Dear readers, I've written an iOS / Mac application whose goal it is to produce passwords for any purpose. I was really hoping for the opportunity to receive some critical feedback or review of the algorithm used[1].
-- ABOUT With an increasing trend of web applications requiring users to register accounts, we find ourselves with countless accounts. Ideally, each should have a different password, so that authenticating yourself for one account doesn't reveal your credentials of other accounts. That becomes really hard when you've got tens or hundreds of passwords to remember. Solutions exist, mostly in the form of password "vaults" that list your passwords and get stored in an encrypted form. Other solutions send your passwords off to be stored on some company's cloud service. Master Password is different in that it generates passwords based purely off of a user's master password and the name of the site. That means you need no storage and have a fully offline algorithm that needs nothing more than what you can remember easily. -- I'm rather a notice in the field of security (certainly in comparison to some of you), and I was hoping that some of you might find the time to have a look at the algorithm and see if there are any obvious flaws or risks to the security and integrity of the solution. As a side-note, the iOS application, Master Password, is fully open-source[2] under the GPLv3. If any of you speak fluent Objective-C, it would be awesome if they could have a peek at the source code as well. Any feedback is welcome, bash it to bits if you must. :-) Thanks alot, Maarten Billemont [1] http://masterpassword.lyndir.com/algorithm.html [2] https://github.com/Lyndir/MasterPassword
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
