HashMask is a browser extension for your password fields.
It's meant to help prevent some errors when logging into various websites.
It does this by giving you a consistent sparkline representing your
passwords. On any site you visit with a password field, start typing,
and a little colored sparkline will appear. This is your clue -
try and remember something about the color, shape, or both. Before
you know it, your login error rate will drop immensely.
Of course, it's just an aid - if you can't remember all your sparklines,
don't worry about it! It's just a visual aid. Use it, or not, however
you want. Perhaps only remembering one or two really important sparklines
for a password you forget or mistype often would be useful, or perhaps
you can try to remember all of them. Either way, it's up to you.
As always, Wikipedia
has some pretty good information on salts.
In the case of HashMask, we use it to provide an attacker even more
difficulties in guessing your password. Even if they can replay
each image of your sparkline, without the salt that we generate for
you by default, they can't get your password.
We should make special note that your salt will, by default, be different
on different machines. Each time you download HashMask onto a different
browser, we will generate a new salt for you. If you want to use HashMask
on different browsers or computers, we advise manually copying your salt
into those other browsers/machines. This only needs to be done once,
so it's not too bad.
Pretty simple, actually. It represents, in milliseconds, the amount
of time lag that occurs before your hash appears.
We use a default lag of 0ms, so the HashMask should appear as soon as your
computer can compute the hash. Still, if you want to remove your salt
or something, you can still prevent eavesdroppers from figuring out your
password by delaying the image hashes that appear.
As always, Wikipedia
has some pretty good information about hash algorithms.
In the case of HashMask, we use it to provide you more options. If
you select a different hash algorithm than the default (SHA-256),
it's even harder for an attacker to guess your password, since they
can't even be sure of which algorithm you're using.
We make special note of one factor: SHA-1 is the fastest algorithm.
If you're noticing speed problems on any website after installing
HashMask, you might try switching to that algorithm (just click the SHA-1
radio button in the options page).
I'm no cryptologist. I'll bat this answer off to
Wikipedia
and TrueCrypt.
If you are knowledgable in such matters, and would like to check our implementation, that can be found
here.
It's minimized, however, so you may want to check out the original source, linked
here.
I'm still no cryptologist. I'll bat this answer off to
Wikipedia.
We'll add a special note that if you're having performance problems
with HashMask, this algorithm is probably the best option for you.
In any case, if you are knowledgable in such matters, and would like to check our implementation, that can be found
here.
It's minimized, however, so you may want to check out the original source, linked
here.
Still not a cryptologist. I'll bat this answer off to
Wikipedia
and TrueCrypt.
If you are knowledgable in such matters, and would like to check our implementation, that can be found
here.
It's minimized, however, so you may want to check out the original source, linked
here.
Cryptologist? Nope. I'll bat this answer off to
Wikipedia
and TrueCrypt.
If you are knowledgable in such matters, and would like to check our implementation, that can be found
here.
It's minimized, however, so you may want to check out the original source, linked
here.