We all know the importance of good passwords, and how dangerous it is to reuse passwords between websites. One breach and your whole weblife is open, right? So the alternative is random passwords for each website. That's great - strong, secure - but what if you need to get log in and you don't have 1Password or Keepass (etc) available?
Recently I saw an interesting article on Lifehacker, on using 'pseudorandom' passwords generated from md5 hashes. That's not a bad idea, but has some drawbacks. To start with, md5 is vulnerable to cracking via 'Rainbow Tables' - and there just isn't enough randomness to ensure security. But the idea is decent - why not enhance it a little bit to create passwords that are 'random' in appearance but could be regenerated?
While the original article suggested md5 as a password 'generator', I think something like PHP's mcrypt is much better suited. One could hack together a PHP script to generate passwords using one of the mcrypt encryption algorithms (good point #1: not everyone will use the same algo). Second, use a couple simple 'keywords' to generate a hash (sha1?) to use as the password. Why not use PHP to combine (predictably) several words (ie, hometown, nickname, etc) into a password that you use for mcrypt.
Obviously, I am not going to go into the specifics of how I might implement this. But I think the idea has potential.
- Add new comment
- 281 reads
- Printer-friendly version
