

Show HN: NullPass, a stateless password manager written in JavaScript - adammacleod
http://www.nullpass.org/

======
gfxmonk
Have you seen SuperGenPass? It's much the same concept, and has been around
for years (including browser extensions, etc).

[http://supergenpass.com/](http://supergenpass.com/)

For the justifiably paranoid, a web service is not going to cut it (lack of
https is just the start - relying on any web service is a _lot_ of trust to
put in such an Important Thing). Even if you are as trustworthy as I'd hope,
it's foolish to even allow the possibility of you (or your service) being
compromised to affect the safety of my passwords.

Personally, I use a command-line implementation of SuperGenPass that a friend
of mine wrote (and I host at github:gfxmonk/supergenpass). It avoids all sorts
of spoofing / browser vulnerabilities, and is reasonably convenient with
something like Guake.

I'm not trying to diss the concept at all - I love this kind of thing, and
honestly can't understand why it isn't more widely used / encouraged. But It's
worth pointing out what already exists in the space.

~~~
nicwolff
SuperGenPass credits me as the originator of the idea, my page is still up at
[http://angel.net/~nic/passwd.html](http://angel.net/~nic/passwd.html).

NullPass isn't a Web service, it's a one-page Javascript app like mine and
SuperGenPass. But it loads a bunch of libraries, so it can't as easily be
copied for safe offline or local use.

~~~
adammacleod
Neat! Yours looks very nice.

I never realised there were so many implementations of this floating around.
It might be a neat idea to inline/reduce the libraries I used to more easily
distribute for offline. Although I have to say that I don't feel this is any
less safe because it can't run locally :)

Thanks for your input :)

------
kseistrup
The problems with these master password implementations comes when you want to
change the password for one site only. Sure, I can add a token in addition to
the domain. But what token did I add to which domain? If I have to remember
individual tokens I might as well remember the entire password. A solution
could be to generate a “salt” for each domain, but then we're no longer
stateless…

~~~
gfxmonk
One solution is to use a separate storage for salts (or hints, really - it
doesn't need to be a complex scheme, since we're hashing it anyway).

I do this myself with supergenpass, for when a site's password DB gets
compromised (a common enough occurrence these days).

Importantly, this augmented state is a convenience - it's not irreplaceable.
If I find myself _without_ my list of hints, I am not completely screwed -
I'll just have a harder time logging into those few sites, and it's quite
likely I'll remember the right hint after a few tries from memory if I really
need to.

~~~
eximius
This post kind of inspired me to whip this up (probably not original, but it's
minimal):
[https://bitbucket.org/logannc/deterministichashpass](https://bitbucket.org/logannc/deterministichashpass)

Basically the same idea but seeds a random number generator with the master
password and the service name to have an infinite supply of passwords.
Technically no state is needed because Python's random module is
deterministic, but I will end up saving the state with the service name and
the index of the random number so that I don't have to try each and every one
(not that I change passwords that often, for better or worse).

And, for convenience, since I won't be saving the master password, I'm looking
into adding a credential cache like sudo has.

------
adammacleod
Hi all, this is the first side project I've had that I've been happy enough to
share with the world at large. I hope someone finds it useful and would be
very eager for some feedback :) (Especially negative!)

------
inetsee
I've been using PassHash
"[http://passhash.connorhd.co.uk/"](http://passhash.connorhd.co.uk/") for a
while now and I really like it. If I understand your application correctly,
PassHash does essentially the same thing as NullPass. I run PassHash using a
local copy of PassHash so I don't have to worry about MITM attacks.

~~~
adammacleod
Looks identical to NullPass, I'll check it out.

Thanks for your input :)

------
pwg
Is there a reason why you are using straight sha512 with concatenated elements
instead of using a sha512 HMAC with the local password as the key to the HMAC?

[http://en.wikipedia.org/wiki/Hash-
based_message_authenticati...](http://en.wikipedia.org/wiki/Hash-
based_message_authentication_code)

~~~
adammacleod
No, not really. I do like having the length concatenated inside as well, as
this provides a unique password for different lengths (useful to quickly
visually identify if a password looks 'right').

Is there any reason why HMAC would be better than my current implementation? I
have had a read over the article and it seems that straight SHA512 should have
similar cryptographic strength.

Thanks for your input!

~~~
pwg
Read the "Design Principles" section more carefully. Simple concatenation
suffers from several different attack vectors.

~~~
adammacleod
Thank you.

I am concerned about changing the algorithm at this point in case anyone has
already used it. I don't think there are any serious concerns but will report
back if I find any (after taking some more time). Of course if anyone knows
this stuff very well I'd be very eager for some feedback!

~~~
pwg
> Of course if anyone knows this stuff very well I'd be very eager for some
> feedback!

Exactly why you should be considering changing the algorithm.

[http://happybearsoftware.com/you-are-dangerously-bad-at-
cryp...](http://happybearsoftware.com/you-are-dangerously-bad-at-
cryptography.html)

------
kseistrup
Nice, except it resembles Cryptnos
[http://www.cryptnos.com/onlinerevs/prod/](http://www.cryptnos.com/onlinerevs/prod/)
with most options removed.

