undefined | Better HN

0 pointsmoe11y ago0 comments

No, SHA-256, the way you use it, is not "far too slow for brute-force".

To anyone reading here: Please do yourselves a favor and stay away from BOTH SuperGenPass and from this one.

They are nearly equivalent to using the same password for every website. A malicious website owner can derive your "master password" from the hash that you gave them and thereby gain access to all your websites.

0 comments

SwellJoe11y ago

It sounds like you're asserting that Bitcoin is not secure because it uses SHA-256. i.e. a pass phrase that has been hashed with SHA-256 could be brute forced to find the master passphrase, thus, a Bitcoin private key could be compromised by a brute force attack.

That's an extraordinary claim. (I'm not gonna argue too strenuously about MD5 being somewhat dangerous in this context, as it is very easy to find collisions...slightly harder to find the exact passphrase, particularly if it is a very long/strong passphrase. A collision in this context is not enough to break the usage.)

moeOP11y ago

It sounds like you're asserting that Bitcoin

Don't put words in my mouth, I never suggested anything like that.

In Bitcoin the private key is derived from the public key which is normally randomly generated and not provided by the user.

The browser 'password manglers' mentioned here instead derive it directly from the password provided by the user. That is a big difference.

Most users don't choose a password of sufficient strength since they are limited to printable characters and especially when they are required to type it in all the time.

This is why key stretching functions such as PKDF2 and Scrypt were invented. To make relatively bad passwords (which users are prone to choose) harder to crack.

Screwing this particular step up in a tool that wants to be a password manager (of all things) strongly indicates that the creator has no remote clue what he is doing and that everyone should stay far away from his software.

SwellJoe11y ago

So, pass phase length and strength is the concern here? If a human were to generate a reasonably strong pass phrase (say 25 characters), would that mitigate the problem? (Certainly this is stronger than a memorizeable unique password for every site, but I'm willing to believe I should do better.)

What does a good password manager look like if not this?

1 more reply

j / k navigate · click thread line to collapse

0 comments

SwellJoe11y ago

moeOP11y ago

It sounds like you're asserting that Bitcoin

Don't put words in my mouth, I never suggested anything like that.

In Bitcoin the private key is derived from the public key which is normally randomly generated and not provided by the user.

The browser 'password manglers' mentioned here instead derive it directly from the password provided by the user. That is a big difference.

Most users don't choose a password of sufficient strength since they are limited to printable characters and especially when they are required to type it in all the time.

This is why key stretching functions such as PKDF2 and Scrypt were invented. To make relatively bad passwords (which users are prone to choose) harder to crack.

SwellJoe11y ago

What does a good password manager look like if not this?

1 more reply

j / k navigate · click thread line to collapse