-
Notifications
You must be signed in to change notification settings - Fork 12
Allow user to set alternative hashing algorithm #14
Comments
Other tweaks that could be made:
Open questions are:
|
Another thing to consider is the addition of a salt. Maybe use HMAC or something to mix the salt with the nickname? That way the "salt" argument to (b|s)crypt is truly unique per user instead of potentially being consistent for people (e.g. everyone choosing This could be an optional feature that gets saved into the setttings. Then again, if you are going to care enough to want to use scrypt over MD5, it probably should be required so that people don't forget to set it (i.e. if you think "salt" is something you put on your food, v2 is not for you). |
First off, that website gives no details on how that number is calculated, so I consider it a dubious value. Second, what exactly are you protecting against? The threat model only worries if an adversary figures out you are using Oplop, gets a hold of an account password, and knows the nickname used for that account password. Even step 1 is difficult unless you advertise the fact you use Oplop online. Otherwise if someone breaks into e.g. LinkedIn and manages to crack every password by figuring out the salt used and thus gets your account password for LinkedIn, who cares? Unless they piece together that your account password came from Oplop and they explicitly want to attack you are they going to bother with trying to get your master password (unless you have been reusing account passwords in which case I can't help you =). As for scrypt over md5, it's is more difficult to reverse as scrypt is specifically designed to be a costly algorithm to use. |
And both the use of md5 and the length choice are discussed in the FAQ. |
Possible approach as outlined by a user: https://plus.google.com/u/0/110389149377588379226/posts/9JNJcm4PzUF |
FYI, almost all of the suggestions here are exactly what has been done by Master Password: http://masterpasswordapp.com/algorithm.html |
@brettcannon Thanks for Oplop, it's been a useful tool. I've been working on an update of the Oplop algorithm, tentatively calling it either Oplop v2 or Oplop 2019 (more on that below). The intent is to improve the generated passwords to be adequate for several years, the way Oplop v1 has been. Implementations can support both versions to facilitate user migration, and new users should start with the newest version. I'd be interested in any comments on the plan, and if you'd rather it not be associated with Oplop then let me know. Strengths of Oplop v1
Weaknesses of Oplop v1
Proposed Oplop v2
Proposal for future upgradesAs an alternative to being a one-time update of the algorithm, this could be the start of a sequence of updates. For example, using a hash function such as bcrypt with tunable difficulty parameters will require fixing the values of those parameters so all implementations are using the same values. But the purpose of those parameters is to allow increasing difficulty over time in response to Moore's law or whatever. A future update of the Oplop algorithm could include adjustments to those parameters. A standard upgrage workflow that does not excessively burden the user experience could be used repeatedly. So for example today's proposed update could be called Oplop 2019, and use bcrypt with certain parameter values. The next update might be Oplop 2024 using different parameters or a different hashing algorithm, and maybe also producing longer passwords with more permitted characters in them. These decisions can be made in the future based on what makes sense at that time. Keeping with the light weight mental overhead, users should be able to fairly easily recall e.g., that they have migrated everything from Oplop v1 to Oplop 2019, or that are in the process of migrating from Oplop 2019 to Oplop 2024. There might be no getting around the tedium of manually changing all of one's account passwords, but the workflow would be intuitive and able to be done gradually during the course of normal usage. Choosing a new hashing functionPBKDF2, bcrypt, scrypt, and Argon2 all seem to be reasonable candidates from a security perspective. Possibly a more important consideration is the availability and quality of implementations across many programming languages, including the ease of using them in an Oplop implementation. Choosing random valuesA simple pseudo-random number generator (PRNG) seeded with bytes from the digest is used to enforce the password policy constraints. Proposed steps for Oplop 2019
Open questions
Referenceshttps://github.com/brettcannon/oplop |
I would increase the length to 16 characters, otherwise sounds like a reasonable update! One thing I would say is that there be no tunable arguments and it is very much a "version 1 vs version 2" choice. That makes it easy to just add a single enum-like value to one's list of labels so that you can track which version to use compared to having to track more details. As for forking this, that's totally fine with a name change. I actually don't use the project anymore so no need to involve me (link back is nice to show where the idea originally came from and to communicate to folks it is a fork). |
Since I am not developing this project anymore, I'm archiving the repository. |
Either bcrypt or scrypt. That way people worried about MD5 can stop worrying. Can also reverse string concatenation order to deal with lengthening attacks.
This is essentially Oplop v2. Would require a VERY visual shift in the UI so people know which algorithm they are using (different colours and icon?).
The text was updated successfully, but these errors were encountered: