A really article on a tip to generate GOOD unhack-able password (but its app dependent) but truely unhackable..
http://yannesposito.com/Scratch/en/blog/Password-Management/
How does he do it? Simply using SHA1 (hashing) method.
Hash is not encrypt, altho it look like encryption, encryption is reversible (meaning if you know the encryption and appropriate keys, you could decrypt and get back the original password). Rather Encryption comes with Decryption method. where else Hash does not come with DeHash Method (altho some people are able to UnHash if the hash key is long enough). What hash does is it generates a random character based on the original Text that was entered. So meaning (if you and me already have a Common Key e.g 'cat') so when i want to send you some data i send you
a. the data
b. the data hashed (using the common key that we both share)
e.g (data=helloThereHowAreYou & Hash=40358a798d80439dcec0)
when you get the data, before reading it, you will hash the data with the common key, if your hash is the same as my sent hash, then the data has not been modified or changed during transmission and its trusted. More or less thats the idea altho i think the way i explain could be too complicated.
here is the thing about complicated-ness, if your not able to simplify, its means your not that good or that knowledgeable, priory to some people belief that by talking or explaining in complexity, shows that they are intelligent, i feel if you cant simplify, you full of ****.
You can also add in more parameters:-
http://yannesposito.com/Scratch/en/blog/Password-Management/
How does he do it? Simply using SHA1 (hashing) method.
Hash is not encrypt, altho it look like encryption, encryption is reversible (meaning if you know the encryption and appropriate keys, you could decrypt and get back the original password). Rather Encryption comes with Decryption method. where else Hash does not come with DeHash Method (altho some people are able to UnHash if the hash key is long enough). What hash does is it generates a random character based on the original Text that was entered. So meaning (if you and me already have a Common Key e.g 'cat') so when i want to send you some data i send you
a. the data
b. the data hashed (using the common key that we both share)
e.g (data=helloThereHowAreYou & Hash=40358a798d80439dcec0)
when you get the data, before reading it, you will hash the data with the common key, if your hash is the same as my sent hash, then the data has not been modified or changed during transmission and its trusted. More or less thats the idea altho i think the way i explain could be too complicated.
here is the thing about complicated-ness, if your not able to simplify, its means your not that good or that knowledgeable, priory to some people belief that by talking or explaining in complexity, shows that they are intelligent, i feel if you cant simplify, you full of ****.
So back to Password issue:-
sha1( master_password + domain_name )
Where:
master_passwordis your unique common master password,domain_nameis the domain name of the website you want the password for,
You can also add in more parameters:-
- the login name
- the password’s length,
- the password number (in order to change it),
- The output format: hexadecimal or base64.
No comments:
Post a Comment