|
|
|
BedazzlePassReinforced concrete for your passwords
|
|
|
|
|
|
Newest versionVersion 1.1.1 released on 06.01.2006, size 310 KB. It works on Windows XP / Vista. To run the program, unzip the downloaded file where you want, and run the executable file. Download BedazzlePass for Windows98 / Me / 2000. SHA160: 4856 C95E 04D5 95BE B043 AA53 E382 97B5 4D95 5059 (read what this is).
DescriptionYou can use BedazzlePass to strengthen your passwords. It implements the reinforcing methods described here, namely the hashing of your password. You simply type your textual password in BedazzlePass, and it returns (in the system's clipboard) a text which is derived from your password, text called hash. You should use this hash as password for encryption programs. BedazzlePass uses only public, standard algorithms to compute the hash which you should use as password. Therefore, you can duplicate the process without BedazzlePass. For more features read History of changes.
Screen keyboard BedazzlePass features a screen keyboard, that is, a keyboard displayed on the screen, where the buttons are clicked with the mouse. The screen keyboard dialog can be resized. This keyboard allows you to type (as characters) 100 distinct symbols in your textual password; these symbols are characters from the Webdings and Wingdings fonts. You can actually type your textual password only from these symbols. To use these symbols, you should create a small story like "I say, peace man!". To type this story, click the characters which show: lips, two fingers in a V shape, a man. Hopefully, this keyboard will prove to be very useful to people with very good visual memory. Each typed symbol increases the strength of your password by 100 times. If you have problems remembering words, you should definitely try this keyboard. Even if you forget one character, you can see them all displayed, so you can go through all of them until you find the one you're looking for. Note! Before you start using the screen keyboard, you must focus the edit-box (password or check password) in which you want the characters to be written.
UsageThough there is no edit-box on the main window of the program, you can just type your password. The password may contain maximum 100 characters, and only letters, digits and underscore ("_"); you can use "Backspace" to delete the last character from the password. When you want to reinforce your password, press "Enter" and your typed password will be hashed and put in the clipboard. If you want to put in the clipboard fewer characters then the hash normally has, press:
When you create a new password to encrypt something, you have to verify that you really remember your textual password. Therefore, you have to type and hash your password twice, each time pasting the generated hash in one of the password edit-boxes of the encryption program. Later, when you only want to access what you previously encrypted with a hashed password, you only have to type your textual password once. The caption of the main window (the text displayed in the title of the main window) displays the number of characters from the typed password. If there is a "*" character after the number, it means that when you start typing again, all existing characters are deleted before the new character is put in the password; this is the equivalent of having selected all characters from an edit-box, just before typing. After you hash your textual password, a hint is displayed below the window, hint that shows important information: the signature of the hash, the hashing algorithm, the number of iterations, the biometric information and the salt of the hash. The signature of the hash is formed from two characters, the hexadecimal representation of the sum of all the bytes of the hashed password. If you want to verify this signature using the characters of the hashed password that are in the clipboard, remember to use groups of two characters for each integer you add to the sum. Note: After the generated hash is copied to the clipboard, the content of the clipboard is read back in order to verify that it was properly written. Note: When you generate a hash, all letters are converted to small letters.
AlgorithmBefore generating the hash, BedazzlePass creates a text by concatenating the user's password, the biometric information, and the hash salt. This text is then converted to lower case characters. The created text is then hashed once to create a binary block of data, which is then hashed "Hash iterations – 1" times. Then, the resulted binary data is converted to a hexadecimal text and copied to the clipboard. This hash is the text that you should use as password for encryption programs because it is a heavily armored version of your textual password. People who would attempt to find your textual password by using a dictionary attack on your encrypted data would need a lot more time than they would need if you would directly use your textual password to encrypt the data.
Biometric information This is a text which is intrinsic to the user. This text may be public because it mainly exists in order to thwart the pre-computing of hashes by crackers. Unlike the hash salt, this value personalizes the pre-computing to each user. This text is displayed in order to allow the user set it once but not type it again every time he needs to use his password. However, since the user will not type it often, it is possible that he would forget it. Therefore, the text is always visible so that the user could easily remember it later. This information is saved to and loaded from the program's options file. A hash (of 10 iterations) of this information is also stored in order to protect the biometric information from accidental alteration.
Hash salt This is a text which is intrinsic to the program. This text is public because it only exists in order to thwart the pre-computing of hashes by crackers. This value personalizes the pre-computing of hashes to BedazzlePass, thus narrowing the usage of any precomputed hashes generated using the same hashing algorithms as BedazzlePass. This text is implemented as an option. Periodically (for example, once every 10 years), a new value will be added to this option in order to force crackers to start again pre-computing hashes. People who have already used an older value of this option will be able to use that value, but new users will start with the latest value.
Screen keyboard The character code of each symbol is calculated by adding 0x80 and the index of the symbol in the keyboard table (left to right, top to bottom, starting from 0).
History of changesVersion 1.1 New user interface. The main window is very small and stays on top of all other windows (when not minimized). The hash that is put in the clipboard may have less characters than it normally has: 32, 16 or 8 characters. Use "Ctrl", "Shift" or "Alt" plus "Enter".
Version 1.0.2 Added a button to display the main window in a small format, just enough for daily usage.
Version 1.0.1 (and previous) Updated to use the static C++Builder libraries. This bug was causing the program to work only for those users who had C++Builder installed on their computers. First public release of BedazzlePass: version 1 on 18 June 2005. |
|
|
|
|
|
|
|
|