Documentation ¶
Index ¶
- func AlgorithmTypeToString(alg AlgorithmType) string
- func ExecKDF(kdftype KDFType, plainPass, salt []byte) ([]byte, error)
- func KDFTypeToString(kdftype KDFType) string
- func MakeFriendlyPassword(hash32 []byte, outputLength int) (string, error)
- func MakePassword(hash32 []byte, passFormat PassFmt) (string, error)
- type AlgorithmType
- type Format0Exported
- type KDFType
- type PassFmt
- type Seed
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AlgorithmTypeToString ¶
func AlgorithmTypeToString(alg AlgorithmType) string
func KDFTypeToString ¶
func MakeFriendlyPassword ¶
*Create a human readable password from a 32 byte seed. The password should minimize the hassle of typing it. Even if you normally use the calcpass browser plugin, sooner or later you'll find yourself entering a password manually on your smartphone or TV.
We should also minimize chances that an archaic website with stupid password limitations will reject the password.
Passwords from this function will be:
- 12 characters long.
- Start with a capital A-Z.
- Followed by ten lowercase a-z.
- End with 0-9.
For example: Szbhgdixtgw9
If your are being targeted and your adversary knows that you use calcpass then he must make 36 quadrillion guesses (10^16). This is not viable for an online (over a network) attack.
For comparison, an 8 character password using an alphabet of 72 characters (mixed case and ten specials), has a strength of only 10^14 and is much harder to type.
Because the characters are random, these passwords will likely resist the most common types of offline cracking attempts: dictionary and "hybrid".
These passwords are NOT long enough to withstand a targeted offline cracking attempt. Therefore they should not be used for encryption keys unless a slow KDF function is also used.
Finally, keep in mind that passwords from this function are only as strong as the seed used. For example, if the seed was created as the hash of a 4 digit number that means there are only 10,000 possible seeds. If the attacker knows this then your password is easily guessable!
For some interesting research regarding online vs offline password strength please read:
"An Administrator’s Guide to Internet Password Research" Dinei Florêncio and Cormac Herley, Microsoft Research; Paul C. van Oorschot, Carleton University https://www.usenix.org/conference/lisa14/conference-program/presentation/florencio
Types ¶
type Format0Exported ¶
type Format0Exported struct { SeedName string ByteWordLines string /*The same data as base64 to be used to output a QR code.*/ Base64ForQRCode string }
Format 0:
0 : FormatVer 0x00 1 : encryptionKDFType 2-9 : KDF-Salt --- Encrypted 10-25: seed.Bytes (16 bytes) 26 : seed.DefaultPasswordFormat 27 : seed.Algorithm --- End Encrypted 28-N : Seed Name (Not included in printed bytewords) N+1-N+4: Inner MAC (HmacSha256 of all the above before encryption truncated to 4 bytes) N+5-N+6: Outer Checksum (sha256 truncated to 2 bytes)
func Format0_Export ¶
func Format0_Export(seed *Seed, encryptionPassword []byte, encryptionKDFType KDFType) (*Format0Exported, error)
func (*Format0Exported) String ¶
func (self *Format0Exported) String() string
type Seed ¶
type Seed struct { Name string //The 128bit random seed Bytes [16]byte //The algorithm which is used to calculate the password from the seed Algorithm AlgorithmType //The default password output format DefaultPasswordFormat PassFmt }
* The seed and it's associated parameters. These values should be considered fixed for the life of the seed.
func Format0_ImportPrinted ¶
func Format0_ImportRaw ¶
func ImportFromQRCode ¶
func (*Seed) CalculatePassword ¶
Directories ¶
Path | Synopsis |
---|---|
* Code for generating a printable wallet-sized card containing random password characters.
|
* Code for generating a printable wallet-sized card containing random password characters. |
cmd
|
|
*Run bcrypt password hash in parallel threads and combine the results.
|
*Run bcrypt password hash in parallel threads and combine the results. |
The type 2017a password is calculated like so (pseudo-code): stretchedmaster = StretchMasterPassword(yourMasterPassword, yourEmailAddress) sitekey = MakeSiteKey(stretchedmaster, 'example.com', 0) //revision 0 cardCoordinate1, cardCoordinate2 = MakeSiteCoordinates(sitekey, 2) eightCharsFromCard = youGoLookup(cardCoordinate1, cardCoordinate2) finalSeed = StretchSiteCardMix(MixSiteAndCard(sitekey, eightCharsFromCard)) finalPassword = MakeFriendlyPassword12a(finalSeed) This construction achieves these goals: 1.
|
The type 2017a password is calculated like so (pseudo-code): stretchedmaster = StretchMasterPassword(yourMasterPassword, yourEmailAddress) sitekey = MakeSiteKey(stretchedmaster, 'example.com', 0) //revision 0 cardCoordinate1, cardCoordinate2 = MakeSiteCoordinates(sitekey, 2) eightCharsFromCard = youGoLookup(cardCoordinate1, cardCoordinate2) finalSeed = StretchSiteCardMix(MixSiteAndCard(sitekey, eightCharsFromCard)) finalPassword = MakeFriendlyPassword12a(finalSeed) This construction achieves these goals: 1. |
*Utility functions needed by calcpass.
|
*Utility functions needed by calcpass. |