Sign in to follow this  
Followers 0

password BYOSalt


3 posts in this topic

Posted

I'm tired of websites not taking security seriously. You never know if a site is using proper techniques for securing your data (e.g. hashing passwords, using a salt, ...)

I made an app (for iPhone & iPod Touch) called "BYOSalt" (as in, "Bring Your Own Salt :p). If there is interest, I can port it to OS X, Windows, BlackBerry, etc. without much difficulty.

Basically, you enter the site's URL, your username, email address, and password. Then, you click "Generate Code." It calculates the hash (using bCrypt), and implements a salt. You end up with a long alphanumeric string, from which you can choose the length of your password.

In theory, say I (or someone) ported it to Windows/OS X/etc, you'd have no need to shorten the password at all. So while it omits symbols from the password, it does provide a password long enough that brute-forcing is unlikely.

The main advantage to this app is that, even if your password is stored in plaintext by the site, the underlying password is protected (so if you DO use the same master password across multiple sites, if one site is breached, you don't have to worry about the other sites as the URL is part of the plaintext before it is hashed -- it acts as part of the per-site salt... meaning your actual password is never exposed).

I just put it together today. If I'm on to something, or if there is interest, I'll improve it and add features. If it's a stupid idea, I'll just trash the project as I don't have much investment in it at this point.

Let me know what you all think :)

P.S. I'm not much of a UI designer... So, forgive the ugliness :blush:

[attachment=317773:iOS Simulator Screen shot 2012-08-29 2.38.20 PM.png]
1 person likes this

Share this post


Link to post
Share on other sites

Posted

The point of the salt is to take a fairly simple password and make it fairly hard to crack. Might as well just input garbage in the password field and use a password software to remember that garbage (same end result)

Share this post


Link to post
Share on other sites

Posted

great idea, and if I had an iOS device I'd use it.
But why would you even need to use a password in the first place? just put in some random numbers and it should work fine :)
If you could somehow integrate this with the mobile browser and then use it for all <input type="password"> fields that would make it amazing.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.