I'm writing a password generator for my personal use (logins) and i wonder how "secure" it is or how it could be attacked.
The password is generated in the following way:
- Input a seed-string (for example: "amazon")
- string gets converted to Hash with Rfc2898DeriveBytes
- Hash is used to Seed PRNGs
- PRNGs select 3 to 4 words from a file with 30k words and insert signs and numbers at some positions
- Password is stitched together and copied to Clipboard
I use the hashing funktion so that the PRNGs are always seeded the same way for any given Input. As i never use something like RNGCryptoServiceProvider, i am not sure if this can be exploited in some way. My thoughts are that since only i will run this application on my local machine and not many of my generated passwords will be leaked this should be secure enough.
If a create a new account, ill start the app, input the seed and get a password, if i ever forget that password i can just re-generate it with the seed again, right?
Aucun commentaire:
Enregistrer un commentaire