aripollak
commented
12 years ago SGP3 beta has SHA512 support, so it would be nice to support that too: http://discuss.supergenpass.com/SGP-version-3-beta-bug-reports-needed-td3765737.html
Closed MicahZoltu closed 10 years ago
aripollak
commented
12 years ago SGP3 beta has SHA512 support, so it would be nice to support that too: http://discuss.supergenpass.com/SGP-version-3-beta-bug-reports-needed-td3765737.html
keithamus
commented
10 years ago I will be using BCrypt to store hashes in version 2.0.0. BCrypt is vastly more secure than an SHA implementation.
As for @aripollak's comment about adding SHA512 password generation, do you want to open a new issue for that?
keithamus
commented
10 years ago Hey @Micah71381 and @aripollak, I've added BCrypt hashing to the password in the new 2.0.0 version of SuperChromePass (now called LinkyPass) which is available in the Chrome store now. This is much more secure than the previous MD5 based implementation, I'd love for you to take a look and let me know your thoughts.
I'll admit up front that I haven't looked at the source code so this may already be the case.
MD5 hashes are pretty weak these days (http://www.zdnet.com/blog/hardware/cheap-gpus-are-rendering-strong-passwords-useless/13125) and I am a bit uncomfortable having a local copy of my password stored in MD5 form because it means if my local computer is compromised (lost, stolen, etc.) the thief could then determine what my master password is by brute forcing the master password hash.
I really like the hash feature and would like to continue using it (saves me from many failed login attempts), I would just like it to be backed by something such as SHA256 rather than MD5 so I don't have to worry about a local security breach compromising all of my online accounts (I am aware of the other dangers of a local breach such as key loggers and such). If this is already the case then I apologize and close the issue.