Difference between revisions of "How it works"

From PasswordMaker
Jump to navigationJump to search
(Undo revision 1315 by 92.112.137.235 (Talk))
 
(24 intermediate revisions by 7 users not shown)
Line 1: Line 1:
You provide PasswordMaker two pieces of information: a <i>master password</i> -- that one, favorite password you like -- and the [http://en.wikipedia.org/wiki/URL URL] of the website requiring a password (for internet applications without URLs, such as instant messaging, you can make up any URL you like; e.g., gmail.com).
+
You provide PasswordMaker at least two pieces of information: a ''master password'' -- that one, favorite password you like -- and a text [http://en.wikipedia.org/wiki/String_(computer_science) string] that is unique to that particular password. For web based accounts, this will usually be the [http://en.wikipedia.org/wiki/URL URL] of the website requiring the password. In fact, this is the default for such sites, although it can be changed if desired. For internet applications without URLs, such as [http://en.wikipedia.org/wiki/Instant_messaging instant messaging] - or some other password that you want to generate using PasswordMaker that is not internet related at all - you can make up any text you like, e.g., "aolinstantmessenger.com", "my-aol-im", or "MyBank_PIN").
  
Through the magic of [http://www.webopedia.com/TERM/O/one-way_hash_function.html one-way hash algorithms], PasswordMaker calculates what is known as a [http://en.wikipedia.org/wiki/Cryptographic_hash_function digital fingerprint] - or hash - which can then be used as your password for the website.
+
Through the magic of your favorite [http://www.webopedia.com/TERM/O/one-way_hash_function.html one-way hash algorithm] (Passwordmaker currently supports [[FAQ#Which_hash_algorithms_are_supported.3F|all of these]]), PasswordMaker uses the ''master password'' and the URL/text [http://en.wikipedia.org/wiki/String_(computer_science) string]) that you provided, plus the [[FAQ#How_do_the_account-settings_and_algorithm_I_choose_work_together_to_generate_passwords.3F|account settings as modified by you]], to calculate what is known as a [http://en.wikipedia.org/wiki/Cryptographic_hash_function digital fingerprint] - or hash - which can then be used as your password for the website.
  
Although one-way hash algorithms have a number of interesting characteristics, the one capitalized on by PasswordMaker is that the resulting hash (password) "does not reveal anything about the input (your <i>master password</i>) that was used to generate it." [http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#MessageDigest]  
+
Although one-way hash algorithms have a number of interesting characteristics, the one capitalized on by PasswordMaker is that the resulting hash (password) "does not reveal anything about the input (your <i>master password</i>) that was used to generate it.[http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#MessageDigest]
  
 
In other words, if someone has one or more of your generated passwords, it is [http://www.certifyit.com/_Definitions.htm ''computationally infeasible''] for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers [http://krone.physik.unizh.ch/~stadel/zBox/ like this] won't help!
 
In other words, if someone has one or more of your generated passwords, it is [http://www.certifyit.com/_Definitions.htm ''computationally infeasible''] for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers [http://krone.physik.unizh.ch/~stadel/zBox/ like this] won't help!
  
Security features offered by the Browser Extension version of PasswordMaker - such as the ability to automatically insert generated passwords into a web sites' password box, helps protect you from [http://en.wikipedia.org/wiki/Keystroke_logging key-loggers] and/or [http://en.wikipedia.org/wiki/Trojan_horse_(computing) trojan horses] that some [http://en.wikipedia.org/wiki/Black_hat "Black Hats"] use to try to steal passwords. For more details, visit the [[FAQ]].
+
Security features offered by the [[Firefox/Mozilla/SeaMonkey/Flock/Netscape|Browser Extension version]] of PasswordMaker - such as the ability to automatically insert both usernames and the generated passwords into a web sites' username and password fields, helps protect you from [http://en.wikipedia.org/wiki/Keystroke_logging key-loggers] and/or [http://en.wikipedia.org/wiki/Trojan_horse_(computing) trojan horses] that some [http://en.wikipedia.org/wiki/Black_hat "Black Hats"] use to try to steal passwords. For more details, visit the [[FAQ]].
  
 
== What About Portability? ==
 
== What About Portability? ==
  
For times when you must use an unsupported browser or can't install the extension for some other reason, there's an [http://passwordmaker.org/passwordmaker.html online version] which mimicks the extension and works in all browsers new and old. No downloads or installations are required.
+
For times when you must use an unsupported browser or can't install the extension for some other reason, there's an [http://passwordmaker.sourceforge.net/passwordmaker.html online version] which mimicks the extension and works in all browsers new and old. No downloads or installations are required.
  
Additionally, there is a stand-alone version for Windows, Linux and Mac [http://wiki.passwordmaker.org/index.php/Desktop desktops], as well as a [http://wiki.passwordmaker.org/index.php/Command-line command-line] version that can be integrated with custom applications.
+
Additionally, there is a [[Desktop|stand-alone version]] for Windows, Linux and Mac desktops, as well as a [[Command-line|command-line version]] that can be integrated with custom applications.
  
Lastly, there is a J2ME version for mobile phones and PDAs in the works, although there is little happening at the moment. If you are interested in seeing this implemented more quickly and are willing to sponsor its development, please add a post in the [http://forums.passwordmaker.org/index.php/board,26.0.html Forums] and someone will get in touch with you to discuss terms.
+
Lastly, there is a [http://forums.passwordmaker.org/index.php/topic,1376.msg1280429.html#msg1280429 J2ME version] in the works for mobile phones and PDAs, although there is little happening at the moment. If you are interested in seeing this implemented more quickly and have the skills to help - or are willing to help sponsor its development - please add a post in the [http://forums.passwordmaker.org/index.php/board,26.0.html user forums] and someone will get in touch with you to discuss terms.
 +
 
 +
== I'm interested - where do I start? ==
 +
 
 +
This is simple - decide which edition (listed under 'editions' in the menu on the left) makes the most sense for you to use, and click the appropriate link.

Latest revision as of 19:04, 6 December 2008

You provide PasswordMaker at least two pieces of information: a master password -- that one, favorite password you like -- and a text string that is unique to that particular password. For web based accounts, this will usually be the URL of the website requiring the password. In fact, this is the default for such sites, although it can be changed if desired. For internet applications without URLs, such as instant messaging - or some other password that you want to generate using PasswordMaker that is not internet related at all - you can make up any text you like, e.g., "aolinstantmessenger.com", "my-aol-im", or "MyBank_PIN").

Through the magic of your favorite one-way hash algorithm (Passwordmaker currently supports all of these), PasswordMaker uses the master password and the URL/text string) that you provided, plus the account settings as modified by you, to calculate what is known as a digital fingerprint - or hash - which can then be used as your password for the website.

Although one-way hash algorithms have a number of interesting characteristics, the one capitalized on by PasswordMaker is that the resulting hash (password) "does not reveal anything about the input (your master password) that was used to generate it.[1]"

In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers like this won't help!

Security features offered by the Browser Extension version of PasswordMaker - such as the ability to automatically insert both usernames and the generated passwords into a web sites' username and password fields, helps protect you from key-loggers and/or trojan horses that some "Black Hats" use to try to steal passwords. For more details, visit the FAQ.

What About Portability?

For times when you must use an unsupported browser or can't install the extension for some other reason, there's an online version which mimicks the extension and works in all browsers new and old. No downloads or installations are required.

Additionally, there is a stand-alone version for Windows, Linux and Mac desktops, as well as a command-line version that can be integrated with custom applications.

Lastly, there is a J2ME version in the works for mobile phones and PDAs, although there is little happening at the moment. If you are interested in seeing this implemented more quickly and have the skills to help - or are willing to help sponsor its development - please add a post in the user forums and someone will get in touch with you to discuss terms.

I'm interested - where do I start?

This is simple - decide which edition (listed under 'editions' in the menu on the left) makes the most sense for you to use, and click the appropriate link.