Fwd: confirm 9a85e83e9531356d37cfd8581573d167b99c16f8
Graham Fawcett
fawcett at uwindsor.ca
Fri Apr 11 13:27:32 PDT 2014
On Friday, 11 April 2014 at 16:42:30 UTC, Walter Bright wrote:
> On 4/11/2014 5:18 AM, Steven Schveighoffer wrote:
>> If, after the last year of hacking, and the heartbleed bug,
>> people are not using
>> password tracker/generators, you haven't learned anything :)
>
> But those pw managers are a single point of failure. One
> mistake and you've compromised or lost everything. If your
> machine it is installed on is stolen, you've lost all your
> passwords. Etc.
For less critical passwords, I use a JavaScript bookmarklet with
the code below. It's mostly an MD5 implementation. It takes the
base URL of the current page, concatenates a salt, and then
MD5-hashes the result. Then it pops up a dialog box containing
the hash, and that's my password for that site.
It doesn't work on crappy sites with silly restrictions (so many
numbers, no more than X characters -- that last one especially
makes my blood boil, because you *know* they aren't properly
hashing your password), but most modern sites accept it just fine.
Please don't use this yourself without changing the salt to
something very un-guessable. And please don't hack my system,
grab my bookmark settings, and figure out my salt...
I don't remember where I found the MD5 implementation. It's not
mine, and I didn't keep a reference.
Graham
javascript:var host=document.location.host; var hexcase = 0; /*
hex output format. 0 - lowercase; 1 - uppercase */ var
b64pad = ""; /* base-64 pad character. "=" for strict RFC
compliance */ var chrsz = 8; /* bits per input character. 8
- ASCII; 16 - Unicode */ function hex_md5(s){ return
binl2hex(core_md5(str2binl(s), s.length * chrsz));} function
b64_md5(s){ return binl2b64(core_md5(str2binl(s), s.length *
chrsz));} function str_md5(s){ return
binl2str(core_md5(str2binl(s), s.length * chrsz));} function
hex_hmac_md5(key, data) { return binl2hex(core_hmac_md5(key,
data)); } function b64_hmac_md5(key, data) { return
binl2b64(core_hmac_md5(key, data)); } function str_hmac_md5(key,
data) { return binl2str(core_hmac_md5(key, data)); } /* *
Perform a simple self-test to see if the VM is working */
function md5_vm_test() { return hex_md5("abc") ==
"900150983cd24fb0d6963f7d28e17f72"; } /* * Calculate the MD5 of
an array of little-endian words, and a bit length */ function
core_md5(x, len) { /* append padding */ x[len >> 5] |= 0x80
<< ((len) %25 32); x[(((len + 64) >>> 9) << 4) + 14] = len;
var a = 1732584193; var b = -271733879; var c = -1732584194;
var d = 271733878; for(var i = 0; i < x.length; i += 16)
{ var olda = a; var oldb = b; var oldc = c; var
oldd = d; a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);
d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586); c =
md5_ff(c, d, a, b, x[i+ 2], 17, 606105819); b = md5_ff(b, c,
d, a, x[i+ 3], 22, -1044525330); a = md5_ff(a, b, c, d, x[i+
4], 7 , -176418897); d = md5_ff(d, a, b, c, x[i+ 5], 12,
1200080426); c = md5_ff(c, d, a, b, x[i+ 6], 17,
-1473231341); b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983);
a = md5_ff(a, b, c, d, x[i+ 8], 7 , 1770035416); d =
md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417); c = md5_ff(c,
d, a, b, x[i+10], 17, -42063); b = md5_ff(b, c, d, a,
x[i+11], 22, -1990404162); a = md5_ff(a, b, c, d, x[i+12], 7
, 1804603682); d = md5_ff(d, a, b, c, x[i+13], 12,
-40341101); c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290);
b = md5_ff(b, c, d, a, x[i+15], 22, 1236535329); a =
md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510); d = md5_gg(d, a,
b, c, x[i+ 6], 9 , -1069501632); c = md5_gg(c, d, a, b,
x[i+11], 14, 643717713); b = md5_gg(b, c, d, a, x[i+ 0], 20,
-373897302); a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691);
d = md5_gg(d, a, b, c, x[i+10], 9 , 38016083); c =
md5_gg(c, d, a, b, x[i+15], 14, -660478335); b = md5_gg(b, c,
d, a, x[i+ 4], 20, -405537848); a = md5_gg(a, b, c, d, x[i+
9], 5 , 568446438); d = md5_gg(d, a, b, c, x[i+14], 9 ,
-1019803690); c = md5_gg(c, d, a, b, x[i+ 3], 14,
-187363961); b = md5_gg(b, c, d, a, x[i+ 8], 20,
1163531501); a = md5_gg(a, b, c, d, x[i+13], 5 ,
-1444681467); d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784);
c = md5_gg(c, d, a, b, x[i+ 7], 14, 1735328473); b =
md5_gg(b, c, d, a, x[i+12], 20, -1926607734); a = md5_hh(a,
b, c, d, x[i+ 5], 4 , -378558); d = md5_hh(d, a, b, c, x[i+
8], 11, -2022574463); c = md5_hh(c, d, a, b, x[i+11], 16,
1839030562); b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);
a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060); d =
md5_hh(d, a, b, c, x[i+ 4], 11, 1272893353); c = md5_hh(c,
d, a, b, x[i+ 7], 16, -155497632); b = md5_hh(b, c, d, a,
x[i+10], 23, -1094730640); a = md5_hh(a, b, c, d, x[i+13], 4
, 681279174); d = md5_hh(d, a, b, c, x[i+ 0], 11,
-358537222); c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979);
b = md5_hh(b, c, d, a, x[i+ 6], 23, 76029189); a =
md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487); d = md5_hh(d, a,
b, c, x[i+12], 11, -421815835); c = md5_hh(c, d, a, b,
x[i+15], 16, 530742520); b = md5_hh(b, c, d, a, x[i+ 2], 23,
-995338651); a = md5_ii(a, b, c, d, x[i+ 0], 6 ,
-198630844); d = md5_ii(d, a, b, c, x[i+ 7], 10,
1126891415); c = md5_ii(c, d, a, b, x[i+14], 15,
-1416354905); b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055);
a = md5_ii(a, b, c, d, x[i+12], 6 , 1700485571); d =
md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606); c = md5_ii(c,
d, a, b, x[i+10], 15, -1051523); b = md5_ii(b, c, d, a, x[i+
1], 21, -2054922799); a = md5_ii(a, b, c, d, x[i+ 8], 6 ,
1873313359); d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);
c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380); b =
md5_ii(b, c, d, a, x[i+13], 21, 1309151649); a = md5_ii(a,
b, c, d, x[i+ 4], 6 , -145523070); d = md5_ii(d, a, b, c,
x[i+11], 10, -1120210379); c = md5_ii(c, d, a, b, x[i+ 2],
15, 718787259); b = md5_ii(b, c, d, a, x[i+ 9], 21,
-343485551); a = safe_add(a, olda); b = safe_add(b,
oldb); c = safe_add(c, oldc); d = safe_add(d, oldd); }
return Array(a, b, c, d); } /* * These functions implement
the four basic operations the algorithm uses. */ function
md5_cmn(q, a, b, x, s, t) { return
safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b);
} function md5_ff(a, b, c, d, x, s, t) { return md5_cmn((b & c)
| ((~b) & d), a, b, x, s, t); } function md5_gg(a, b, c, d, x, s,
t) { return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t); }
function md5_hh(a, b, c, d, x, s, t) { return md5_cmn(b ^ c ^
d, a, b, x, s, t); } function md5_ii(a, b, c, d, x, s, t) {
return md5_cmn(c ^ (b | (~d)), a, b, x, s, t); } /* * Calculate
the HMAC-MD5, of a key and some data */ function
core_hmac_md5(key, data) { var bkey = str2binl(key);
if(bkey.length > 16) bkey = core_md5(bkey, key.length * chrsz);
var ipad = Array(16), opad = Array(16); for(var i = 0; i < 16;
i++) { ipad[i] = bkey[i] ^ 0x36363636; opad[i] =
bkey[i] ^ 0x5C5C5C5C; } var hash =
core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz);
return core_md5(opad.concat(hash), 512 + 128); } /* * Add
integers, wrapping at 2^32. This uses 16-bit operations
internally * to work around bugs in some JS interpreters. */
function safe_add(x, y) { var lsw = (x & 0xFFFF) + (y &
0xFFFF); var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
return (msw << 16) | (lsw & 0xFFFF); } /* * Bitwise rotate a
32-bit number to the left. */ function bit_rol(num, cnt) {
return (num << cnt) | (num >>> (32 - cnt)); } /* * Convert a
string to an array of little-endian words * If chrsz is ASCII,
characters >255 have their hi-byte silently ignored. */ function
str2binl(str) { var bin = Array(); var mask = (1 << chrsz) -
1; for(var i = 0; i < str.length * chrsz; i += chrsz)
bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (i%25 32);
return bin; } /* * Convert an array of little-endian words to a
string */ function binl2str(bin) { var str = ""; var mask =
(1 << chrsz) - 1; for(var i = 0; i < bin.length * 32; i +=
chrsz) str += String.fromCharCode((bin[i>>5] >>> (i %25 32))
& mask); return str; } /* * Convert an array of little-endian
words to a hex string. */ function binl2hex(binarray) { var
hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";
var str = ""; for(var i = 0; i < binarray.length * 4; i++) {
str += hex_tab.charAt((binarray[i>>2] >> ((i%25 4)*8+4)) &
0xF) + hex_tab.charAt((binarray[i>>2] >> ((i%25 4)*8
)) & 0xF); } return str; } /* * Convert an array of
little-endian words to a base-64 string */ function
binl2b64(binarray) { var tab =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var str = ""; for(var i = 0; i < binarray.length * 4; i += 3)
{ var triplet = (((binarray[i >> 2] >> 8 * ( i %25 4))
& 0xFF) << 16) | (((binarray[i+1 >> 2] >> 8 *
((i+1)%25 4)) & 0xFF) << 8 ) | ((binarray[i+2 >>
2] >> 8 * ((i+2)%25 4)) & 0xFF); for(var j = 0; j < 4; j++)
{ if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;
else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F); }
} return str; } ; var SALT='YOUR_SALT_GOES_HERE';
prompt('result for ' + host + ':', (b64_md5(SALT +
':&#*$'%20+%20host)));%20void(0);
More information about the Digitalmars-d
mailing list