Delving into Hashes: Functions, algorithms and applications
What is a derivative passwords manager?
In today's digital world, password security is more important than ever. Because cybercriminals are constantly looking for new ways to access our accounts and steal our data, one of the best ways to protect yourself is to use strong, unique passwords for each account.
However, remembering strong and unique passwords for all of our accounts can be difficult. That is why the use of password managers is an increasingly popular solution. In general, the authentication data in a traditional password manager incorporates both the user and password into a single data set that is encrypted with a master password. Knowledge of the master password reveals the entirety of the authentication data protected by the traditional manager and therefore, an attack aimed at determining a single critical piece of data can result in a catastrophic security failure.
LISTHASH implements a new form of password management that incorporates multiple checkpoints and allows for absolute privacy of user authentication data. By employing hash functions it provides the necessary mechanisms to create strong and secure passwords derived from user-supplied data in the password generation process. We call LISTHASH a derivative passwords manager, since it derives from base data in a chaotic but deterministic way new data that is complex enough to be used as passwords.
What is password derivation from a master seed?
Password derivation from a master seed is a method for generating secure and unique passwords from a single secret piece of data, known as a master seed. The master seed can be a word, a phrase, or a series of pieces of data whose only condition is to be long and complex enough to be difficult to guess, but which can be easily remembered by the user.
Once you have a master seed, you can use a hash function to generate unique passwords for each account. As we have already discussed, a hash function is a mathematical function that takes an input (in this case, the master seed) and converts it to an output (in this case, the password). The output of the hash function is always the same for the same input, but it is impossible to invert the function to get the input from the output.
How do hashes work to create passwords?
Using hashes to create passwords is a simple and effective way to protect authentication data. By combining a memorable phrase, key or data set with a secure hash function, you can create unique, hard-to-guess passwords that will keep your data safe from cybercriminals. The basic process to perform is as follows:
1. Choose a phrase, key or piece of data that represents a piece of information that can be easy to remember, but not easy to bind to the user, this will be the seed.
2. Use a hash function such as SHA-256 to convert the seed into a hash value. This hash value will be a unique and unrecognizable string of alphanumeric characters.
3. Adding salt, or "salting", to increase security. The salt is a secret value that is combined with the seed before the hash function is applied a second time, making it even more difficult for hackers to crack the password.
4. Map the result of the application of the hash function to a string of alphanumeric characters that can be used as a password.
Are there any risks in using password derivation from a master seed?
The main risk of using password derivation from a master seed is that if you lose your master seed or do not remember it, it will be impossible to access your accounts. Therefore, it is important to choose a master seed that can be easily remembered and store it in a safe place.
LISTHASH checkpoints
To achieve absolute privacy and the generation of strong and secure passwords, LISTHASH establishes three checkpoints in its derivation process:
1. Seed: Initially, a seed is used that not only provides a unique and memorable piece of information, but also the set of characters that will be used by the manager for password generation.
2. List of accounts: Each account registered in LISTHASH has a unique identifier and is represented with the data of service, user and the length of the password to be generated.
3. Secret codes: Finally, for the generation, the user provides secret codes that are easy to remember. These codes have the role of "salting" the final password generation, increasing the uncertainty of the result of the hash functions.
Important: Failure to possess the specific information at any of the above checkpoints will make it impossible to access the correct authentication data. Therefore, only complete knowledge of the specific data at each checkpoint will allow a password to be recovered. This process ensures that a breach of up to two checkpoints is useless for an attacker in his attempt to obtain the user's authentication data.
In addition, conventional password managers provide a clear signal to an attacker when they succeed in compromising the master password, since only decryption generates a readable result that allows access to the authentication data. In contrast, LISTHASH checkpoints always produce readable but invalid authentication values, since only accurate and correct data at each checkpoint will match a valid authentication data. A brute force attack under these conditions is useless, as it requires testing every possible combination directly on the service linked to an account, and this type of attack stops when exceeding the errors admissible by the service.
With LISTHASH, the user of the manager is not forced to give up his privacy or to entrust the security of his data to a service in the cloud that is susceptible to be hacked.