Idea #20975: "Small gnome password applet."

Ubuntu QA:

Blog

Brainstorm

Package status

The Ubuntu community has contributed 17459 ideas, 107690 comments, 2263278 votes

All more
Projects more
Global categories more
- Accessibility
- Documentation
- Education
- Gaming
- Graphics
- Hardware support
- Installation
- Internet & Networking
- Look and Feel
- Marketing
- Multimedia
- Office
- Programming
- Quality
- Security
- Server
- System
- Usability
- Others

Idea sandbox

Popular ideas

Ideas in development

Implemented ideas

Idea #20975: Small gnome password applet.

Written by danielpublicsweden the 8 Aug 09 at 20:29. Related project: Gnome. Status: New

Rationale

Since it seems like people are using the same passwords half across the internets and maybe even their own computer. :(

I would like to see a gnome applet that:

1. You use a master password. (One good, strong password to remember!) Even if this password is compromised, and thanks to the use of "description values", if this password is "lost", it do not threaten all your passwords.
You could even have an extra description values like "sausage"/"flower"/"badger", to get even higher security.

2. Generates your password through algorithms and descriptions on what you use it for. Site url/file/tags/etc. Plus possibilty to use extra personal values for heightened security.

3. _No storage_ of any passwords on disk. (No need for backup) Only descriptions is stored in a encrypted file. (See solution #2)

4. Should be easy to generate new strong passwords.

5. Should be able to autocomplete.

6. Should be useful when using another computer (Public/job) by use of "online" script, which is run locally from browser. Which is achieved by masterpassword + descriptions (as in the url+username/other values, for the site to access) As in: http://passwordmaker.org/passwordmaker.html

How it could work:
The password to use are generated by a master password and "description values" (url/username/tags/file/date/etc.) -> one way hash algorithm ( http://en.wikipedia.org/wiki/Cryptographic_hash_function )= message digest( http://www.rsa.com/rsalabs/node.asp?id=2176 )=password to use. READ ON PLEASE! :D

Should the descriptions part of the application be possible to backup? So that autocomplete etc. also gets backed up.

Thoughts:

However, this _do not_ protect one self from keyloggers/people looking over ones shoulder/social engineering, however it does protect you from one password compromised = the whole of your digital existence is compromised.

The use of loads of descriptions involved generating the password, could make it hard to remember all the values that generates the password. Could be a big problem when using a public terminal..

Tags: applet gnome password security

2
votes

2
votes

Solution #2: Passwordmaker and "description values/autocomplete" backup.

Written by danielpublicsweden the 9 Aug 09 at 07:25.

Since the description values of the "file/url/tag/etc." is a big part for generating the password through the one-way hash algorithm. (masterpassword+description values=message digest=password)
Its maybe not easy to remember exactly what values that was used for generating the password.
How could/should the backup be performed?

Suggestion: Compress it with in a encrypted LZMA (7zip), upload it to some site, put a generated password on it, upload function something like the excellent FEBE (http://customsoftwareconsult.com/extensions/febe/febe.html ), which uses http://box.net . Upon addition of autocomplete/generation of new password, give reminder of backup. As in: "Do you want to backup and upload now?"/"Remind me in x days".

Propose your solution

Attachments

No attachments.

Duplicates

[Report a duplicate and merge its votes to this idea]

Comments

cheesehead (Brainstorm moderator) wrote on the 8 Aug 09 at 22:21

Interesting. What happens to your access when you use a different computer while on vacation? Or when your hard drive dies without a recent backup?

kazagistar wrote on the 9 Aug 09 at 05:15

Or want to access websites from a computer running another OS?

danielpublicsweden wrote on the 9 Aug 09 at 06:18

@cheesehead: (Sorry about being lazy here, cut and pasted from mentioned site) You provide PASSWORDMAKER two pieces of information: a "master password" -- that one, single password you like -- and the URL of the website requiring a password. Through the magic of one-way hash algorithms, PASSWORDMAKER calculates a message digest, also known as a digital fingerprint, which can be used as your password for the website. Although one-way hash algorithms have a number of interesting characteristics, the one capitalized by PASSWORDMAKER is that the resulting fingerprint (password) does "not reveal anything about the input that was used to generate it." 1 In other words, if someone has one or more of your generated passwords, it is computationally infeasible for him to derive your master password or to calculate your other passwords. Computationally infeasible means even computers like this won't help! (Also see answer below, for crossplatform/public terminal use)

@kazagistar: same answer for you, since its not saved on your computer, and if you know your settings, you should be able to use the "online version", which really is a javasvript runnning locally in your browser. You can even run it on a cellphone/whatever if its supported.

Post your comment

Submit your idea