Skip to content

Home

Jump to bottom Edit New page
Johan Brinch edited this page Jun 13, 2013 · 20 revisions

What?

RndPhrase is a small add-on that will transform your everyday website passwords into highly secure domain specific passwords.

In short, RndPhrase is:

  • Secure: no one can hack your account by guessing the passphrase.
  • Simple: annoy the user as little as possible.
  • Trustworthy: open source and independent of servers storing your passphrase.
  • Flexible: if a website requires special formatting of the passphrase, just configure it (Currently only in Conkeror).

For a humorous comment, see Randall Munroe’s comic on the subject:
http://xkcd.com/792/

(The comic is part of the XKCD webcomic and is not affiliated with RndPhrase)

Why?

Just look at the recent passphrase dump from www.rockyou.com. RndPhrase helps you use unique passphrases for each domain. So even if one domain fails to secure your passphrase, the leaked passphrase will only be valid at their domain. Not anywhere else. All your other accounts are still secure.

Examples of compromised user databases:
2009, rockyou.com, 30 million users, passwords revealed.
2010, gawker.com, 1 million users, passwords revealed.
2011, trapster.com, 10 million users, password state unknown.
2011, Sony, 37.608 users confirmed (1 million claimed), passwords revealed.
2012, linkedin.com, 6.5 million passwords (unsalted SHA-1 hashes).

How?

RndPhrase will generate a unique passphrase for each domain. This is done using your passphrase, a predefined seed which is constant over all domains and – not surprising – the domain name. Using these three values, a random password is generated and used in place of your regular password. But don’t worry: you don’t have to remember the random password. Just your regular password.

All you need to do is to prefix your regular everyday password with ‘@’ and it will be transformed into a randomly generated secure password before being transfered to the webserver.

So what do I do?

To install the addon, follow these two steps:

  1. Grab the latest version of the source code from:
    https://github.com/brinchj/RndPhrase/tags
  2. Now run Make firefox_install, Make chrome_install or Make conkeror_mode.

You’re browser should automatically open with an install dialog (except Conkeror).
If this does not happen, you can find your addon in the “build” directory and open it manually.

You’re done! Go to some webpage and try it out!
Just tap ‘@’ in a password field to activate RndPhrase and watch the transformation ;-)

Blog

I have some more technical information on my blog at:
http://brinchj.blogspot.com/

Add a custom footer
Add a custom sidebar
Clone this wiki locally