298 lines
17 KiB
HTML
298 lines
17 KiB
HTML
<!DOCTYPE HTML>
|
|
|
|
<html>
|
|
|
|
<head>
|
|
<title>Master Password — Securing your online life.</title>
|
|
|
|
<link rel="icon" href="images/resources/favicon.png" type="image/x-png" />
|
|
<link rel="shortcut icon" href="images/resources/favicon.png" type="image/x-png" />
|
|
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
|
|
|
|
<link rel='stylesheet' type='text/css' href='http://fonts.googleapis.com/css?family=Exo:100,400,600,900,100italic,400italic,600italic' />
|
|
<link rel="stylesheet" type="text/css" href="css/ml-shadows.css" />
|
|
<link rel="stylesheet" type="text/css" href="css/screen.css" />
|
|
|
|
<script src="js/jquery-1.6.1.min.js" type="text/javascript"></script>
|
|
<script src="js/functions.js" type="text/javascript"></script>
|
|
<script type="text/javascript">
|
|
var _gaq = _gaq || [];
|
|
_gaq.push(['_setAccount', 'UA-90535-15']);
|
|
_gaq.push(['_trackPageview']);
|
|
|
|
(function() {
|
|
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
|
|
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
|
|
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
|
|
})();
|
|
</script>
|
|
<script type="text/javascript" charset="utf-8">
|
|
var is_ssl = ("https:" == document.location.protocol);
|
|
var asset_host = is_ssl ? "https://d3rdqalhjaisuu.cloudfront.net/" : "http://d3rdqalhjaisuu.cloudfront.net/";
|
|
document.write(unescape("%3Cscript src='" + asset_host + "javascripts/feedback-v2.js' type='text/javascript'%3E%3C/script%3E"));
|
|
</script>
|
|
|
|
<!-- Get Satisfaction -->
|
|
<!--script type="text/javascript" charset="utf-8">
|
|
var is_ssl = ("https:" == document.location.protocol);
|
|
var asset_host = is_ssl ? "https://d3rdqalhjaisuu.cloudfront.net/" : "http://d3rdqalhjaisuu.cloudfront.net/";
|
|
document.write(unescape("%3Cscript src='" + asset_host + "javascripts/feedback-v2.js' type='text/javascript'%3E%3C/script%3E"));
|
|
</script>
|
|
<script type="text/javascript" charset="utf-8">
|
|
var feedback_widget_options = {};
|
|
feedback_widget_options.display = "overlay";
|
|
feedback_widget_options.company = "lyndir";
|
|
feedback_widget_options.placement = "right";
|
|
feedback_widget_options.color = "#222";
|
|
feedback_widget_options.style = "question";
|
|
var feedback_widget = new GSFN.feedback_widget(feedback_widget_options);
|
|
</script-->
|
|
|
|
<!-- UserEcho -->
|
|
<script type='text/javascript'>
|
|
var _ues = {
|
|
host:'support.lyndir.com',
|
|
forum:'13031',
|
|
lang:'en',
|
|
tab_icon_show:false,
|
|
tab_corner_radius:5,
|
|
tab_font_size:20,
|
|
tab_image_hash:'RmVlZGJhY2s%3D',
|
|
tab_alignment:'right',
|
|
tab_text_color:'#FFFFFF',
|
|
tab_bg_color:'#DDDDDD',
|
|
tab_hover_color:'#CCCCCC'
|
|
};
|
|
|
|
(function() {
|
|
var _ue = document.createElement('script'); _ue.type = 'text/javascript'; _ue.async = true;
|
|
_ue.src = ('https:' == document.location.protocol ? 'https://s3.amazonaws.com/' : 'http://') + 'cdn.userecho.com/js/widget-1.4.gz.js';
|
|
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(_ue, s);
|
|
})();
|
|
</script>
|
|
</head>
|
|
<body>
|
|
<header>
|
|
|
|
<a class="appstore" href="http://itunes.com/apps/MasterPassword"><img src="img/appstore.png" /></a>
|
|
<h1><a href="index.html"><img class="logo" src="img/iTunesArtwork-Bare.png" /> Master Password</a></h1>
|
|
<div class="divider"></div>
|
|
|
|
</header>
|
|
<div id="fixedheader">
|
|
<a class="appstore" href="http://itunes.com/apps/MasterPassword"><img src="img/appstore-small.png" /></a>
|
|
<h2><a href="index.html">Master Password</a></h2>
|
|
</div>
|
|
<!--a href="http://bit.ly/vNN5Zi" onclick="_gaq.push(['_trackPageview', '/outbound/testflight']);" id="ribbon"></a-->
|
|
<section>
|
|
|
|
<h1>So how does it work?</h1>
|
|
|
|
<p>
|
|
The theory behind Master Password is simple. The user remembers a single, secure password. The user only ever uses that password to log into the Master Password application. This master password is then used as a seed to generate a different password based on the name of the site to generate a password for.
|
|
</p>
|
|
|
|
<p>
|
|
The result is that each master password generates its own unique sequence of passwords for any site name. Since the only input data is the master password and the site name (along with a password counter, see below), there is no need for any kind of storage to recreate a site's password. All that's needed is the correct master password and the correct algorithm implementation. What that does for you is make it almost impossible to lose your passwords. It also makes it nearly impossible for hackers to steal your online identity.
|
|
</p>
|
|
|
|
<h1>The Algorithm</h1>
|
|
|
|
<p>
|
|
Master Password uses a stateless algorithm that relies solely on its implementation and the user's inputs. The user is expected to remember the following information:
|
|
<ul>
|
|
<li><b>The master password</b> (eg. <em>pink fluffy door frame</em>):<br />
|
|
This is a secret that the user shares with nobody.</li>
|
|
<li><b>The site name</b> (eg. <em>apple.com</em>):<br />
|
|
The user chooses a name for each site. Its domain name is an ideal choice, since it needn't necessarily be remembered.</li>
|
|
<li><b>The site's password counter</b> (default: <em>0</em>):<br />
|
|
This is an integer that can be incremented when the user needs a new password for the site.</li>
|
|
<li><b>The site's password type</b> (default: <em>Long Password</em>):<br />
|
|
This type determines the format of the output password. It can be changed if the site's password policy does not accept passwords of this format.</li>
|
|
</ul>
|
|
</p>
|
|
<p>
|
|
In short, the algorithm is comprised of the following steps:
|
|
<ul>
|
|
<li>Determining the master <code>key</code></li>
|
|
<li>Determining the cipher <code>seed</code></li>
|
|
<li>Encoding a user-friendly <code>password</code></li>
|
|
</ul>
|
|
</p>
|
|
|
|
<h2>The Master Password</h2>
|
|
<p>
|
|
The user chooses a single master password, preferably sufficiently long to harden against brute-force attacks. Master Password recommends absurd two or three-word sentences as they're easily remembered and generally sufficiently high in entropy.
|
|
</p>
|
|
<p>
|
|
The application then creates a <a href="http://www.tarsnap.com/scrypt.html" onclick="_gaq.push(['_trackPageview', '/outbound/tarsnap.com/scrypt.html">scrypt</a> key derivative from the user's password. This process takes quite a bit of processing time and memory. This step exists to make brute-force attempts at guessing the master password from a given output password <b>far more difficult</b>, to practically infeasible, even for otherwise vulnerable password strings.
|
|
</p>
|
|
<code><pre>
|
|
key = scrypt( P, S, N, r, p, dkLen )
|
|
where
|
|
P = master password (UTF-8)
|
|
S = <empty>
|
|
N = 16384
|
|
r = 8
|
|
p = 1
|
|
dkLen = 64
|
|
</pre></code>
|
|
|
|
<p>
|
|
The result is a 64-byte <code>key</code> derived from the user's master password. This key will be fed into the rest of the algorithm to produce output passwords that are as private to the user as his master password is.
|
|
</p>
|
|
|
|
<h2>Combining The Inputs</h2>
|
|
<p>
|
|
The theory behind Master Password requires that all inputs are given by the user. The two main inputs are the master password that we used to determine the <code>key</code> and the site's name. There is a third input value, the password counter, which is a 32-bit unsigned integer value that is used to salt the input. Initially, the password counter should be zero, but a user may specify a non-zero counter value in case he wants to force the algorithm to produce a new output password for the site.
|
|
</p>
|
|
<p>
|
|
These input values are combined in a byte array, separated by a single <code>NUL</code> byte. In order, the input values are the <code>site name</code> (UTF-8 decoded), the master <code>key</code>, and a <code>salt</code> (this is the password counter, a 32-bit unsigned integer in network byte order). The byte array is hashed using the SHA-1 algorithm to yield the <code>seed</code> as a result.
|
|
</p>
|
|
<code><pre>
|
|
salt = htonl( password counter )
|
|
seed = sha1( site name . "\0" . key . "\0" . salt )
|
|
</pre></code>
|
|
|
|
<h2>Generating The Output</h2>
|
|
<p>
|
|
We now have a <code>seed</code> which is a sufficiently long seemingly-arbitrary string of bytes that is unique to the site and the user. This string of bytes, however, is not very useful for a user to use as a password. We have two additional problems that need to be solved: The output password must be easy for a user to read and copy, but it should also be compatible with most password policies.
|
|
</p>
|
|
<p>
|
|
Password policies are strict rules imposed by applications on their users, designed to limit the types of passwords these users are allowed to use with the application. Usually, these policies exist to force users into thinking about passwords with a healthy entropy. Often, they exist purely as a side-effect of bad password handling such as storing the clear-text passwords in a database.
|
|
</p>
|
|
<p>
|
|
Since the idea is that the output password can be used directly as a password to protect the user's account on the site, it needs to be able to pass the site's password policy.
|
|
Master Password addresses this problem by introducing <em>password types</em>. Each password type describes what an output password must look like and maps to a set of <code>ciphers</code>. Ciphers describe the resulting output password using a series of characters that map to character groups of candidate output characters. A cipher has the same length as the output password it yields. Each character in the cipher maps to a specific character group. At each position of the output password, a character is chosen from the character group identified by the character in the cipher at the same position.
|
|
</p>
|
|
<p>
|
|
The following ciphers are defined:
|
|
<ul>
|
|
<li>Type: <b>Long Password</b></li>
|
|
<li>
|
|
<ul>
|
|
<li><code>CvcvCvcvnoCvcv</code></li>
|
|
<li><code>CvcvnoCvcvCvcv</code></li>
|
|
<li><code>CvcvCvcvCvcvno</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Type: <b>Medium Password</b></li>
|
|
<li>
|
|
<ul>
|
|
<li><code>CvcnoCvc</code></li>
|
|
<li><code>CvcCvcno</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Type: <b>Short Password</b></li>
|
|
<li>
|
|
<ul>
|
|
<li><code>Cvcn</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Type: <b>Basic Password</b></li>
|
|
<li>
|
|
<ul>
|
|
<li><code>aaanaaan</code></li>
|
|
<li><code>aannaaan</code></li>
|
|
<li><code>aaannaaa</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Type: <b>PIN</b></li>
|
|
<li>
|
|
<ul>
|
|
<li><code>nnnn</code></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</p>
|
|
<p>
|
|
By default, Master Password uses the <em>Long Password</em> type for any new passwords. The user is able to choose a different password type, which is normally only done if the site's password policy is incompatible with the output password produced by this type.
|
|
</p>
|
|
<p>
|
|
To create the create the output password, the bytes in the <code>seed</code> are encoded according to the cipher. The first <code>seed</code> byte is used to determine which of the type's ciphers to use for encoding an output password. We take the byte value of the first <code>seed</code> byte modulo the amount of ciphers set for the chosen password type and use the result as a zero-based index in the cipher list for the password type.
|
|
</p>
|
|
<code><pre>
|
|
ciphers = [ "CvcvCvcvnoCvcv", "CvcvnoCvcvCvcv", "CvcvCvcvCvcvno" ]
|
|
cipher = ciphers[ seed[0] % count( ciphers ) ]
|
|
</pre></code>
|
|
<p>
|
|
Now that we know what cipher to use for building our output password, all that's left is to iterate the cipher, and produce a character of password output for each step. When we iterate the cipher (index <code>i</code>), we look in the character group identified by the character (string <code>passChars</code>) in the cipher at index <code>i</code>.
|
|
</p>
|
|
<p>
|
|
The following character groups (<code>passChars</code>) are defined:
|
|
<ul>
|
|
<li>Cipher character: <code>V</code></li>
|
|
<li>
|
|
<ul>
|
|
<li><code>AEIOU</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Cipher character: <code>C</code></li>
|
|
<li>
|
|
<ul>
|
|
<li><code>BCDFGHJKLMNPQRSTVWXYZ</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Cipher character: <code>v</code></li>
|
|
<li>
|
|
<ul>
|
|
<li><code>aeiou</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Cipher character: <code>c</code></li>
|
|
<li>
|
|
<ul>
|
|
<li><code>bcdfghjklmnpqrstvwxyz</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Cipher character: <code>A</code> (<code>= V . C</code>)</li>
|
|
<li>
|
|
<ul>
|
|
<li><code>AEIOUBCDFGHJKLMNPQRSTVWXYZ</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Cipher character: <code>a</code> (<code>= V . v . C . c</code>)</li>
|
|
<li>
|
|
<ul>
|
|
<li><code>AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Cipher character: <code>n</code></li>
|
|
<li>
|
|
<ul>
|
|
<li><code>0123456789</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Cipher character: <code>o</code></li>
|
|
<li>
|
|
<ul>
|
|
<li><code>!@#$%^&*()</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Cipher character: <code>X</code> (<code>= a . n . o</code>)</li>
|
|
<li>
|
|
<ul>
|
|
<li><code>AEIOUaeiouBCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz0123456789!@#$%^&*()</code></li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</p>
|
|
<p>
|
|
We use the <code>seed</code>'s byte value at index <code>i + 1</code> modulo the amount of characters in the character class to determine which character (<code>passChar</code>) in the class to use for the output password at index <code>i</code>.
|
|
</p>
|
|
<code><pre>
|
|
passChar = passChars[ seed[i + 1] % count( passChars ) ]
|
|
passWord[i] = passChar
|
|
</pre></code>
|
|
|
|
<hr />
|
|
<a class="next" href="https://github.com/Lyndir/MasterPassword">Show me the code!</a>
|
|
|
|
</section>
|
|
<footer>
|
|
Master Password is a security and productivity product by <a href="http://www.lyndir.com" onclick="_gaq.push(['_trackPageview', '/outbound/lyndir.com']);">Lyndir</a>, © 2011.
|
|
</footer>
|
|
</body>
|
|
|
|
</html>
|