

How I salt my own passwords and sleep a little better at night - nemesisj
http://peebs.org/heres-how-to-salt-your-own-passwords-and-prev

======
jameswyse
This is just a way to create a slightly more complex password, if it's stored
as a fast hash (like md5) then it's still going to be very easy to crack.

The problem with this method is that if one of your passwords is leaked and
cracked then it wouldn't be too hard to guess how your scheme works. This gets
even easier if they have 2 or more of your passwords.

It seems to me that a scheme like this would have to be much more complex,
which unfortunately would just make it a pain to use.

I really wish Google, Mozilla, Microsoft, etc would step up and build a better
authentication system right in to the browsers, perhaps with public key
cryptography like SSH uses - then we'd have automatic logins to any site you
decide to trust, and no more passwords.

~~~
nickolai
>This is just a way to create a slightly more complex password, if it's stored
as a fast hash (like md5) then it's still going to be very easy to crack.

It's not about storage, it is about how to get people to use different
passwords. Arguably, the passwords are not very different, but what matters is
that they are no longer _identic_

Its still good advice to people who use the same password on all their
accounts. 'just prefix the password with the first three letters of the
hostname' will make sure they're _slightly_ better protected in case of a
password leak.

~~~
smoyer
'just prefix the password with the first three letters of the hostname' ...

I just changed all my passwords so they're prefixed with 'www' but I'm not
sure how that will help make them more secure. (j/k)

------
morsch
This is not good protection against a targeted effort -- when somebody wants
to get _your_ account as opposed to _any_ account, when they have one instance
of a "salted" password they might be able to reverse-engineer your salting
effort and apply it to another site. And they don't have to completely reverse
it, either, it might be enough to significantly reduce the difficulty of brute
force.

But it sure beats using an _identical_ password everywhere, and it does have
the one major (and massive) advantage of using an identical password on n
sites: you only have to remember O(1) things as opposed to O(n). And it can
still be done completely in your head, as opposed to other schemes ("real"
hashing schemes, password managers) which may introduce their own
invulnerabilities or will lock you out from accounts on other computers.

~~~
stcredzero
_...it can still be done completely in your head, as opposed to other schemes
("real" hashing schemes, password managers)_

I'm using a free password manager (KeePassX) with the file hosted on Dropbox
for a couple of years now. I've not had any major trouble with it.

People might like to note, though, that my 16 character randomly password
(lowercase letters and numbers for over 128 bits of entropy) was still cracked
during the LinkedIn incident. I'm switching to 24 character passwords now.

~~~
mistercow
Isn't that putting a lot of trust into Dropbox, and into your own ability to
make sure that you never accidentally leave a computer logged in on Dropbox?

~~~
stcredzero
The KeePass file has its own encryption. Just devise one password with enough
entropy.

~~~
mistercow
Oh, that makes sense.

------
snitzr
Why not use a password manager? You only need one password and don't have to
do salt tricks. There are even password managers with 2-factor login. Unique
strong passwords for each site auto filled. Super easy.

~~~
tjoff
Because most of us want to be able to use any device in the world without
relying on any third party to login to a certain website.

~~~
snitzr
They need an app for that. Not one that helps you login quickly on your own
machine or phone, but one that helps you login to your sites on a 3rd party
computer.

------
tjoff
This is, in my opinion, the best way (by far) to handle passwords for non-
security-critical accounts.

Came across this forum that you last visited 7 years ago? Remember the
password? With this technique you will, without resorting to password managers
- and still have a unique password on every site.

Remember not to make your salt obvious though. In other words don't just
append the domain name in front of the password or it will be quite worthless.
Instead take for instance the third letter in your password and let it be the
second-to-last letter in the domain name (and do some further
transformations), and you're good to go. You will remember the specific
password for sites you go to often but for any site you will be able to "re-
generate" the password in your head.

~~~
bigiain
" … without resorting to password managers"

What do you find so hard about "resorting to password managers"?

For me, I reckon adopting 1Password has _reduced_ the amount of hassle dealing
with passwords causes me. 95+% of every website login has become command-
slash-return. Registering for new sites has added a single click to the "do
you want to save this login" popup.

Since I always carry my smartphone, I've _always_ got my passwords securely
stored in my pocket, as well as on my Pad, laptop, and work machine. I find it
hard to understand why people _don't_ use some sort of password safe software…

~~~
tjoff
So you write your password off your smartphone? And you call that reducing the
amount of hassle?

"command-slash-return" isn't acceptable security either, I must be able to
lend out my computer without reducing the barrier to my online accounts.

Also if I lost my phone (it breaks or get stolen) I _must_ still have the
freedom to be able to use the internet...

Everyone I've ever met that to my knowledge uses a password manager has, _in
my presence_ , been limited by it. No way on earth I'd put up with that.

~~~
bigiain
No no, sorry - I wasn't clear enough. Let me clarify.

Transcribing passwords off my phone is always available as a last resort (most
commonly used at the terminal in the datacenter, so extremely rarely). Almost
all password entry is autofilled (via browser extensions) or cut/pasted from
the 1Passwrod app.

"command-slash-return" - also needs my password safe passphrase (unless I've
entered it in that last 5 mins and the machine hasnt slept or entered
screensaver mode).

My phone is only one of devices with synced copies of my password safe data.

The only "limit" I've ever felt I've had since getting properly invested in
using 1Password is that I now occasionally waste time having to "back
down"from my default 16 random char passwords when somewhere won't accpet that
length or charset.

~~~
tjoff
Well, in cases where you can't (or don't want to) install browser extensions
it is an astronomical limitation.

Even without the cases of your phone being stolen/lost/battery-empty the
hassle is just waay too much to even consider it.

------
jackalope
By all means, strengthen your passwords. But a major flaw in this approach and
many others is that there is no validation step at the end. These days, users
must ask themselves questions like, "Is the hash of this password likely to be
in a rainbow table?" or "If an attacker knows two of my passwords, can they
determine the rest?" Any sufficiently random and/or complex approach is still
capable of generating weak passwords. Unfortunately, the only question users
tend to ask themselves is, "Can another human guess my password?" That's not
enough and hasn't been for a long, long time.

------
timtadh
I have been experimenting with using what I call a "site specific password
munger." Basically it takes a key (random data stored on the computer), a
password, and a site identifier (say: "hnews") and produces a password. I have
been using it for several sites I use frequently and so far I have found it to
work quite well. When I am remote, I use my phone to ssh into a secure server
to compute the passwords and then copy them off the screen.

<https://github.com/timtadh/passmash>

~~~
JonnieCache
pwdhash is a project out of stanford that wraps all this up into a browser
extension. It just hashes your password with the domain you're logging into.

<https://www.pwdhash.com/>

the paper: <http://crypto.stanford.edu/PwdHash/pwdhash.pdf>

~~~
muellerwolfram
wow thats so cool. for a long time now, i've been looking for a solution. i
tried keepass, but it doesn't really work well in linux, and i don't have my
passwords on other computers.

then i tried lastpass, but i don't like the idea of my passwords beeing stored
somewhere else (even though they are encrypted).

this sounds like a solid solution to the easy-to-remember but different-
password-for-each-site problem. definitely gonna give it a try.

~~~
Nick_C
> i tried keepass, but it doesn't really work well in linux,

Try KeePassX <http://www.keepassx.org/> which works really well in Linux. It
even has a hot key to push username and password into the appropriate fields
in the browser.

I installed it a week or so ago (after trying others) and am pretty impressed
so far.

------
pbreit
I don't do anything of the sort and not only do I sleep fine at night, I don't
have to go through some ridiculous ritual 100 times per day just to log in to
a web site.

------
skrebbel
if your password handling affects your sleep, you need a more rigorous
solution than a little piece of software.

------
fexl
Use five random words from diceware.com to create a password, and you will
have 65 bits of strength. No more tossing and turning.

~~~
mistercow
That's good advice but it doesn't protect you from your password having the
same hash on multiple sites.

~~~
fexl
If you use a distinct random passphrase on each site, they are virtually
guaranteed not to hash to the same value under any hashing scheme. What
obvious point am I missing here?

------
tzaman
Dude, just use bcrypt, no need to reinvent the wheel

~~~
gvb
Dude, read the article (the title is misleading). He is talking about creating
a password that he can memorize, not about encrypting his password.

~~~
jackalope
Misleading is an understatement. This is exactly the kind of article you don't
want a developer/admin to read when searching for information on password
salting.

------
mistercow
First of all, choosing nursery rhymes or movie titles isn't much better than
choosing dictionary words. That strategy has been shown to have low entropy.
Multiword passwords _are_ easier to remember, but you need something actually
random. If you want a strong multiword password, it's a good idea to have an
actual RNG do it for you, so you can use something like <http://passphra.se/>.
If they don't already, hackers will soon have dictionaries that will crack
passwords like "ring around the rosy" and "there is no spoon" as easily as
"champagne", but they're never going to crack a password like "eager man dirt
fly" in better than brute force time.

OK, so with that out of the way, let's say you've chosen a weak (and common)
password. If people start using this self-salting scheme, it's a fair bet
someone else that will use the same self-salt as you, and that means two
identical hashes in the database. That's bad news.

But it's also easy to fix. Simply choose some fixed salt to also add to your
password. It could be the first two letters of your username, for example.
That way, if "bobmarley" and "jackblack" both have the password "champagne"
and both used the first four letters of the website for their salt, then on
linked in one will be "linkbochampagne" and the other will be
"linkjachampagne", and they can rest knowing that it's _very_ unlikely that
their password will hash the same as someone else's.

