain text, then an attacker might have recognized how my password had been generated, and cracked it.



      The final problem is sites like amazon.de, amazon.co.uk, and amazon.com which all need to share a password.



      I have switched to a password manager (LastPass) secured with a strong, randomly generated (diceware), password (and 2FA on my important accounts).






      share|improve this answer





























        2














        I used to use a browser extension which did pretty much exactly what you suggested. (It took my actual password + the URL of the site, hashed them together, and generated a password from that). It was great ... until eBay made me change my password because they had leaked their database. At that point, I had to remember which sites used one password, and which another.



        The additional problem is that if any site had stored my "password" in plain text, then an attacker might have recognized how my password had been generated, and cracked it.



        The final problem is sites like amazon.de, amazon.co.uk, and amazon.com which all need to share a password.



        I have switched to a password manager (LastPass) secured with a strong, randomly generated (diceware), password (and 2FA on my important accounts).






        share|improve this answer



























          2












          2








          2







          I used to use a browser extension which did pretty much exactly what you suggested. (It took my actual password + the URL of the site, hashed them together, and generated a password from that). It was great ... until eBay made me change my password because they had leaked their database. At that point, I had to remember which sites used one password, and which another.



          The additional problem is that if any site had stored my "password" in plain text, then an attacker might have recognized how my password had been generated, and cracked it.



          The final problem is sites like amazon.de, amazon.co.uk, and amazon.com which all need to share a password.



          I have switched to a password manager (LastPass) secured with a strong, randomly generated (diceware), password (and 2FA on my important accounts).






          share|improve this answer













          I used to use a browser extension which did pretty much exactly what you suggested. (It took my actual password + the URL of the site, hashed them together, and generated a password from that). It was great ... until eBay made me change my password because they had leaked their database. At that point, I had to remember which sites used one password, and which another.



          The additional problem is that if any site had stored my "password" in plain text, then an attacker might have recognized how my password had been generated, and cracked it.



          The final problem is sites like amazon.de, amazon.co.uk, and amazon.com which all need to share a password.



          I have switched to a password manager (LastPass) secured with a strong, randomly generated (diceware), password (and 2FA on my important accounts).







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered yesterday









          Martin BonnerMartin Bonner

          1451 silver badge9 bronze badges




          1451 silver badge9 bronze badges
























              1














              I'll only answer the crypto aspects of your reasoning; for discussions of the security implications of having a stateless master password, see other answers.



              Conceptually, your idea is good. It would be correct in the Random Oracle model, where hash functions have independant outputs for partially identical input. However, in the real world, our hash functions have limitations, and can be vulnerable to extension attacks.



              The risk, here, would be that an adversary might steal the output H(key + service1) for a compromised service, and find a more efficient way to generate H(key + service2), that doesn't require to fully recover password.



              For this reason, we would not use hash(key + service/salt) as the primitive. Instead, we would use a Message Authentication Code function, MAC(key, service). MAC functions are specially designed to prevent this problem.






              share|improve this answer





























                1














                I'll only answer the crypto aspects of your reasoning; for discussions of the security implications of having a stateless master password, see other answers.



                Conceptually, your idea is good. It would be correct in the Random Oracle model, where hash functions have independant outputs for partially identical input. However, in the real world, our hash functions have limitations, and can be vulnerable to extension attacks.



                The risk, here, would be that an adversary might steal the output H(key + service1) for a compromised service, and find a more efficient way to generate H(key + service2), that doesn't require to fully recover password.



                For this reason, we would not use hash(key + service/salt) as the primitive. Instead, we would use a Message Authentication Code function, MAC(key, service). MAC functions are specially designed to prevent this problem.






                share|improve this answer



























                  1












                  1








                  1







                  I'll only answer the crypto aspects of your reasoning; for discussions of the security implications of having a stateless master password, see other answers.



                  Conceptually, your idea is good. It would be correct in the Random Oracle model, where hash functions have independant outputs for partially identical input. However, in the real world, our hash functions have limitations, and can be vulnerable to extension attacks.



                  The risk, here, would be that an adversary might steal the output H(key + service1) for a compromised service, and find a more efficient way to generate H(key + service2), that doesn't require to fully recover password.



                  For this reason, we would not use hash(key + service/salt) as the primitive. Instead, we would use a Message Authentication Code function, MAC(key, service). MAC functions are specially designed to prevent this problem.






                  share|improve this answer













                  I'll only answer the crypto aspects of your reasoning; for discussions of the security implications of having a stateless master password, see other answers.



                  Conceptually, your idea is good. It would be correct in the Random Oracle model, where hash functions have independant outputs for partially identical input. However, in the real world, our hash functions have limitations, and can be vulnerable to extension attacks.



                  The risk, here, would be that an adversary might steal the output H(key + service1) for a compromised service, and find a more efficient way to generate H(key + service2), that doesn't require to fully recover password.



                  For this reason, we would not use hash(key + service/salt) as the primitive. Instead, we would use a Message Authentication Code function, MAC(key, service). MAC functions are specially designed to prevent this problem.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered yesterday









                  b0fhb0fh

                  1212 bronze badges




                  1212 bronze badges
























                      0















                      I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?




                      The problem you are experiencing in the Security Engineering space is known as the "Greedy Password" model. Each website you visit thinks it is the only site on the entire web, and they think it is OK to ask you to manage/remember complex passwords. Also see Peter Gutmann's Engineering Security.



                      You can do as @MechMK1 suggests and use Password Manager. The problem is, it just moves the password problem around and makes it a little easier manage. You still need to use a real password at some point in time. In a risk management framework you have reduced risk but not eliminated it.



                      You should use throw away passwords for every non-critical account. I personally use Strong Random Password Generator to generate random 32-byte passwords for each greedy site. Humorously - in a morbid sort of way - some sites cannot handle the long or complex random passwords. Some of the sites make you provide a weaker password.



                      Once you log into a site they give you a token (cookie) for the site you don't need the password anymore. If you do need to re-enter the password then let the browser enter it from the credential store.



                      If the password is not in the credential store, then simply go through "Password Recover Password" process. The site will send you an email, and you can use the process to set another throw away password. I use it all the time for expired cookies.



                      The link sent in the recovery process email is known as a "Self-Authenticating URL". I believe Python uses a similar to authenticate packages. Also see Peter Gutmann's Engineering Security.



                      Several accounts will be important enough that you need a real password. For example, your corporate password and your Apple email account password. For them, use a strong password and write it down so it is not lost or forgotten. Then put the password in your wallet or purse. Even better, setup 2FA for the critical accounts so the attacker needs both your password + OTP/token.



                      Some services, like Spotify, are considering doing away with passwords all together. They are adapting the "Password Recovery Process" for authentication. When you want to log-in, you enter your email address and they send you a link for a token. You no longer need a password - you just need an email account.



                      The number one threat is the network attacker, and they have not managed to reach through your monitor and read your post-it notes. If they break into your password manager or browser credential store, let them collect as many throw-away passwords as they like.





                      I am looking for what I can do to my password before sending it to the server... I was thinking of sending hash(password + service) to the servers




                      If you like to do theses sort of things (risk analysis, attack modelling, etc), then you should read Peter Gutmann's Engineering Security. His PhD dissertation studied Security and User Behavior. His book is a treatment for building safer, more secure systems.






                      share|improve this answer



























                      • Did you allude to not using a password manager but then push people to use the browser credential storage?

                        – Matt Rowland
                        23 hours ago















                      0















                      I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?




                      The problem you are experiencing in the Security Engineering space is known as the "Greedy Password" model. Each website you visit thinks it is the only site on the entire web, and they think it is OK to ask you to manage/remember complex passwords. Also see Peter Gutmann's Engineering Security.



                      You can do as @MechMK1 suggests and use Password Manager. The problem is, it just moves the password problem around and makes it a little easier manage. You still need to use a real password at some point in time. In a risk management framework you have reduced risk but not eliminated it.



                      You should use throw away passwords for every non-critical account. I personally use Strong Random Password Generator to generate random 32-byte passwords for each greedy site. Humorously - in a morbid sort of way - some sites cannot handle the long or complex random passwords. Some of the sites make you provide a weaker password.



                      Once you log into a site they give you a token (cookie) for the site you don't need the password anymore. If you do need to re-enter the password then let the browser enter it from the credential store.



                      If the password is not in the credential store, then simply go through "Password Recover Password" process. The site will send you an email, and you can use the process to set another throw away password. I use it all the time for expired cookies.



                      The link sent in the recovery process email is known as a "Self-Authenticating URL". I believe Python uses a similar to authenticate packages. Also see Peter Gutmann's Engineering Security.



                      Several accounts will be important enough that you need a real password. For example, your corporate password and your Apple email account password. For them, use a strong password and write it down so it is not lost or forgotten. Then put the password in your wallet or purse. Even better, setup 2FA for the critical accounts so the attacker needs both your password + OTP/token.



                      Some services, like Spotify, are considering doing away with passwords all together. They are adapting the "Password Recovery Process" for authentication. When you want to log-in, you enter your email address and they send you a link for a token. You no longer need a password - you just need an email account.



                      The number one threat is the network attacker, and they have not managed to reach through your monitor and read your post-it notes. If they break into your password manager or browser credential store, let them collect as many throw-away passwords as they like.





                      I am looking for what I can do to my password before sending it to the server... I was thinking of sending hash(password + service) to the servers




                      If you like to do theses sort of things (risk analysis, attack modelling, etc), then you should read Peter Gutmann's Engineering Security. His PhD dissertation studied Security and User Behavior. His book is a treatment for building safer, more secure systems.






                      share|improve this answer



























                      • Did you allude to not using a password manager but then push people to use the browser credential storage?

                        – Matt Rowland
                        23 hours ago













                      0












                      0








                      0








                      I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?




                      The problem you are experiencing in the Security Engineering space is known as the "Greedy Password" model. Each website you visit thinks it is the only site on the entire web, and they think it is OK to ask you to manage/remember complex passwords. Also see Peter Gutmann's Engineering Security.



                      You can do as @MechMK1 suggests and use Password Manager. The problem is, it just moves the password problem around and makes it a little easier manage. You still need to use a real password at some point in time. In a risk management framework you have reduced risk but not eliminated it.



                      You should use throw away passwords for every non-critical account. I personally use Strong Random Password Generator to generate random 32-byte passwords for each greedy site. Humorously - in a morbid sort of way - some sites cannot handle the long or complex random passwords. Some of the sites make you provide a weaker password.



                      Once you log into a site they give you a token (cookie) for the site you don't need the password anymore. If you do need to re-enter the password then let the browser enter it from the credential store.



                      If the password is not in the credential store, then simply go through "Password Recover Password" process. The site will send you an email, and you can use the process to set another throw away password. I use it all the time for expired cookies.



                      The link sent in the recovery process email is known as a "Self-Authenticating URL". I believe Python uses a similar to authenticate packages. Also see Peter Gutmann's Engineering Security.



                      Several accounts will be important enough that you need a real password. For example, your corporate password and your Apple email account password. For them, use a strong password and write it down so it is not lost or forgotten. Then put the password in your wallet or purse. Even better, setup 2FA for the critical accounts so the attacker needs both your password + OTP/token.



                      Some services, like Spotify, are considering doing away with passwords all together. They are adapting the "Password Recovery Process" for authentication. When you want to log-in, you enter your email address and they send you a link for a token. You no longer need a password - you just need an email account.



                      The number one threat is the network attacker, and they have not managed to reach through your monitor and read your post-it notes. If they break into your password manager or browser credential store, let them collect as many throw-away passwords as they like.





                      I am looking for what I can do to my password before sending it to the server... I was thinking of sending hash(password + service) to the servers




                      If you like to do theses sort of things (risk analysis, attack modelling, etc), then you should read Peter Gutmann's Engineering Security. His PhD dissertation studied Security and User Behavior. His book is a treatment for building safer, more secure systems.






                      share|improve this answer
















                      I know the rule don't invent your own crypto/protocol, that's why I want to know if there exists a know protocol for a client securing himself?




                      The problem you are experiencing in the Security Engineering space is known as the "Greedy Password" model. Each website you visit thinks it is the only site on the entire web, and they think it is OK to ask you to manage/remember complex passwords. Also see Peter Gutmann's Engineering Security.



                      You can do as @MechMK1 suggests and use Password Manager. The problem is, it just moves the password problem around and makes it a little easier manage. You still need to use a real password at some point in time. In a risk management framework you have reduced risk but not eliminated it.



                      You should use throw away passwords for every non-critical account. I personally use Strong Random Password Generator to generate random 32-byte passwords for each greedy site. Humorously - in a morbid sort of way - some sites cannot handle the long or complex random passwords. Some of the sites make you provide a weaker password.



                      Once you log into a site they give you a token (cookie) for the site you don't need the password anymore. If you do need to re-enter the password then let the browser enter it from the credential store.



                      If the password is not in the credential store, then simply go through "Password Recover Password" process. The site will send you an email, and you can use the process to set another throw away password. I use it all the time for expired cookies.



                      The link sent in the recovery process email is known as a "Self-Authenticating URL". I believe Python uses a similar to authenticate packages. Also see Peter Gutmann's Engineering Security.



                      Several accounts will be important enough that you need a real password. For example, your corporate password and your Apple email account password. For them, use a strong password and write it down so it is not lost or forgotten. Then put the password in your wallet or purse. Even better, setup 2FA for the critical accounts so the attacker needs both your password + OTP/token.



                      Some services, like Spotify, are considering doing away with passwords all together. They are adapting the "Password Recovery Process" for authentication. When you want to log-in, you enter your email address and they send you a link for a token. You no longer need a password - you just need an email account.



                      The number one threat is the network attacker, and they have not managed to reach through your monitor and read your post-it notes. If they break into your password manager or browser credential store, let them collect as many throw-away passwords as they like.





                      I am looking for what I can do to my password before sending it to the server... I was thinking of sending hash(password + service) to the servers




                      If you like to do theses sort of things (risk analysis, attack modelling, etc), then you should read Peter Gutmann's Engineering Security. His PhD dissertation studied Security and User Behavior. His book is a treatment for building safer, more secure systems.







                      share|improve this answer














                      share|improve this answer



                      share|improve this answer








                      edited 2 days ago

























                      answered 2 days ago









                      jwwjww

                      6381 gold badge5 silver badges31 bronze badges




                      6381 gold badge5 silver badges31 bronze badges















                      • Did you allude to not using a password manager but then push people to use the browser credential storage?

                        – Matt Rowland
                        23 hours ago

















                      • Did you allude to not using a password manager but then push people to use the browser credential storage?

                        – Matt Rowland
                        23 hours ago
















                      Did you allude to not using a password manager but then push people to use the browser credential storage?

                      – Matt Rowland
                      23 hours ago





                      Did you allude to not using a password manager but then push people to use the browser credential storage?

                      – Matt Rowland
                      23 hours ago











                      0














                      The question you have to ask yourself is what are you trying to achieve ?



                      You said you want to have a unique password, that you will hash with :



                      Hash(Password + Service) the resulting hash, depending of the algorithm used (hint : do not create your own algorithm), will probably be 32 character long.



                      The first problem is see is : what if the website does not allow you to use a 32 char long password ?



                      Second problem : Do you plan on remembering these lenghty password for every different website ? If you plan on saving them somewhere, using a password manager to create 10 character long, unique, random password, that you won't use for any other website is both easier and more secure



                      If you plan on remembering these 32 char long passwords, it's still easier to remember an unique 10 char password.



                      To get back to my initial question : what are you trying to achieve ?



                      Salting and hashing the password in the database is a layer of security so that :



                      • if the database is compromised the hacker will have trouble finding your original password and thus he cannot compromise your other accounts on other services if you did use the same password (or small variations) on every website.

                      • but if you are using a different password on each website/service, even if someone gets your password for a site, he can't do much with it so you should not care

                      If the attacker silently compromised the service you are using and has a full access he can simply steal your sessionID to impersonnate you, he can modify the application behaviour so your clear-text password is sent to him before hashing, he can change your hashed password in the database to his own hashed password, login with his password and then change back the password in the DB to your hashed password... he basically owns the system and YOU can't do anything about it.



                      By hashing and salting the password, the service/site you are using are not trying to protect them, they are trying to protect your other accounts in case they get compromised.






                      share|improve this answer



























                      • "the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.

                        – a CVn
                        yesterday











                      • I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.

                        – Maxime
                        17 hours ago















                      0














                      The question you have to ask yourself is what are you trying to achieve ?



                      You said you want to have a unique password, that you will hash with :



                      Hash(Password + Service) the resulting hash, depending of the algorithm used (hint : do not create your own algorithm), will probably be 32 character long.



                      The first problem is see is : what if the website does not allow you to use a 32 char long password ?



                      Second problem : Do you plan on remembering these lenghty password for every different website ? If you plan on saving them somewhere, using a password manager to create 10 character long, unique, random password, that you won't use for any other website is both easier and more secure



                      If you plan on remembering these 32 char long passwords, it's still easier to remember an unique 10 char password.



                      To get back to my initial question : what are you trying to achieve ?



                      Salting and hashing the password in the database is a layer of security so that :



                      • if the database is compromised the hacker will have trouble finding your original password and thus he cannot compromise your other accounts on other services if you did use the same password (or small variations) on every website.

                      • but if you are using a different password on each website/service, even if someone gets your password for a site, he can't do much with it so you should not care

                      If the attacker silently compromised the service you are using and has a full access he can simply steal your sessionID to impersonnate you, he can modify the application behaviour so your clear-text password is sent to him before hashing, he can change your hashed password in the database to his own hashed password, login with his password and then change back the password in the DB to your hashed password... he basically owns the system and YOU can't do anything about it.



                      By hashing and salting the password, the service/site you are using are not trying to protect them, they are trying to protect your other accounts in case they get compromised.






                      share|improve this answer



























                      • "the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.

                        – a CVn
                        yesterday











                      • I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.

                        – Maxime
                        17 hours ago













                      0












                      0








                      0







                      The question you have to ask yourself is what are you trying to achieve ?



                      You said you want to have a unique password, that you will hash with :



                      Hash(Password + Service) the resulting hash, depending of the algorithm used (hint : do not create your own algorithm), will probably be 32 character long.



                      The first problem is see is : what if the website does not allow you to use a 32 char long password ?



                      Second problem : Do you plan on remembering these lenghty password for every different website ? If you plan on saving them somewhere, using a password manager to create 10 character long, unique, random password, that you won't use for any other website is both easier and more secure



                      If you plan on remembering these 32 char long passwords, it's still easier to remember an unique 10 char password.



                      To get back to my initial question : what are you trying to achieve ?



                      Salting and hashing the password in the database is a layer of security so that :



                      • if the database is compromised the hacker will have trouble finding your original password and thus he cannot compromise your other accounts on other services if you did use the same password (or small variations) on every website.

                      • but if you are using a different password on each website/service, even if someone gets your password for a site, he can't do much with it so you should not care

                      If the attacker silently compromised the service you are using and has a full access he can simply steal your sessionID to impersonnate you, he can modify the application behaviour so your clear-text password is sent to him before hashing, he can change your hashed password in the database to his own hashed password, login with his password and then change back the password in the DB to your hashed password... he basically owns the system and YOU can't do anything about it.



                      By hashing and salting the password, the service/site you are using are not trying to protect them, they are trying to protect your other accounts in case they get compromised.






                      share|improve this answer















                      The question you have to ask yourself is what are you trying to achieve ?



                      You said you want to have a unique password, that you will hash with :



                      Hash(Password + Service) the resulting hash, depending of the algorithm used (hint : do not create your own algorithm), will probably be 32 character long.



                      The first problem is see is : what if the website does not allow you to use a 32 char long password ?



                      Second problem : Do you plan on remembering these lenghty password for every different website ? If you plan on saving them somewhere, using a password manager to create 10 character long, unique, random password, that you won't use for any other website is both easier and more secure



                      If you plan on remembering these 32 char long passwords, it's still easier to remember an unique 10 char password.



                      To get back to my initial question : what are you trying to achieve ?



                      Salting and hashing the password in the database is a layer of security so that :



                      • if the database is compromised the hacker will have trouble finding your original password and thus he cannot compromise your other accounts on other services if you did use the same password (or small variations) on every website.

                      • but if you are using a different password on each website/service, even if someone gets your password for a site, he can't do much with it so you should not care

                      If the attacker silently compromised the service you are using and has a full access he can simply steal your sessionID to impersonnate you, he can modify the application behaviour so your clear-text password is sent to him before hashing, he can change your hashed password in the database to his own hashed password, login with his password and then change back the password in the DB to your hashed password... he basically owns the system and YOU can't do anything about it.



                      By hashing and salting the password, the service/site you are using are not trying to protect them, they are trying to protect your other accounts in case they get compromised.







                      share|improve this answer














                      share|improve this answer



                      share|improve this answer








                      edited yesterday

























                      answered 2 days ago









                      MaximeMaxime

                      393 bronze badges




                      393 bronze badges















                      • "the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.

                        – a CVn
                        yesterday











                      • I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.

                        – Maxime
                        17 hours ago

















                      • "the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.

                        – a CVn
                        yesterday











                      • I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.

                        – Maxime
                        17 hours ago
















                      "the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.

                      – a CVn
                      yesterday





                      "the resulting hash, depending of the algorithm used [...] will probably be 32 character long." No. It might be 128 bits long. Expressed as a string of hexadecimal digits, that is 32 characters long, with characters of the set [0-9a-f]. Expressed in Base64, the exact same value is represented as 22 characters out of a 64-character set. In binary, printed as 0 and 1, it would be represented as 128 characters out of a set of two. In each case, it's still the exact same value! It's just represented differently. Changing the representation does not change anything cryptographically.

                      – a CVn
                      yesterday













                      I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.

                      – Maxime
                      17 hours ago





                      I was just trying to point out that EVEN if it was a good idea (and it's not a good idea), you might have issues using the hash as a password.

                      – Maxime
                      17 hours ago










                      Sinder is a new contributor. Be nice, and check out our Code of Conduct.









                      draft saved

                      draft discarded


















                      Sinder is a new contributor. Be nice, and check out our Code of Conduct.












                      Sinder is a new contributor. Be nice, and check out our Code of Conduct.











                      Sinder is a new contributor. Be nice, and check out our Code of Conduct.














                      Thanks for contributing an answer to Information Security Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214854%2fhow-can-i-re-use-my-password-and-still-protect-the-password-if-it-is-exposed-fro%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      Invision Community Contents History See also References External links Navigation menuProprietaryinvisioncommunity.comIPS Community ForumsIPS Community Forumsthis blog entry"License Changes, IP.Board 3.4, and the Future""Interview -- Matt Mecham of Ibforums""CEO Invision Power Board, Matt Mecham Is a Liar, Thief!"IPB License Explanation 1.3, 1.3.1, 2.0, and 2.1ArchivedSecurity Fixes, Updates And Enhancements For IPB 1.3.1Archived"New Demo Accounts - Invision Power Services"the original"New Default Skin"the original"Invision Power Board 3.0.0 and Applications Released"the original"Archived copy"the original"Perpetual licenses being done away with""Release Notes - Invision Power Services""Introducing: IPS Community Suite 4!"Invision Community Release Notes

                      Canceling a color specificationRandomly assigning color to Graphics3D objects?Default color for Filling in Mathematica 9Coloring specific elements of sets with a prime modified order in an array plotHow to pick a color differing significantly from the colors already in a given color list?Detection of the text colorColor numbers based on their valueCan color schemes for use with ColorData include opacity specification?My dynamic color schemes

                      Ласкавець круглолистий Зміст Опис | Поширення | Галерея | Примітки | Посилання | Навігаційне меню58171138361-22960890446Bupleurum rotundifoliumEuro+Med PlantbasePlants of the World Online — Kew ScienceGermplasm Resources Information Network (GRIN)Ласкавецькн. VI : Літери Ком — Левиправивши або дописавши її