lundi 24 décembre 2018

How secure does a personal password generator have to be?

I'm writing a password generator for my personal use (logins) and i wonder how "secure" it is or how it could be attacked.

The password is generated in the following way:

  1. Input a seed-string (for example: "amazon")
  2. string gets converted to Hash with Rfc2898DeriveBytes
  3. Hash is used to Seed PRNGs
  4. PRNGs select 3 to 4 words from a file with 30k words and insert signs and numbers at some positions
  5. Password is stitched together and copied to Clipboard

I use the hashing funktion so that the PRNGs are always seeded the same way for any given Input. As i never use something like RNGCryptoServiceProvider, i am not sure if this can be exploited in some way. My thoughts are that since only i will run this application on my local machine and not many of my generated passwords will be leaked this should be secure enough.

If a create a new account, ill start the app, input the seed and get a password, if i ever forget that password i can just re-generate it with the seed again, right?




Aucun commentaire:

Enregistrer un commentaire