#1 05 May 2019 10:37

rycho
Member
Registered: 13 Apr 2015
Posts: 2

Password generator

Just for your information: for my password generator (which is based on your ss64.com/pass) I'm using a few additional cool features:

  • fingerprinting: every time I pass the master password there is an additional hash computed and its last four hex digits are printed on the screen. Thanks to that I know I didn't make a typo in the master password which is extremely useful when I'm registering a new account on some page and the registering page will not tell me that the login or password is incorrect when there is a typo in the master password. If I try to login to that page and type the master password correctly the password will be different then when I was registering.

  • all the pages are not just strings but javascript objects. they contain:

    • separate "seed" for every page. in most cases this is the same as the name of the page but occasionally can be changed in case when the users database of the page is compromised

    • login (in case I forget)

    • password generation options e.g. limit length to n chars (default is 32), use special characters (default is alphanumeric)

  • with this algorithm I can generate not only passwords but also 4-digit pins for my phones and bank card.... actually I'm not generating them but storing them i.e. I got the original pin first, then I use reverse method which for numeric pins is a simple subtraction and this way I obtain the seed for the pin. When I want to retrieve the original pin the page takes the seed and adds some number obtained by hashing the master password and prints last four decimal digits

  • the list of the pages and their metadata is hardcoded in the js file and is stored in a private git repo and backed up

  • one last tiny thing: I don't have the "generate" button, the passwords are generated after each keystroke, this is fast for my 50 passwords and a little bit more convenient

Offline

Board footer

Powered by FluxBB