Consensus-driven password schemas

mrdominomrdomino Member Posts: 1
edited August 2015 in Projects
I've been using passacre for my passwords for a while, and I've been wanting to build something a bit more polished based on it, also for a while.

The basic idea behind passacre is to pipe a site name plus a master passphrase plus an iteration number through a hard-to-reverse function and use the output of that as the password for any given institution. This could almost be entirely stateless, but a lot of institutions have weird rules about what they accept as valid passwords: "8 characters, has to contain a digit and an uppercase letter, can't be an ascending sequence of primes", etc., so you wind up having to specify different constraints for different sites.

As an aside, the passacre schema language doesn't quite map onto the constraints most sites impose -- for a site that wants an n-digit password with one digit and one lowercase character, you have to say "first character is drawn from the set of digits, second character from the set of lowercase characters, and the next n-2 characters from the set of printable characters", which leads to passwords with below-maximum entropy for a given length and set of constraints. It seems to me that most of the time, it'd be better to pick n characters from a base set for that site and reroll until you find a password that matches a predicate describing the site's constraints.

Anyway -- synchronizing these schemas seems like it *might* be a good fit for a Dapp. Say, take the majority vote for a rule for any given website, and vote for any rule you yourself use. Does this seem like a good idea? Before I go trying to write it as an exercise in learning Solidity, is there anything you can think to add or pay specific attention to?

EDITs: grammar; s/case number/case letter/
Post edited by mrdomino on


Sign In or Register to comment.