How it works

From PasswordMaker

(Difference between revisions)
Jump to: navigation, search
Line 5: Line 5:
Although one-way hash algorithms have a number of interesting characteristics, the one capitalized on by PasswordMaker is that the resulting hash (password) "does not reveal anything about the input (your <i>master password</i>) that was used to generate it." [http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#MessageDigest]  
Although one-way hash algorithms have a number of interesting characteristics, the one capitalized on by PasswordMaker is that the resulting hash (password) "does not reveal anything about the input (your <i>master password</i>) that was used to generate it." [http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#MessageDigest]  
-
In other words, if someone has one or more of your generated passwords, it is ''<i>computationally infeasible</i>'' for him to derive your master password or to calculate your other passwords. [http://www.certifyit.com/_Definitions.htm Computationally infeasible] means even computers [http://krone.physik.unizh.ch/~stadel/zBox/ like this] won't help! Other security features, such as PasswordMaker's ability to automatically insert generated passwords into web sites' password boxes, helps protect you from [http://en.wikipedia.org/wiki/Keystroke_logging key-loggers] and/or [http://en.wikipedia.org/wiki/Trojan_horse_(computing) trojan horses] that some [http://en.wikipedia.org/wiki/Black_hat <i>Black Hats</i>] use to try to steal passwords. For more details, visit the [[FAQ]].
+
In other words, if someone has one or more of your generated passwords, it is ''<i>computationally infeasible</i>'' for him to derive your master password or to calculate your other passwords. [http://www.certifyit.com/_Definitions.htm Computationally infeasible] means even computers [http://krone.physik.unizh.ch/~stadel/zBox/ like this] won't help! Security features offered by the Browser Extension version of PasswordMaker - such as the ability to automatically insert generated passwords into a web sites' password box, helps protect you from [http://en.wikipedia.org/wiki/Keystroke_logging key-loggers] and/or [http://en.wikipedia.org/wiki/Trojan_horse_(computing) trojan horses] that some [http://en.wikipedia.org/wiki/Black_hat <i>Black Hats</i>] use to try to steal passwords. For more details, visit the [[FAQ]].
== What About Portability? ==
== What About Portability? ==
For times when you must use non-Firefox browsers or can't install Firefox extensions, there's an [http://passwordmaker.org/passwordmaker.html online version] which mimicks the extension and works in all browsers new and old. No downloads or installations are required. Additionally, stand-alone versions for desktops, mobile phones, and PDAs are coming shortly.
For times when you must use non-Firefox browsers or can't install Firefox extensions, there's an [http://passwordmaker.org/passwordmaker.html online version] which mimicks the extension and works in all browsers new and old. No downloads or installations are required. Additionally, stand-alone versions for desktops, mobile phones, and PDAs are coming shortly.

Revision as of 23:29, 30 August 2007

You provide PasswordMaker two pieces of information: a master password -- that one, favorite password you like -- and the URL of the website requiring a password (for internet applications without URLs, such as instant messaging, you can make up any URL you like; e.g., aolinstantmessenger.com).

Through the magic of one-way hash algorithms, PasswordMaker calculates what is known as a digital fingerprint - or hash - which can then be used as your password for the website.

Although one-way hash algorithms have a number of interesting characteristics, the one capitalized on by PasswordMaker is that the resulting hash (password) "does not reveal anything about the input (your master password) that was used to generate it." [1]

In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers like this won't help! Security features offered by the Browser Extension version of PasswordMaker - such as the ability to automatically insert generated passwords into a web sites' password box, helps protect you from key-loggers and/or trojan horses that some Black Hats use to try to steal passwords. For more details, visit the FAQ.

What About Portability?

For times when you must use non-Firefox browsers or can't install Firefox extensions, there's an online version which mimicks the extension and works in all browsers new and old. No downloads or installations are required. Additionally, stand-alone versions for desktops, mobile phones, and PDAs are coming shortly.

Personal tools