Introducing BPasswd2

Every few weeks we get to hear about some database full of passwords being stolen: ubuntu forums (1.8 million stolen passwords), macrumours (860,000 stolen passwords), adobe (150 million stolen passwords), linkedin (6.5 million stolen passwords), last.fm (2.5 million stolen passwords), eharmony (1.5 million stolen passwords), Cupid Media (42 million stolen plaintext passwords) etc, etc.

Sadly, most of these passwords are poorly protected - often no salt is used at all. When a salt is used, half of the times the passwords are still hashed using a fast hashing algorithm such as md5. And then there’s Adobe - encrypting passwords (reversibly) using 3DES. All it takes is for the hacker(s) to also have stolen the key to be able to immediately decrypt a wealth of passwords.

And that, really, is only the beginning. Every time passwords can be cracked and plain passwords are dumped it only strengthens attackers by providing a whole new set of rules, password lists, etc, to use to brute-force other databases.

Since as a user you can’t do much about the password thefts themselves, you have to look at how you can prevent this from affecting you. Ideally, you’d want to use a different password on every website, and make the password as long and as random as possible. That way, it’ll take a long time to crack your password (if it is even computationally possible/reasonable) and when it is cracked, it doesn’t affect any of your other passwords. But reality is we can’t be bothered with remembering a zillion long, random, passwords.

Enter password managers - they generate and store random passwords in a local database, which is protected by your master password. That way you can use an actual random password on every website, but the downside is that you always have to carry that file containing all your encrypted passwords with you (or use some web service to sync it). If you happen to lose your password database you are pretty much screwed. Nothing wrong with that - it’s just not my cup of tea.

BPasswd, on the other hand, is a password generator that will generate a strong password from a salt (some website-specific identifier, e.g. “gmail”) and a master password. At the heart of BPasswd is the bcrypt algorithm, an algorithm designed to be computationally expensive. The resulting password is long, “looks” random (and has no obvious pattern), is a one-way-only transformation and is site-specific.

From a more theoretical perspective, the keys generated by bpasswd are not good cryptographic keys - the achilles heel of bpasswd is the fact that the salt input to the bcrypt derivation function is not random, but rather derived from a simple, known, ASCII text. However, bpasswd is not designed to generate strong cryptographic keys, but rather to simply generate good, unique, passwords. From a password perspective, the generated passwords are no worse than a completely random password.

BPasswd2 is available as a Firefox addon, a Chrome extension and a simple website. BPasswd2 is the new version of the original BPasswd addon that has been available for over a year now. It is fully backwards compatible, but offers more advanced settings which allow you to define per-site/salt options.

The website version is client-only - no data is ever sent to any server. You can even grab the handful of JS and HTML files and run them locally on your machine!

For more information, see this page.