Difference between revisions of "Introduction"

From PasswordMaker
Jump to navigationJump to search
Line 14: Line 14:
  
 
You provide PASSWORD'''MAKER''' two pieces of information: a "master password" -- that one, single password you like -- and the [http://en.wikipedia.org/wiki/URL URL] of the website requiring a password. Through the magic of [http://en.wikipedia.org/wiki/Cryptographic_hash_function one-way hash algorithms], PASSWORD'''MAKER''' calculates a [http://www.rsasecurity.com/rsalabs/node.asp?id=2176 message digest], also known as a [http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/distrib/dsch_key_vzqm.asp digital fingerprint], which can be used as your password for the website. Although one-way hash algorithms have a number of interesting characteristics, the one capitalized by PASSWORD'''MAKER''' is that the resulting fingerprint (password) does "not reveal anything about the input that was used to generate it."[http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#MessageDigest] In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers [http://krone.physik.unizh.ch/~stadel/zBox/ like this] won't help!
 
You provide PASSWORD'''MAKER''' two pieces of information: a "master password" -- that one, single password you like -- and the [http://en.wikipedia.org/wiki/URL URL] of the website requiring a password. Through the magic of [http://en.wikipedia.org/wiki/Cryptographic_hash_function one-way hash algorithms], PASSWORD'''MAKER''' calculates a [http://www.rsasecurity.com/rsalabs/node.asp?id=2176 message digest], also known as a [http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/distrib/dsch_key_vzqm.asp digital fingerprint], which can be used as your password for the website. Although one-way hash algorithms have a number of interesting characteristics, the one capitalized by PASSWORD'''MAKER''' is that the resulting fingerprint (password) does "not reveal anything about the input that was used to generate it."[http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#MessageDigest] In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers [http://krone.physik.unizh.ch/~stadel/zBox/ like this] won't help!
 +
 +
 +
 +
You provide PasswordMaker two pieces of information: a "master password" -- that one, single master password you like -- and the [http://en.wikipedia.org/wiki/URL URL] of a website requiring a password (for internet applications without URLs, such as instant messaging, you can make up any URL you like; e.g., aolinstantmessenger.com). Through the magic of [http://www.webopedia.com/TERM/O/one-way_hash_function.html one-way hash algorithms], PasswordMaker calculates what is known as a [http://en.wikipedia.org/wiki/Cryptographic_hash_function digital fingerprint] - or Hash - which can then be used as your password for the website.<br><br>Although one-way hash algorithms have a number of interesting characteristics, the one capitalized on by PasswordMaker is that the resulting fingerprint (password) does "not reveal anything about the input that was used to generate it." [http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html#MessageDigest <span style="vertical-align: super"><font size="xx-small">1</font></span>] In other words, if someone has one or more of your generated passwords, it is ''computationally infeasible'' for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers [http://krone.physik.unizh.ch/~stadel/zBox/ like this] won't help! Other security features, such as PasswordMaker's ability to automatically insert generated passwords into web sites' password boxes, helps to prevent hackers from using [http://en.wikipedia.org/wiki/Keystroke_logging keyboard loggers] and [http://en.wikipedia.org/wiki/Trojan_horse_(computing) trojan horses] to determine your passwords. For more details, visit the [http://passwordmaker.org/faq.html FAQ].
  
 
== What About Portability? ==
 
== What About Portability? ==
  
 
For times when you must use non-Firefox browsers or can't install Firefox extensions, there's an [http://passwordmaker.org/passwordmaker.html online version] which mimicks the extension and works in all browsers new and old. No downloads or installations are required. Additionally, stand-alone versions for desktops, mobile phones, and PDAs are coming shortly.
 
For times when you must use non-Firefox browsers or can't install Firefox extensions, there's an [http://passwordmaker.org/passwordmaker.html online version] which mimicks the extension and works in all browsers new and old. No downloads or installations are required. Additionally, stand-alone versions for desktops, mobile phones, and PDAs are coming shortly.

Revision as of 14:52, 30 August 2007

The Problem

If you're like most people, you have a few passwords that you use over and over again on many different websites. You know this isn't secure, yet you do it anyway. Why? Because it's difficult to remember a unique password for each and every web site that requires one.

Existing Solutions

Maybe you do use unique passwords, and get around the problem of remembering them by storing them in a spreadsheet or other file. Maybe you even use one of the many password managers that are available. But now you've centralized your passwords and access to them becomes difficult while at work, a friend's, or a public internet terminal. You can't get to your passwords without carrying them around or publishing them on the internet. Some people even carry a USB keychain with their passwords wherever they go. How inconvenient. And publishing them on the internet? Yikes! We need not even mention the security risks inherent with that solution. Even if you trust the company storing the passwords, you can be sure every hacker in the world is drooling over the prospect of accessing their database.

Our Solution

PASSWORDMAKER solves all of these issues. It is a small, lightweight, free, extension for Firefox, Mozilla, Netscape, Flock, and Yahoo! Widgets which creates unique, secure passwords that are very easy for you to retrieve but no one else. Nothing is stored anywhere, anytime, so there's nothing to be hacked, lost, or stolen.

How It Works

You provide PASSWORDMAKER two pieces of information: a "master password" -- that one, single password you like -- and the URL of the website requiring a password. Through the magic of one-way hash algorithms, PASSWORDMAKER calculates a message digest, also known as a digital fingerprint, which can be used as your password for the website. Although one-way hash algorithms have a number of interesting characteristics, the one capitalized by PASSWORDMAKER is that the resulting fingerprint (password) does "not reveal anything about the input that was used to generate it."[1] In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers like this won't help!


You provide PasswordMaker two pieces of information: a "master password" -- that one, single master password you like -- and the URL of a website requiring a password (for internet applications without URLs, such as instant messaging, you can make up any URL you like; e.g., aolinstantmessenger.com). Through the magic of one-way hash algorithms, PasswordMaker calculates what is known as a digital fingerprint - or Hash - which can then be used as your password for the website.

Although one-way hash algorithms have a number of interesting characteristics, the one capitalized on by PasswordMaker is that the resulting fingerprint (password) does "not reveal anything about the input that was used to generate it." 1 In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers like this won't help! Other security features, such as PasswordMaker's ability to automatically insert generated passwords into web sites' password boxes, helps to prevent hackers from using keyboard loggers and trojan horses to determine your passwords. For more details, visit the FAQ.

What About Portability?

For times when you must use non-Firefox browsers or can't install Firefox extensions, there's an online version which mimicks the extension and works in all browsers new and old. No downloads or installations are required. Additionally, stand-alone versions for desktops, mobile phones, and PDAs are coming shortly.