As I see it, the main benefit of deterministic password generation is the convenience of not needing a password database. Indeed, if the scheme is simple and/or portable enough (e.g., PBKDF2) you can implement it from scratch in a minute or two, depending on what software you have handy. The convenience breaks down as you need to maintain additional state: password rotation, site-specific password rules, etc.<p>Forgiva is based on the premise that a password generation scheme is more secure than a password database. I'm unconvinced in general; from what I see in the FAQ and the Ruby code on Github, even less so for this particular implementation. Spamming the input with an array of whatever OpenSSL algorithms Ruby happens to make available, rather than using a memory hard KDF like scrypt, is a bad smell.
> To crack a password with 70 bit entropy on a MacBook Pro Early 2013 it will take ~6 million years to complete all combinations on Normal complexity. On Intermediate complexity it will take ~24 million years and on Advanced complexity it will take ~280 million years to reach all combinations at minimum.<p>If you were cracking a password wouldn't it be significantly faster to use GPU(s) rather than CPUs [1]? If so, why bother mentioning how long it would take on a CPU at all?<p>[1] <a href="http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/" rel="nofollow">http://arstechnica.com/security/2012/12/25-gpu-cluster-crack...</a>
I'm reading the open source code and this thing is... odd. For instance: it has a "simple", "intermediate", and "advanced" password complexity, and depending on which you choose, it uses SHA1, SHA2-256, and SHA2-512 for the PBKDF2 hash. What does password complexity have to do with the strength of the algorithm used to generate passwords?<p>Also: it's 2016. Why is this using PBKDF2? If PBKDF2 is what you've got and you're protecting a website, that's fine, but this is a password manager.<p>Is the "commercial" version of this also Ruby code wrapping OpenSSL?
As an end user, I don't care about how the passwords are stored. I care mostly about two things:<p>1. How hard it is for someone to steal them
2. How easy they are to retrieve when I need them<p>I'm currently really happy with 1Password on both counts, and I don't really understand why I should move. A competitor would need to establish that they are at least as secure as 1Password, and this landing page doesn't do that at all. For all I know, it's been built by a nefarious hacker or some junior Node.js developer who's just discovered security.<p>Has it been audited? What is the roadmap for the project? These things are much more important than some technical explanation that I didn't really understand.
Your password will never be secure when you store it on someone else his disk or let someone else encrypt your password. Its not a matter of how, but when there will be a way to retreive those passwords by anything but you.<p>And its not just that, everything you use your passwords for these days, is stored on some sort of storage in a cloudy architecture. Scattered all over the world in thousands of datacenters. You probably are currently trusting thousands of people working over there, but you dont even know these guys. Terrible imho..
From the FAQ (<a href="https://forgiva.com/faq" rel="nofollow">https://forgiva.com/faq</a>):<p>> How about for sites with restrictive password requirements?<p>> Passwords, generated by Forgiva are offered with 16 characters minimum (you can go up to 32 characters by default) of length and 70 bits of entropy guaranteed on normal complexity level. And it is called on strong level for financial institutions and military grade applications.<p>> Thus it is not expected for any site to deny Forgiva generated passwords.<p>This seems naive, at best. If you can't store an eight character alphanumeric password, you're not usefully managing passwords.
A couple thoughts that came to mind as I was reading it:<p>1) How is this safer than a standard password manager with TOTP-based 2FA? The second token, either produced by TOTP or something like a Yubikey, would guard against keyloggers, since the one-time code is useless after it has been entered.<p>2) How is the certificate generated, and what is it based on? Is the cert unique per device, or would I copy it to my other devices that need to access Forgiva ala a public key?<p>3) There are some typos and other grammatical weirdness on the page that suggests English is not the writer's first language. That's fine, but it looks unprofessional. I can make some proofreading suggestions if you feel inclined. I don't really believe in this product, but I'd prefer it to be judged on its technical integrity rather than the quality of its marketing, so I'd be happy to help polish it up.
How does this compare to the KeePass family of pw-managers?
(Besides that Forgiva is closed source and KeePass is open source.)<p><i>Fixes poor passwords, accessibility and storage problems with highly secure way.</i><p>What does that even mean?
What would happen if the site's domain changes? Or my email changes? Or something else about the metadata changes?<p>Now what if this happens on a site where you can not reset passwords, such as blockchain.info, am I SOL?<p>I like storing passwords becuase I have 100% certainty that it won't just magically generate the wrong one.
The Windows 64-bit installer is giving a bad signature even though its SHA256 installer hash appears to be correct.<p>It <i>looks</i> like they used SHA1 checks in the installer. I suspect the author doesn't realize that older Win installers that use SHA1 are blindly rejected by Win10 as a security measure (mostly because it's so feasible to game).<p>It is a very poor introduction to the application on the majority platform.
I wrote something similar some time ago:
<a href="https://addons.mozilla.org/de/firefox/addon/masterkey/" rel="nofollow">https://addons.mozilla.org/de/firefox/addon/masterkey/</a>
<a href="https://github.com/ninov/masterkey-firefox" rel="nofollow">https://github.com/ninov/masterkey-firefox</a><p>Or as android app:
<a href="https://play.google.com/store/apps/details?id=de.ninov.masterkey&hl=de" rel="nofollow">https://play.google.com/store/apps/details?id=de.ninov.maste...</a><p>It works by using SHA256-HMAC on the service name with your master key as key and then encoding it in Base85 or Base62 (if you don't want special characters)
This is similar to masterpassword . They have a mobile app and desktop app . Moreover they are completely free .
<a href="http://masterpasswordapp.com/" rel="nofollow">http://masterpasswordapp.com/</a>
I don't have the time to review the design of this right now, but is there anything to stop attempts to crack the master password from a plain, or even hash of a derived password?<p>The encrypted password database is an advantage. You have to steal it to be able to even try cracking. If it's fully deterministic, anyone with any output can go nuts trying to crack the master password, and then get all other credentials.
At first I wondered if it was a spoof. However, it could be incorrect grammar:<p>> If you suspect against keyloggers or malware, Forgiva presents a visual confirmation ystem which leaves less hope for the attackers.<p>But maybe it's actually phishing?!?:<p>> And if you get registered, Forgiva uses your registration signature to generate special passwords for you. That means for a successful attack it will require keyboard and monitor access, plus a file system gain too.
Cool idea, but the main gripe I have with it is that the passwords it generates are clearly not made for remembering, but regenerating them takes multiple seconds.
How does this handle situations where the generated password isn't accepted by the site? eg. Is too long, absolutely must have at least one symbol and one number, etc.<p>How does this handle changing passwords? How can I know from the master secret that xyz.com is on the 4th password?
Why buy that, when there is open-source and free <a href="https://ssl.masterpasswordapp.com/" rel="nofollow">https://ssl.masterpasswordapp.com/</a>
I was planning to write one as I do not like existing ones but time is a slight issue: without versions for all platforms and some way to keep them in sync it is hard to switch...
This seems similar to Master Password (<a href="http://masterpasswordapp.com/" rel="nofollow">http://masterpasswordapp.com/</a>).
> To crack a password with 70 bit entrophy<p>Consider proof-reading the website: I wouldn't trust someone to do my crypto who can't spell the basics.
Semi OT, I wrote this satircal piece on how passwords are dead yesterday: <a href="https://news.ycombinator.com/item?id=12613433" rel="nofollow">https://news.ycombinator.com/item?id=12613433</a>