Skip to content

Instantly share code, notes, and snippets.

Created May 8, 2016 04:33
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anonymous/305cdee9d2c977de08d8844385d540c5 to your computer and use it in GitHub Desktop.
Save anonymous/305cdee9d2c977de08d8844385d540c5 to your computer and use it in GitHub Desktop.
Hide my private key in plain site: Password Thought Doodle
1. I hate storing passwords in one central place, encrypted with the use of one master password. Gives me the creeps.
2. How about a method that generates passwords on the fly for an account using a memorized password? This is intended for my personal use, not for distribution (a key point).
3. Goes like this:
1. User supplies 2 items: account name (e.g. facebook.com) and a root password known only to user.
2. Ensure the password has no dictionary words in it.
3. Generate a salt based on another random password from the user. Use this same salt for each account.
4. Hash the account name, halve the number of returned chars, concatenate it to the root password and hash that. Use bcrypt and keep the cost value high, 15+. On my newish mac, this results in a 3s has, give or take (expensive to do a rainbow attack, etc).
5. Strip the meta-data from bcrypt result.
6. Ask user to pick their favourite number between 30 and 40.
7. Select that many characters. Use that as the password for that account. Throw away the rest of the hash. (Problem: I’m not sure how the padding works in bcrypt? This may need refinement. Point is to throw away a bunch of the hash.)
This gives you a way to:
* Deterministically generate a random /looking/ password that is different per account.
* If one account password is stolen, doesn’t necessarily mean you can hack another account because you still need to discover the root passwords.
Here’s my thinking. Let say somebody stored this in plaintext and that plaintext was stolen. How would the root passwords be stolen? Some problems:
* Obfuscation at work. Hard to know what encryption method was used.
* If you do know it’s bcrypt, you have to build multiple rainbow tables since you need to know what the cost value in the bcrypt was, and this was thrown away.
* OR have to break bcrypt.
* About half the hash is thrown away. A rainbow table would yield many more matches. In the rainbow table, without dictionary words in the root password, hard to figure out if the values in the rainbow table are just passwords that are randomly generated.
* Passwords are distinct per account. To start piecing this together from rainbow tables, multiple third party accounts need to be stolen, i.e once you see the same root password fragment in the rainbow table from 2 different hash results, you can find a portion of the password. Obviously, hacking one account is hard, but hacking multiple is harder.
* If you know the root password, and you don’t have the hash from the hacked account (i.e., you haven’t hacked it and seen the value that was used by the user as their facebook password) you don’t know how much of the hash was selected by the user (i.e. you don’t know how many characters were thrown away). Additionally, you still don’t have a list of account names they chose, e.g. could be facebook, or facebook.com or fb, or any other list of references.
* If I published the code for the program, and it was widely used, then you could use the program itself to build a rainbow table. At 3s/hash, not super feasible.
The part of this that scares me is that - basically - I’m encrypting my secret key and ‘putting it out there’. Now, tell me what’s wrong with my thinking?
@justenwalker
Copy link

Warning

You are inventing your own crypto algorithm. Unless you are a skilled cryptographer, this is not advisable. Even if you are, it is generally better to follow the crowd than to go it alone with a novel approach. Those algorithms are battle-tested and well understood: If vulnerabilities are found, other people are looking at them and fixing them.

I know you are using bcrypt, but you are combining it with a novel set of steps for an unintended use. bcrypt is a KDF (Key Derivation Function) and you are throwing away parts of the key by design.

Comments

  • Obfuscation at work. Hard to know what encryption method was used.

you just posted it here, so now I know how it works

  • If you do know it’s bcrypt, you have to build multiple rainbow tables since you need to know what the cost value in the bcrypt was, and this was thrown away.

If you are keeping between 30-40 chars, then I'll be right after on average 5 guesses, which trivial in terms of security.

  • OR have to break bcrypt.

Hashes never get stronger with age; have a plan to change algorithms.

  • About half the hash is thrown away. A rainbow table would yield many more matches. In the rainbow table, without dictionary words in the root password, hard to figure out if the values in the rainbow table are just passwords that are randomly generated.

Throwing entropy away does not increase security

  • Passwords are distinct per account.

They are based on the same root password, so they are not actually distinct - they have less total entropy.

  • If you know the root password, and you don’t have the hash from the hacked account (i.e., you haven’t hacked it and seen the value that was used by the user as their facebook password) you don’t know how much of the hash was selected by the user (i.e. you don’t know how many characters were thrown away). Additionally, you still don’t have a list of account names they chose, e.g. could be facebook, or facebook.com or fb, or any other list of references.

Chances are that search space is pretty small. If I have your root password you are compromised in seconds / minutes. I mean, unless you are making the site names into random strings ... but then you are back to having passwords for each site.

Some alternatives that might be useful

  • Using an off-line password management utility (such as KeePass) and generate truly random passwords for each site.
  • For a low-tech option: write your passwords down and put them in your wallet.

@fcasco
Copy link

fcasco commented May 8, 2016

Something like this: http://passwordmaker.org/

I think I've seen another one with the same approach but I can't find it now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment