November 16, 2009

Today a colleague asked me what I thought about PwdHash. I had not heard about it, so I wondered what it was. PwdHash is an browser extension that transparently converts a user's master password into a domain-specific password. PwdHash automatically replaces the contents of these password fields with a one-way hash of the pair (password, domain-name). As a result, the site only sees a domain-specific hash of the password, as opposed to the password itself, and you can use the same master password at many different sites.

So, is it any good?

I see a few usability issues with this tool.

  • If you have to change your password at one site, you actually need to change the master password you use. This means that the password used to sign in at all other sites also changes. You have to manually update this at each and every site you access. If you don't, you need to remember two different master passwords (the old and the new), and remember which one to use at which site. This defeats the purpose of using PwdHash in the first place.
  • It will not work at Internet cafe that does not have PwdHash installed and does not allow you to use it. Because you don't know the actual password used to sign in to the site, you cannot access the site. The PwdHash website has a script that allows you to generate the actual password on the PwdHash site and then copy it to the clipboard. But this is cumbersome.
  • I actually feel quite uncomfortable with the idea that I myself dont know the actual password used to log in at a site... What if PwdHash suddenly ceases to exist? Or suddenly becomes payware...

PwdHash is not very secure either. If you choose a bad password, then an attacker can still break in at a site, retreive the password file and perform a dictionary attack on that file. In the worst case, that password file stores hashes of the password together with a salt. Compared to users that do not use PwdHash, the task of the attacker has not become much more difficult. He simple needs to hash his guess of the password one more time, using the PwdHash hash function and the domain name. If the passwords are stored in plaintext, or using a hash function without salt, the attacker can still construct a dictionary offline, and lookup all tries of the password in this compiled dictionary. So for hashed password files PwdHash does not make the attack any harder either.

So PwdHash only offers an additional level of protection in the following two cases.

  • Sites that store passwords in plaintext.
  • Man-in-the-middle attacks that try to intercept the password (either by redirecting you to a sign-in page on a rogue site, or by intercepting the password on a non-SSL-protected session).

Given the usability issues, I would not recommend to use this.

In case you spot any errors on this page, please notify me!
Or, leave a comment.
, 2009-11-17 09:34:30

[quote]What if PwdHash suddenly ceases to exist? Or suddenly becomes payware…[/quote]

Then you fork it. The source is published under BSD license: