Editing FAQ

From PasswordMaker

Jump to: navigation, search

Warning: The database has been locked for maintenance, so you will not be able to save your edits right now. You may wish to cut-n-paste the text into a text file and save it for later.

The administrator who locked it offered this explanation: It appears something is broken, so the wiki is in Read Only Mode until the attack is blocked, or an up to date version of the wiki is installed

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Current revision Your text
Line 1: Line 1:
== General ==
== General ==
-
 
-
=== What browsers/platforms are supported? ===
 
-
 
-
*The extension works with some of the most popular [http://en.wikipedia.org/wiki/Gecko_(layout_engine) Gecko] based web browsers, including: [http://www.mozilla.com/en-US/firefox/ Firefox], [http://www.mozilla.org/projects/seamonkey/ SeaMonkey], [http://www.mozilla.org/products/mozilla1.x/ Mozilla Suite], [http://www.flock.com/ Flock] and [http://browser.netscape.com/ Netscape].
 
-
*There was a beta version of PasswordMaker for Internet Explorer 6 and 7, but it was never finished, and is [http://forums.passwordmaker.org/index.php/topic,884.0.html no longer maintained]. It is highly unlikely that there will be any further development on it, unless a sponsor steps forward. If you are interested in sponsoring the Internet Explorer version, please feel free to post a message on the [http://forums.passwordmaker.org/ user forums] and someone will get in touch with you to see if an arrangement can be made.
 
-
*There is an [http://passwordmaker.org/passwordmaker.html online version] that works with all browsers (including Internet Explorer and Opera) on all platforms.
 
-
*The desktop version is written in [http://trolltech.com QT/C++] and works on [http://www.windows.com Windows], [http://www.apple.com Mac], and Linux/Unix (Actually, any place that QT can be compiled on). The [http://forums.passwordmaker.org/index.php/topic,1376.msg1280429.html#msg1280429 J2ME version] will work on any Java-enabled mobile phone or PDA.
 
=== If someone gets my master password, can't he determine all of my generated passwords? ===
=== If someone gets my master password, can't he determine all of my generated passwords? ===
Line 36: Line 29:
* when l33t-speak was applied (if at all)
* when l33t-speak was applied (if at all)
Of course, the URLs of the sites must also be known since they are used in password calculation. Probably the most interesting of these variables is character set because it gives you the flexibility to determine precisely which characters can and can't be included in generated passwords.
Of course, the URLs of the sites must also be known since they are used in password calculation. Probably the most interesting of these variables is character set because it gives you the flexibility to determine precisely which characters can and can't be included in generated passwords.
-
 
-
=== How do the account-settings and algorithm I choose work together to generate passwords? ===
 
-
 
-
If you've selected a non-HMAC hash function (those without the HMAC prefix), passwords are generated using the following pseudocode:
 
-
 
-
password = mp + usingURL + username + modifier<br>
 
-
password = leet(password, leetlevel)  [optional]<br>
 
-
password = hash(password, charset)<br>
 
-
password = leet(password, leetlevel)  [optional]<br>
 
-
password = truncate(prefix + password, length-suffix_length) + suffix<br>
 
-
password = truncate(password, length)
 
-
 
-
If you've selected an HMAC hash function (those with the HMAC prefix), passwords are generated using the following pseudocode:
 
-
 
-
data = usingURL + username + modifier<br>
 
-
mp = leet(mp, leetlevel)  [optional]<br>
 
-
data = leet(data, leetlevel)  [optional]<br>
 
-
password = hmac_hash(mp, data, charset)<br>
 
-
password = leet(password, leetlevel)  [optional]<br>
 
-
password = truncate(prefix + password, length-suffix_length) + suffix<br>
 
-
truncate(password, length)
 
-
 
-
Where + is the concatenation operator. mp is the master password, usingURL is the value in "Using URL", and username, counter, prefix, and suffix are optional settings specified in the Account Settings dialog. For HMAC hash functions, mp is the secret key and data is the input text.
 
=== Where is my master password stored? ===
=== Where is my master password stored? ===
Line 79: Line 49:
To set up a URL/site in this manner, simply go to the login page for the Account that you want to save the password for, create a new (or open the existing) Account for this URL/site, change to ''Advanced Options'' (if you are not already there), click the ''Advanced Auto-Populate'' tab, click '''<u>inside</u>''' the '''password''' field on the login page, click inside the ''Field Value'' field, enter your current password, then click the <i>Add></i> button (just above the list-box for fields), and last but not least, if desired, check ''Auto-populate username and password fields for sites that contain this URL''.
To set up a URL/site in this manner, simply go to the login page for the Account that you want to save the password for, create a new (or open the existing) Account for this URL/site, change to ''Advanced Options'' (if you are not already there), click the ''Advanced Auto-Populate'' tab, click '''<u>inside</u>''' the '''password''' field on the login page, click inside the ''Field Value'' field, enter your current password, then click the <i>Add></i> button (just above the list-box for fields), and last but not least, if desired, check ''Auto-populate username and password fields for sites that contain this URL''.
-
 
-
=== Which hash algorithms are supported? ===
 
-
 
-
* MD4
 
-
* HMAC-MD4
 
-
* MD5
 
-
* MD5 (for PasswordMaker v 0.6)
 
-
* HMAC-MD5
 
-
* HMAC-MD5 (for PasswordMaker v 0.6)
 
-
* SHA-1
 
-
* HMAC-SHA-1
 
-
* SHA-256
 
-
* HMAC-SHA-256
 
-
* HMAC-SHA-256 (for PasswordMaker v 1.5.1)
 
-
* RIPEMD-160
 
-
* HMAC-RIPEMD-160
 
-
 
-
=== Which hash algorithm should I use? ===
 
-
 
-
All of the algorithms are cryptographically strong, but of the algorithms PasswordMaker offers, many people regard SHA-256, HMAC-SHA1, HMAC-MD5 and HMAC-SHA-256 as the strongest.
 
-
 
-
=== What about recent press concerning MD5 AND SHA-1 "cracks"? ===
 
-
 
-
At Crypto 2004, Xiaoyun Wang, Dengguo Feng, Xuejia Lai and Hongbo Yu announced [http://eprint.iacr.org/2004/199.pdf they had found hash collisions] for MD4, MD5, RIPEMD, and HAVAL-128. SHA-1 hash collisions have also been announced. A [http://en.wikipedia.org/wiki/Hash_collision hash collision] means the researchers found two or more messages that yield the same hash with these algorithms. However, it's important to note that the one-way nature of these algorithms has not been undermined. In other words, in the context of PasswordMaker, [http://en.wikipedia.org/wiki/Hash_collision hash collisions] do not empower someone with the ability to derive your master password if they have your generated (hashed) passwords. The hash collision attacks have no relevance to PasswordMaker except there is very small chance someone could choose a different master password than yours which hashes to the same generated password. However, he would still need your username and the URL in order to hack your account.
 
-
 
-
=== Do you provide technical support? ===
 
-
 
-
Yes! Free technical support is provided on the [http://forums.passwordmaker.org/ user forums], with a response time often measured in minutes, but typically never more than 24 hours.
 
-
 
-
=== Where can I find an explanation of each and every feature and function? ===
 
-
 
-
Right here!
 
-
 
-
=== Do you accept Feature Requests? ===
 
-
 
-
Yes, absolutely! Feature requests from people who actually use PasswordMaker is one of the reasons PasswordMaker has a lot of the functionality it now has!
 
-
 
-
Our [http://forums.passwordmaker.org user forums] are the best place to get support, and the [http://forums.passwordmaker.org/index.php/topic,167.msg521113.html#msg521113 Feature Request List] is the place to make your desires known.
 
-
 
-
Please read through all of the existing [http://forums.passwordmaker.org/index.php/topic,167.msg521113.html#msg521113 Feature Requests] before posting, because it is very possible that someone else has already done it for you. If so, then by all means post a request to add your vote to it, and any other Feature Requests that sound attractive to you.
 
-
 
-
Each registered user gets 5 votes, so please feel free to stop by and add your votes now!
 
-
 
-
=== How is PasswordMaker licensed? ===
 
-
 
-
PasswordMaker is licensed under the [http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPL] Open Source License. The desktop edition (because of QT) is licensed under the [http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GPL] Open Source License.
 
-
 
-
The full sources for PasswordMaker can be downloaded from [http://sourceforge.net/projects/passwordmaker here].
 
=== What if I forget my Master Password? ===
=== What if I forget my Master Password? ===
Line 133: Line 55:
== Firefox / Gecko edition ==
== Firefox / Gecko edition ==
 +
 +
=== Is there an Internet Explorer version? ===
 +
 +
There was a Beta version of PasswordMaker for Internet Explorer 6 and 7, but it was never finished. It currently isn't maintained, and users are discouraged from installing it because it is highly unlikely that there will be any further development on it, unless a sponsor steps forward. If you are interested in sponsoring the Internet Explorer version, please feel free to post a message on the [http://forums.passwordmaker.org/ Forums] and someone will get in touch with you to see if an arrangement can be made.
=== Where is account information and other settings stored? ===
=== Where is account information and other settings stored? ===
Line 164: Line 90:
There are plans to optionally save this file on an FTP site so you don't need to transport it across PCs, but you can always opt-out of this. In the meantime, you can store exported settings centrally somewhere yourself (like your web-based email account) to make it easy to import them from anywhere.
There are plans to optionally save this file on an FTP site so you don't need to transport it across PCs, but you can always opt-out of this. In the meantime, you can store exported settings centrally somewhere yourself (like your web-based email account) to make it easy to import them from anywhere.
-
=== How can I change PasswordMaker's shortcuts (ctrl-` and alt-`) to something else? ===
+
== Desktop edition ==
 +
 
 +
== Javascript edition ==
 +
 
 +
== Yahoo! Widget edition ==
 +
 
 +
== Command-line edition ==
 +
 
 +
== PHP / Mobile edition ==
 +
 
 +
== On-line edition ==
 +
 
 +
 
 +
 
 +
== How can I change PasswordMaker's shortcuts (ctrl-` and alt-`) to something else? ==
Install the [http://mozilla.dorando.at/keyconfig.xpi KeyConfig Extension]. Scroll down to the PasswordMaker entry and change the shortcuts to anything you like. Changes won't take effect until you restart Firefox/Mozilla.
Install the [http://mozilla.dorando.at/keyconfig.xpi KeyConfig Extension]. Scroll down to the PasswordMaker entry and change the shortcuts to anything you like. Changes won't take effect until you restart Firefox/Mozilla.
-
=== How can I turn off the toolbar icons for Mozilla and Netscape? ===
+
== Which hash algorithms are supported? ==
 +
 
 +
* MD4
 +
* HMAC-MD4
 +
* MD5
 +
* MD5 (for PasswordMaker v 0.6)
 +
* HMAC-MD5
 +
* HMAC-MD5 (for PasswordMaker v 0.6)
 +
* SHA-1
 +
* HMAC-SHA-1
 +
* SHA-256
 +
* HMAC-SHA-256
 +
* HMAC-SHA-256 (for PasswordMaker v 1.5.1)
 +
* RIPEMD-160
 +
* HMAC-RIPEMD-160
 +
 
 +
== Which hash algorithm should I use? ==
 +
 
 +
All of the algorithms are cryptographically strong, but of the algorithms PasswordMaker offers, many people regard SHA-256, HMAC-SHA1, HMAC-MD5 and HMAC-SHA-256 as the strongest.
 +
 
 +
== What about recent press concerning MD5 AND SHA-1 "cracks"? ==
 +
 
 +
At Crypto 2004, Xiaoyun Wang, Dengguo Feng, Xuejia Lai and Hongbo Yu announced [http://eprint.iacr.org/2004/199.pdf they had found hash collisions] for MD4, MD5, RIPEMD, and HAVAL-128. SHA-1 hash collisions have also been announced. A [http://en.wikipedia.org/wiki/Hash_collision hash collision] means the researchers found two or more messages that yield the same hash with these algorithms. However, it's important to note that the one-way nature of these algorithms has not been undermined. In other words, in the context of PasswordMaker, [http://en.wikipedia.org/wiki/Hash_collision hash collisions] do not empower someone with the ability to derive your master password if they have your generated (hashed) passwords. The hash collision attacks have no relevance to PasswordMaker except there is very small chance someone could choose a different master password than yours which hashes to the same generated password. However, he would still need your username and the URL in order to hack your account.
 +
 
 +
== How do the account-settings and algorithm I choose work together to generate passwords? ==
 +
 
 +
If you've selected a non-HMAC hash function (those without the HMAC prefix), passwords are generated using the following pseudocode:
 +
 
 +
password = mp + usingURL + username + modifier<br>
 +
password = leet(password, leetlevel)  [optional]<br>
 +
password = hash(password, charset)<br>
 +
password = leet(password, leetlevel)  [optional]<br>
 +
password = truncate(prefix + password, length-suffix_length) + suffix<br>
 +
password = truncate(password, length)
 +
 
 +
If you've selected an HMAC hash function (those with the HMAC prefix), passwords are generated using the following pseudocode:
 +
 
 +
data = usingURL + username + modifier<br>
 +
mp = leet(mp, leetlevel)  [optional]<br>
 +
data = leet(data, leetlevel)  [optional]<br>
 +
password = hmac_hash(mp, data, charset)<br>
 +
password = leet(password, leetlevel)  [optional]<br>
 +
password = truncate(prefix + password, length-suffix_length) + suffix<br>
 +
truncate(password, length)
 +
 
 +
Where + is the concatenation operator. mp is the master password, usingURL is the value in "Using URL", and username, counter, prefix, and suffix are optional settings specified in the Account Settings dialog. For HMAC hash functions, mp is the secret key and data is the input text.
 +
 
 +
== What browsers/platforms are supported? ==
 +
 
 +
The extension works with Firefox, Mozilla, and Netscape on Windows, Mac, and Linux/Unix. An Internet Explorer extension is currently being developed. The on-line version works with all browsers (including Internet Explorer and Opera) on all platforms. The desktop version is written in QT/C++ and works on Windows, Mac, and Linux/Unix (Actually, any place that QT can be compiled on). The J2ME version (also coming soon) works on any Java-enabled mobile phone or PDA.
 +
 
 +
== How can I turn off the toolbar icons for Mozilla and Netscape? ==
You can turn it off (and back on again) by creating the new boolean preferences browser.toolbars.showbutton.passwordmaker and browser.toolbars.showbutton.passwordmaker-key in about:config or user.js with the value of true or false. Make sure to restart all browsers after making the change.
You can turn it off (and back on again) by creating the new boolean preferences browser.toolbars.showbutton.passwordmaker and browser.toolbars.showbutton.passwordmaker-key in about:config or user.js with the value of true or false. Make sure to restart all browsers after making the change.
-
=== How do I uninstall PasswordMaker? ===
+
== How do I uninstall PasswordMaker? ==
If you're using Firefox, it's quite simple. Select Tools -> Extensions, select PasswordMaker and click the Uninstall button.
If you're using Firefox, it's quite simple. Select Tools -> Extensions, select PasswordMaker and click the Uninstall button.
Line 178: Line 169:
If you're using Mozilla or Netscape, it's as simple as deleting two files and one directory:
If you're using Mozilla or Netscape, it's as simple as deleting two files and one directory:
-
* If you installed PasswordMaker to a profile, locate that profile's directory (read this if you don't know how to find it). If you installed PasswordMaker to the browser directory, locate your Mozilla or Netscape installation directory (read [http://kb.mozillazine.org/Profile_folder this] if you don't know how to find it).If you don't know where you installed PasswordMaker, try to remember how you answered this prompt when installation began:
+
* If you installed PasswordMaker to a profile, locate that profile's directory (read this if you don't know how to find it). If you installed PasswordMaker to the browser directory, locate your Mozilla or Netscape installation directory (read this if you don't know how to find it).If you don't know where you installed PasswordMaker, try to remember how you answered this prompt when installation began:
[[Image:mozilla-install.jpg]]
[[Image:mozilla-install.jpg]]
Line 187: Line 178:
* Delete the directory /path/chrome/overlayinfo. This directory is automatically recreated the next time you start Mozilla or Netscape. If you restart and this directory hasn't been recreated, don't worry: it just means you don't have any other extensions, themes, or skins installed.
* Delete the directory /path/chrome/overlayinfo. This directory is automatically recreated the next time you start Mozilla or Netscape. If you restart and this directory hasn't been recreated, don't worry: it just means you don't have any other extensions, themes, or skins installed.
-
== Desktop edition ==
+
== Do you provide technical support? ==
-
== Javascript edition ==
+
Yes! Free technical support is provided on the [http://forums.passwordmaker.org/ Forums], with a response time typically less than 24 hours.
-
== Yahoo! Widget edition ==
+
== Where can I find an explanation of each and every feature and function? ==
-
== Command-line edition ==
+
Right here!
-
== PHP / Mobile edition ==
+
== How is PasswordMaker licensed? ==
-
== On-line edition ==
+
PasswordMaker is licensed under the [http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html LGPL] Open Source License. The desktop edition (because of QT) is licensed under the [http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GPL] Open Source License.
 +
 
 +
The full sources for PasswordMaker can be downloaded from [http://sourceforge.net/projects/passwordmaker here].

Please note that all contributions to PasswordMaker may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see PasswordMaker:Copyrights for details). Do not submit copyrighted work without permission!


Cancel | Editing help (opens in new window)
Personal tools