0

What are potential security issues with the following password creation scheme:

  1. Choose a cryptographically secure hash function, call it hash()
  2. Choose a static master password, call it master
  3. To generate a password for a given site site with a username user, take hash(master|user|site) where | is concatenation and use the result as the password.

I can think of some issues with this but they are mostly implementation issues that could be solved by standardization and don't really hurt the security.

Some examples of the above would be: "One site needs multiple passwords" or "I need to change my password for a given site but I don't want to change my master password because that would require changing my password for all sites". Both of these could be solved relatively easily with simple changes to the schema (e.g. add a version number that get's hashed along with the other stuff) and so I'm not particularly concerned with these.

What are potential security issues with using this password generation scheme?

This is simple enough that I'm sure there is another question about it somewhere, but I couldn't find it.

In response to comments here is how this question differs from others on the site.

First hash of master and suffix has a clear problem that does not exist in this case. That question asks about hash(master|site). Anyone using the same scheme and same master password will have the same result password. By adding the user portion to the hash, we have essentially added a salt.

This question has essentially the same issue as above. In both of these cases, the generation scheme might work fine for personal use (when no one really knows your generation scheme), but it wouldn't scale securely.

This third question isn't really similar, but it is marked as a duplicate of this question (which is ironically already closed as too opinion-based), but actually is relevant to my particular question. This question in a sense is a non-opinion-based version of the last question I linked.

Liam
  • 179
  • 5
  • 2
    Possible duplicate of [Password generation based on hash of master password + suffix?](https://security.stackexchange.com/questions/104093/password-generation-based-on-hash-of-master-password-suffix), [Hash(master + hostname) password scheme for a server pool](https://security.stackexchange.com/questions/12090/hashmaster-hostname-password-scheme-for-a-server-pool), [Is this idea for a password manager secure? If so, why doesn't anybody use it?](https://security.stackexchange.com/questions/94106/is-this-idea-for-a-password-manager-secure-if-so-why-doesnt-anybody-use-it) and probably others. – Steffen Ullrich Jun 04 '17 at 19:51
  • Yeah, this it's certainly the same concept but with different implementation details. – user18519 Jun 04 '17 at 19:52
  • The immediate issue that exists there and not here is that anyone with the same master password will have the same result password. – Liam Jun 04 '17 at 19:53
  • 1
    @user18519: in this case I recommend to read the answers to [these questions](https://www.google.com/search?q=password+generation+scheme+hash+site%3Asecurity.stackexchange.com) and then ask a new question in a way which makes clear that you are aware of the other questions and how your specific implementation deals with the problems shown with the other ideas. – Steffen Ullrich Jun 04 '17 at 19:55
  • @SteffenUllrich I have edited to explain why it is not a duplicate. – Liam Jun 04 '17 at 20:11
  • @Liam: while you did address the weakness of other solutions which is not shared by yours you did not address the weakness which your solution has too. For example it says in [Password generation based on hash of master password + suffix?](https://security.stackexchange.com/a/104096/37315): *The main threat of this scheme is that any website to which you give a password can try to brute-force or dictionary attack your master password. Once they have it they can impersonate you in every other site you use this scheme.* Therefore I still view it as duplicate. – Steffen Ullrich Jun 04 '17 at 20:23
  • @roryalsop Although I'm not fully satisfied with the existing answers there, I have to agree that any answer here would be valid there. I guess I'll have to think harder about it myself. – Liam Jun 04 '17 at 21:07

0 Answers0