Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ab/passforge
zero-storage password management
https://github.com/ab/passforge
Last synced: about 1 month ago
JSON representation
zero-storage password management
- Host: GitHub
- URL: https://github.com/ab/passforge
- Owner: ab
- Created: 2012-06-06T21:59:07.000Z (over 12 years ago)
- Default Branch: master
- Last Pushed: 2012-12-27T22:04:50.000Z (almost 12 years ago)
- Last Synced: 2024-04-21T01:55:29.902Z (8 months ago)
- Language: JavaScript
- Size: 246 KB
- Stars: 2
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# TODO
- add test vectors to site
- implementation for iOS?
- tune iterations used for each strengthening factor
- add about page
- security
- threat model
- brute force on a leaked password
If a site you use suffers a breach of their passwords, you are still
probably OK. Even if
1. The site was storing passwords in plain text (shame on them).
2. The attacker links the account to you via email address or similar.
3. The attacker guesses you are using passforge, though the generated
passwords will be indistinguishable from randomly generated ones.
4. The attacker tries to brute force your master password and nickname.
Provided that you chose a master password with high entropy, it will
not be feasible for an attacker to recover it. The purpose of the
strengthening factor is to guard against this possibility. You can make
attacks of this form practically impossible by choosing a higher
strengthening factor. The resilience of passforge to attacks like this
is its primary advantage over similar zero-storage solutions that use a
small or fixed number of hash function iterations.
- strengthening factors
http://www.zdnet.com/blog/hardware/cheap-gpus-are-rendering-strong-passwords-useless/13125
http://blog.zorinaq.com/?e=43
- implementations
- speed
- tradeoffs vs. competititon
- fix up android app
- fix up logo