Improvements all over.
[IMPROVED] Use SHA-1 instead of MD-4 for hashing the user givens.
[UPDATED] Remember master password on by default.
[IMPROVED] More and improved FAQ.
[ADDED] Auto-generate build/version values in Info.plist and
Settings Root.plist.
This commit is contained in:
Maarten Billemont
@@ -82,82 +82,168 @@
|
||||
<h3>What is this thing?<br />
|
||||
How do I use it?</h3>
|
||||
<p>
|
||||
The idea of this application is that you <b>change all of your passwords</b> everywhere to a password
|
||||
generated by this app.
|
||||
You use it by searching for the name of your site (you choose this yourself. For Twitter, you could use
|
||||
<code>twitter</code>, <code>twitter.com</code>, or something else entirely as the name. Just remember how
|
||||
you name your sites and try to be consistent). Tap the resulting password to copy it for pasting elsewhere
|
||||
or type it manually on your computer.
|
||||
</p>
|
||||
<p>
|
||||
The thought behind this application is to secure your online life by <b>changing all of your passwords</b>
|
||||
to passwords generated by this app.
|
||||
</p>
|
||||
|
||||
<h3>That's crazy talk.<br />
|
||||
Why would I do that?</h3>
|
||||
<p>
|
||||
Everybody everywhere uses passwords for authentication nowadays. The theory of password authentication is
|
||||
simple: It's a secret word that <b>only you</b> and the other party know. So, because nobody else knows
|
||||
your secret password, nobody else can log into your <abbr>E-Mail</abbr> or Twitter account with it.
|
||||
The theory of password authentication is simple: To log in to a site, you share a secret word with the site
|
||||
that <b>only you and the site know</b>. Because nobody else knows your secret password, nobody else can log
|
||||
into your site.
|
||||
</p>
|
||||
<p>
|
||||
That's fine and dandy in theory. In practice, it's an <b>absolute hell</b>. In modern times, people have
|
||||
hundreds of accounts on sites all over the Internet. So does that mean we're all remembering hundreds of
|
||||
secret passwords? No, of course not. That would be <i>impossible</i>. If you're like most people, you
|
||||
remember one or two passwords, and use those for all your sites everywhere.
|
||||
It sounds good in theory. In practice, it's an <b>absolute hell</b>. These days, people have hundreds of
|
||||
accounts on sites all over the Internet. Does that mean we're all remembering hundreds of secret passwords?
|
||||
No, of course not. That would be impossible. If you're like most people, you remember one or two
|
||||
passwords, and use those for all your sites everywhere.
|
||||
</p>
|
||||
<p>
|
||||
<q>So what</q>, you say? Here's the problem: You're not the only one that knows your secret password. Each
|
||||
time your make an account with a site and tell them your secret password, <i>they know it too</i>! Nothing
|
||||
is stopping them from trying to log into GMail, Hotmail or Twitter with the same password and username you
|
||||
used to register with their own site. Even if you only give your password to sites you trust, all it takes
|
||||
is for one of those sites to get hacked and loose their password database. Those hackers now have all it
|
||||
takes to impersonate you. This is, in fact, so common, that it's one of the main reasons people's accounts
|
||||
are getting hacked or compromised nowadays.
|
||||
<q>So, what?</q>, you might say.<br />
|
||||
Here's the problem: When you share a secret password with a site, and then share the same secret password
|
||||
with another site, both sites can now use the password you gave them to log into your account on the
|
||||
<i>other</i> site. Nothing is stopping them from trying to log into <i>your</i> GMail, Hotmail or Twitter
|
||||
accounts using the same password that you used to register an account on their site. Even if you only give
|
||||
your password to sites you trust, all it takes is for one of those sites to get hacked and loose their
|
||||
passwords database. Those hackers now have all it takes to impersonate you. This is, in fact, so common,
|
||||
that it's one of the main reasons people's accounts are getting hacked nowadays.
|
||||
</p>
|
||||
<p>
|
||||
Some of you already try to remember unique-ish passwords for different sites. This causes problems too:
|
||||
with so many passwords to remember, you easily forget passwords for sites you haven't used in a while. Or
|
||||
you make up a simplification algorithm such as tacking your birth year onto the site name. This is really
|
||||
not any more secure than using the same password for every site. And then there's those sites with
|
||||
<q>password policies</q>: suddenly your long password isn't good enough, because it begins with a number,
|
||||
or because (god forbid) it's <q>too long</q>. You now find yourself forced to create a strange variant
|
||||
of your password that you'll have forgotten before the day is out.
|
||||
</p>
|
||||
<p>
|
||||
This app <b>solves the problem</b> by letting you remember only a single password without requiring you to
|
||||
share the password with anyone else. Instead, the app creates secure passwords for use with whatever site
|
||||
or purpose you might need a password for.
|
||||
</p>
|
||||
|
||||
<h3>I can't change all my passwords.<br />
|
||||
Some of them were assigned to me.</h3>
|
||||
<p>
|
||||
That's why this application allows you to change the password type to <code>Personal</code> or <code>Device
|
||||
Private</code>. These types let you enter a password for a site, and the app will encrypt and save it so
|
||||
you it's there for future reference.
|
||||
</p>
|
||||
<p>
|
||||
These types of <q>stored</q> passwords don't have all the advantages that their generated counterparts have
|
||||
(they can be lost if you loose your device and don't back it up), but when you can't change a site's
|
||||
password to one generated by the app, this is as good as it gets.
|
||||
</p>
|
||||
|
||||
<h3>Uh, so what if I loose my device?<br />
|
||||
<h3>So, what if I loose my device?<br />
|
||||
I'm locked out of everything?</h3>
|
||||
<p>
|
||||
<b>Absolutely not!</b> In fact, generated passwords aren't even stored on your device. No, not in the
|
||||
cloud either. They're not stored anywhere! What that basically means is, if you grab the iPhone of the
|
||||
person sitting next to you and open this app on it with your own master password, <i>it'll give you all
|
||||
your generated passwords</i>. So, if you loose your phone or forget it, just borrow a friend's phone or
|
||||
get a new one, and you're back in business. No backups or restores needed.
|
||||
cloud either. They're not stored anywhere! What that basically means is, if you grab the iPhone of a
|
||||
colleague or friend and open this app on it with your own master password, <i>it'll give you all your
|
||||
generated passwords</i> (don't worry, it's perfectly safe). So, if you loose your iPhone or forget it,
|
||||
just open the app on your iPad, or borrow a friend's phone, and you're back in business. No backups or
|
||||
restores needed.
|
||||
</p>
|
||||
<p>
|
||||
That also means that, unlike all those apps that store your passwords or send them off to be stored
|
||||
on the internet, your passwords are much safer. Nobody knows about them. If your device is stolen,
|
||||
the thieves can't get at them.
|
||||
This also means that, unlike all those apps that store your passwords or send them off to be stored on the
|
||||
Internet, this app makes your passwords much safer from theft. If your device is stolen, the thieves can't
|
||||
get at your passwords. There's also no cloud service that can be mis-managed or hacked.
|
||||
</p>
|
||||
|
||||
<h3>I entered my master password on my friend's app. It just says <q>Invalid master password</q> and exits!</h3>
|
||||
|
||||
<h3>Great, but that still means I need my phone to get my passwords.</h3>
|
||||
<p>
|
||||
For your own protection and to avoid opening the app after <i>mistyping</i> your master password (and thus
|
||||
generating bad passwords for your sites), the app normally checks whether you're entering the same master
|
||||
password as the one you've been using before.
|
||||
Correct. However, remember that usually you'll only need to use this app once for each site. After you log
|
||||
into a site once using the password generated by this app, your browser will probably ask you to remember
|
||||
the password for the future. Agree to that, and you won't need to bring up your phone again the next time
|
||||
you log in to the account.
|
||||
</p>
|
||||
<p>
|
||||
To open the app with <b>a different master password</b>, just go into your device's <code>Settings</code>, find
|
||||
<code>Master Password</code>'s settings somewhere near the bottom, and flip the setting: <code>Change my
|
||||
password</code>. The next time you open the app, you can enter a new master password. Don't worry:
|
||||
you're not wiping your friend's passwords this way. All he needs to do to get back at his own passwords is
|
||||
flip the switch again and change back to his own master password.
|
||||
A <b>Mac version</b> of this app is also in the works so that you can easily get to all of your passwords
|
||||
without needing to bring up your phone. More technically savvy users can already download a <b>Bash
|
||||
script</b> from the homepage that can generate these passwords for you on any POSIX system (such as your
|
||||
Mac).
|
||||
</p>
|
||||
|
||||
<h3>Great, but that still means I need my phone to access anything.</h3>
|
||||
|
||||
<h3>I'm paranoid.<br />
|
||||
How do I maximize my security?</h3>
|
||||
<p>
|
||||
Correct. However, remember that usually you'll only need to use this app once for each site. Imagine
|
||||
you're usually on your MacBook Air. You go to Twitter, it asks for your password. You get your phone out,
|
||||
start the app and generate the password for <code>twitter.com</code>. You copy the password manually by
|
||||
typing it out on your MacBook Air. You may notice that the generated passwords have been created such that
|
||||
they're fairly easy to copy. Once you log in, though, your MacBook will ask you to save the password in its
|
||||
key chain. Agree to that, and you won't need to bring up your phone again the next time you log in to
|
||||
Twitter.
|
||||
For starters, make sure you've changed the passwords of all your sites you have accounts for to those
|
||||
generated by this app and make sure that you use this app when registering a new account somewhere, to
|
||||
determine the password to use for the account.
|
||||
</p>
|
||||
<p>
|
||||
If you're still worried, the app's homepage details <b>the algorithm</b> used to generate your passwords.
|
||||
There's also <b>a Bash script</b> that you can use to generate your passwords on any POSIX system (such as,
|
||||
your Mac). A Mac version of this app is also in the works so that you can easily get to all your passwords
|
||||
without needing to bring up your phone.
|
||||
It's also important that you've chosen a long master password. Short master passwords, especially 4-digit
|
||||
PIN codes, are easily brute-forced by attackers. Using a <b>12-character master password</b> provides
|
||||
sufficient entropy to protect against any modern-day attempt at brute-forcing, assuming the password is not
|
||||
based on easily determined facts (names, birth dates, etc.). If you're really paranoid, install a keyboard
|
||||
of a non-latin script (russian, chinese, ...) and create a master password using these characters or even a
|
||||
mix between scripts. Just don't forget it! :-)
|
||||
</p>
|
||||
<p>
|
||||
If you go into <code>Settings</code>, on the bottom you'll find an entry for this application; tap it to
|
||||
find some advanced settings for the app. Here, you can disable <code>Remember my password</code>. Doing
|
||||
so will force the app to ask for your master password each time you open it. That way, when you show your
|
||||
phone to somebody else after unlocking it, they can't go through your passwords.
|
||||
</p>
|
||||
|
||||
<h3>I forgot my master password. What are my options?</h3>
|
||||
<p>
|
||||
Due to the nature of this app's algorithms and the decisions that were made to protect against brute-force
|
||||
attacks, it is simply infeasible to recover your master password. If you really can't remember it, your
|
||||
passwords are <b>gone</b>.
|
||||
</p>
|
||||
<p>
|
||||
Where you go from here is, you change your master password (In <code>Settings</code>, flip <code>Change my
|
||||
password</code> and start the app again), and for each of your accounts, you go through the password
|
||||
recovery procedure (which will usually involve sending a message to your E-Mail account) and reset the
|
||||
passwords of these accounts to passwords generated by your newly chosen master password. Just don't forget
|
||||
it again! :-)
|
||||
</p>
|
||||
|
||||
<h3>So how does this thing work internally?</h3>
|
||||
<p>
|
||||
Alright, let's describe the process in detail. This part will likely make sense to you only if you're
|
||||
well versed in computer security jargon. If you're the kind of person who likes to know how the clock
|
||||
ticks before deciding that it can be trusted to keep ticking, read on.
|
||||
</p>
|
||||
<p>
|
||||
The user chooses a single master password, preferably sufficiently long to harden against brute-force
|
||||
attacks. When the user requests a password be generated for a site, the application composes a string
|
||||
consisting of the site name, the master password, and a password counter, delimited in that order by a dash
|
||||
character, and hashes those <code>UTF-8</code> bytes using the <code>SHA-1</code> algorithm. The bytes
|
||||
resulting from this hashing operation are called the <code>keyBytes</code> in the next steps.
|
||||
</p>
|
||||
<p>
|
||||
Next, we need the password type that the user has chosen to use for the site. Password types determine the
|
||||
<q>cipher</q> that will be used to encrypt <code>keyBytes</code> into a readable password. For
|
||||
instance, the standard password type <q>Long Password</q> activates one of three pre-set ciphers:
|
||||
<code>CvcvCvcvnoCvcv</code>, <code>CvcvnoCvcvCvcv</code> or <code>CvcvCvcvCvcvno</code>. Which of those
|
||||
will be used, depends on the first of the <code>keyBytes</code>. Take the byte value modulo the amount of
|
||||
pre-set ciphers (in this case, three), and the result tells you which of the three ciphers to use.
|
||||
</p>
|
||||
<p>
|
||||
Now that we know what cipher to use for building our final password, all that's left is to iterate the
|
||||
cipher, and produce a character of password output for each step. When you iterate the cipher, every
|
||||
character in the cipher represents a set of possible output characters. For instance, a <code>C</code>
|
||||
character in the cipher indicates that we need to choose a capital consonant character. An <code>o</code>
|
||||
character in the cipher indicates that we need to choose an <q>other</q> (symbol) character. Exactly which
|
||||
character to choose in that set for the password output depends on the next byte from <code>keyBytes</code>.
|
||||
Like before, take the next unused <code>keyByte</code>'s byte value modulo the amount of characters in the
|
||||
set of possible output characters for the cipher iteration and use the result to choose the output
|
||||
character. Repeat until you've iterated the whole cipher.
|
||||
</p>
|
||||
<p>
|
||||
The result is a password whose format is dictated by the password type's ciphers and whose exact value is
|
||||
filled in by feeding the algorithm some bytes from a hash operation on the user's givens.
|
||||
</p>
|
||||
|
||||
<h3>This stuff is gold.<br />
|
||||
|
||||
Reference in New Issue
Block a user