|
Adix posted:hey bro i read some site and pro-tip ssl is free now Minor detail because he doesn't understand what he is writing.
|
# ? Sep 4, 2016 07:43 |
|
|
# ? May 18, 2024 23:12 |
|
Adix posted:hey bro i read some site and pro-tip ssl is free now OK, point taken. I'll be editing that bit and rehosting probably.
|
# ? Sep 4, 2016 07:46 |
|
FeloniousDrunk posted:OK, point taken. I'll be editing that bit and rehosting probably. OSI bean dip posted:You don't even comprehend apseudonym's post. How do I know your generator hasn't been modified before it reaches my browser? Answer this please.
|
# ? Sep 4, 2016 07:49 |
|
OSI bean dip posted:Answer this please. I don't. Sometimes one gets a little wrapped up in one project, etc. Part of the reason I posted here rather than on Hacker News or something, is that it's good to get feedback from a smaller group. So now I am going to get some secure delivery, because I hadn't thought of that particular possibility. Thanks. Anything else?
|
# ? Sep 4, 2016 07:56 |
|
FeloniousDrunk posted:I don't. Sometimes one gets a little wrapped up in one project, etc. Part of the reason I posted here rather than on Hacker News or something, is that it's good to get feedback from a smaller group. So now I am going to get some secure delivery, because I hadn't thought of that particular possibility. Thanks. Anything else? And as such this will never be secure or trustworthy. What benefit does your tool provide to me and how can you ensure that I or anyone else can put some level of trust into it?
|
# ? Sep 4, 2016 07:58 |
|
FeloniousDrunk posted:I don't. Sometimes one gets a little wrapped up in one project, etc. Part of the reason I posted here rather than on Hacker News or something, is that it's good to get feedback from a smaller group. So now I am going to get some secure delivery, because I hadn't thought of that particular possibility. Thanks. Anything else? Who is your target audience for this? People paranoid enough to generate pseudorandom 24-character passwords for everything but stupid enough to trust some random script on the Internet to handle their passwords?
|
# ? Sep 4, 2016 08:00 |
|
Squeegy posted:Who is your target audience for this? People paranoid enough to generate pseudorandom 24-character passwords for everything but stupid enough to trust some random script on the Internet to handle their passwords? Funny enough, among the human acquaintances I have there a few that thought it was convenient. And again, it's not a script on the internet; it's ultimately a tailored script that runs within the browser. I'm pretty certain that you personally are not in the target audience, and really neither am I since I have a load of passwords that I can't be bothered to change. It was more of an exercise, but I still think the idea has merit. It allows you to default to 6-character lowercase-only if you want, if you aren't paranoid, but I thought it would be useful for people who have heard that it would be good to be more paranoid. OSI bean dip posted:
I'll get back to you on that. Basically I hadn't thought of MITM of the generator generator, but that is a possibility. So again, thanks. It will be moved and delivered via SSL if I ever formally put it out.
|
# ? Sep 4, 2016 08:12 |
|
FeloniousDrunk posted:but I thought it would be useful for people who have heard that it would be good to be more paranoid. Then why do your random number functions look like this? code:
|
# ? Sep 4, 2016 08:15 |
|
hobbesmaster posted:Then why do your random number functions look like this? No random number seed in js, is the reason. But yes, that can be improved.
|
# ? Sep 4, 2016 08:17 |
|
FeloniousDrunk posted:No random number seed in js, is the reason. But yes, that can be improved. You keep saying that it can be improved but how? You're taking your hand at writing your own crypto so I'd like to hear from you what your approach will be to improving this. Is this your first rodeo?
|
# ? Sep 4, 2016 08:20 |
|
FeloniousDrunk posted:No random number seed in js, is the reason. But yes, that can be improved. What specific improvements would you make?
|
# ? Sep 4, 2016 08:20 |
|
There is prng code out there from reputable sources, I will use that. The main question is about licensing really. Really though, is the concept sound, say with secure delivery and proper randomness.
|
# ? Sep 4, 2016 08:26 |
|
FeloniousDrunk posted:There is prng code out there from reputable sources, I will use that. The main question is about licensing really. What are these reputable sources? Why do you need to licence it? Are there none under the GPL? Is the GPL too restrictive? Give us examples and stop beating around the bush. Also we're asking you these questions because people roll their crypto quite often and get it wrong. So far you're not bucking the trend and are giving vague answers here which leads me to believe that you've never written any crypto before. Anyone who has a clue about it would not approach such a system the way you have. We've seen this nonsense with JavaScript before: https://tobtu.com/decryptocat.php
|
# ? Sep 4, 2016 08:32 |
|
OSI bean dip posted:What are these reputable sources? Why do you need to licence it? Are there none under the GPL? Is the GPL too restrictive? Give us examples and stop beating around the bush. Well it was a bit of a joke on the thread title. If you examine it, the thing randomizes (for previously criticised values of "random") the four or five character classes by taking a "random" element 128 times from each class, then (in its next incarnation as a bookmarklet) uses a key to deterministically make a password. Insofar as cryptography is actually involved, it's one-way and so I should be more concerned about reversibility. This PRNG looks reasonable, but under an MIT license. I'm aiming to keep the whole thing in one file.
|
# ? Sep 4, 2016 09:02 |
|
FeloniousDrunk posted:This PRNG looks reasonable, but under an MIT license. I'm aiming to keep the whole thing in one file. So keep it in one file. MIT doesn't preclude that. Then delete that file.
|
# ? Sep 4, 2016 11:29 |
|
Subjunctive posted:So keep it in one file. MIT doesn't preclude that.
|
# ? Sep 4, 2016 14:02 |
|
Since you reference it, why don't you use a similar mechanism to Hashpass (https://github.com/boyers/hashpass), but better, to form the password per site? You are deriving password values from some master key + the site's URL; this is the perfect use for a HMAC-SHA function. I can trust that the resultant password from HMAC-SHA can't be used in reverse to find my secret master key. Your hard-to-follow, hand-spun hashing/derivation function doesn't give me the same assurance. That is, if I obtained N different passwords (and the site URL's) generated from your bookmarklet, could I reverse them and get the list of primes (why bother with primes here anyway?). I'll bet for a large enough value of N, I could.
|
# ? Sep 4, 2016 14:12 |
|
FeloniousDrunk posted:Well it was a bit of a joke on the thread title. If you examine it, the thing randomizes (for previously criticised values of "random") the four or five character classes by taking a "random" element 128 times from each class, then (in its next incarnation as a bookmarklet) uses a key to deterministically make a password. Insofar as cryptography is actually involved, it's one-way and so I should be more concerned about reversibility. You should be more concerned about usability. You've aimed this bad idea at novice users (it seems) without looking at basic use cases. [website] email me to say they are resetting my PW as it was in a breach. Cool! So in any other password manager I hit 2 buttons to get a new, strong password not derived from the previous in any way. What do I do with yours? Well I have to know enough to realise it isn't going to help me in any way, and go into the bookmarklet and iterate something to get a new generation. [website]1 would be what most users would choose which suggests [probably] poor entropy against the first somewhere. So now my problem, if I know this much, is that the new seed needs to be something like [website]w3B5itE and now I'm remembering a password to remember a password. This ignores that bookmark security is worse than password security in a browser, so anyone reading your bookmarks successfully can ergo determine your password for every website you will ever use. I'm a total dipshit when it comes to encryption and those are two glaring problems right out of the gate that make anything like this completely untenable.
|
# ? Sep 4, 2016 16:14 |
|
FeloniousDrunk posted:On the topic of password managers, I rolled my own crypto! Basically for people who don't trust LastPass etc. It runs entirely in the browser, no local storage, randomized per instance (unless choices have been made by the user). Ah yes, 121, that well known prime number
|
# ? Sep 4, 2016 17:28 |
|
spot the mistake in his primality testcode:
|
# ? Sep 4, 2016 18:00 |
|
Rufus Ping posted:
should have used 9533 since it is the largest prime
|
# ? Sep 4, 2016 18:33 |
|
Rufus Ping posted:spot the mistake in his primality test So wait does he only use sub-10k prime numbers? Because that seems familiar... have no time to find out why, though.
|
# ? Sep 4, 2016 18:40 |
|
Squeegy posted:So wait does he only use sub-10k prime numbers? Because that seems familiar... have no time to find out why, though. Look at the link in the comment right before yours.
|
# ? Sep 4, 2016 18:59 |
|
Squeegy posted:So wait does he only use sub-10k prime numbers? Because that seems familiar... have no time to find out why, though. But, trial division takes a long time!
|
# ? Sep 4, 2016 18:59 |
|
flosofl posted:Look at the link in the comment right before yours.
|
# ? Sep 4, 2016 19:04 |
|
is there a larger story to this or is it just an illustrative example of general stupidity?
|
# ? Sep 4, 2016 19:44 |
|
andrew smash posted:is there a larger story to this or is it just an illustrative example of general stupidity? The story is don't roll your own crypto.
|
# ? Sep 4, 2016 20:38 |
|
I've made a quick POC to show how a malicious site (or a site with malicious ads) can abuse that bookmarklet to steal people's passwords: https://rufoa.com/sa/poc.html Install that guy's bookmarklet then pretend to log into my site above (click the bookmarklet then the fill button)
|
# ? Sep 4, 2016 22:42 |
|
Rufus Ping posted:I've made a quick POC to show how a malicious site (or a site with malicious ads) can abuse that bookmarklet to steal people's passwords: You're my hero
|
# ? Sep 4, 2016 22:44 |
|
Rufus Ping posted:I've made a quick POC to show how a malicious site (or a site with malicious ads) can abuse that bookmarklet to steal people's passwords: FeloniousDrunk, you should come out to one of the local security meetups here in Vancouver--your profile says you live in the same city. It might help to learn from people who break this stuff as their job.
|
# ? Sep 4, 2016 22:48 |
|
for those who can't be bothered running it themselves: here's a site I want to log into Load up the bookmarklet and click fill... whoops
|
# ? Sep 4, 2016 22:48 |
|
OSI bean dip posted:FeloniousDrunk, you should come out to one of the local security meetups here in Vancouver--your profile says you live in the same city. It might help to learn from people who break this stuff as their job. I should go to one of those one day
|
# ? Sep 4, 2016 22:50 |
|
CLAM DOWN posted:I should go to one of those one day There is one this Thursday at Central City on Beatie--at 6 PM.
|
# ? Sep 4, 2016 22:55 |
|
Yeah, I kind of think using the domain name isn't such a hot idea either. I'm going to take that out. Also have replaced the homegrown hashing.
|
# ? Sep 4, 2016 23:32 |
|
Man I wish I still lived in Vancouver. Good food and security poo poo with chill sec goons? I should see if I can swing a week at our Burnaby office...
|
# ? Sep 4, 2016 23:34 |
|
OSI bean dip posted:There is one this Thursday at Central City on Beatie--at 6 PM. poo poo, I definitely can't make anything this week, then I'm at SANS the following. How often do these happen?
|
# ? Sep 5, 2016 00:05 |
|
FeloniousDrunk posted:Yeah, I kind of think using the domain name isn't such a hot idea either. I'm going to take that out. Also have replaced the homegrown hashing. you've missed the point - the problem is that your bookmarklet relies on injecting secret information (the prng seed from which all passwords are derived) into untrusted third party pages you can mitigate this to some extent but you really need to go back and consider what problem you are attempting to solve here
|
# ? Sep 5, 2016 00:08 |
|
FeloniousDrunk posted:On the topic of password managers, I rolled my own crypto! Basically for people who don't trust LastPass etc. i mean seriously, if there are people out there who don't trust proper password managers but do trust some pile of poo poo w3schools-quality javascript bookmarklet written by local helpdesk janitor Tod McRetard, then your response shouldn't be to indulge their stupidity
|
# ? Sep 5, 2016 00:21 |
Rufus Ping posted:i mean seriously, if there are people out there who don't trust proper password managers but do trust some pile of poo poo w3schools-quality javascript bookmarklet written by local helpdesk janitor Tod McRetard, then your response shouldn't be to indulge their stupidity God drat
|
|
# ? Sep 5, 2016 00:39 |
|
|
# ? May 18, 2024 23:12 |
|
Rufus Ping posted:you've missed the point - the problem is that your bookmarklet relies on injecting secret information (the prng seed from which all passwords are derived) into untrusted third party pages To elaborate: One of the fundamental problems with your approach is that it's impossible to secure a JS bookmarklet (which runs in the same environment as the page) from potentially malicious code on the page itself. Browser extensions can be safe because their JS environment is separate from the page's, so they can just inject enough JS to set up the interface and set the relevant fields to the proper values or whatever (and even then, there have been plenty of high-profile attacks where the people who wrote the extension were silly). Even if you store all your secrets in the function itself, an evil site could replace all the methods on Object.prototype with 'evil' ones that walk up the call stack using .caller and call .toString() on the functions until they find your bookmarklet, then grab the secrets out of it via string manipulation or eval() or what have you. Khablam posted:You should be more concerned about usability. You've aimed this bad idea at novice users (it seems) without looking at basic use cases. This is also a big problem with any approach that tries to generate passwords solely based on a master secret and the domain name.
|
# ? Sep 5, 2016 01:38 |