http://akibjorklund.com/2009/supergenpass-is-not-that-secure web generalist Thu, 09 Sep 2010 04:39:43 +0000 hourly 1 http://wordpress.org/?v=3.0.1 http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-18403 Aki Björklund Thu, 09 Sep 2010 04:39:43 +0000 http://akibjorklund.com/?p=1497#comment-18403 Yes, it will. Yes, it will.

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-18402 c Wed, 08 Sep 2010 22:44:23 +0000 http://akibjorklund.com/?p=1497#comment-18402 If I use the applet in a blank tab and then paste in the password, will it be secure? If I use the applet in a blank tab and then paste in the password, will it be secure?

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-17236 Tim Anderson Wed, 14 Apr 2010 10:16:18 +0000 http://akibjorklund.com/?p=1497#comment-17236 @Andres Riofrio That doesn't work in firefox 3.5.6 @Andres Riofrio That doesn’t work in firefox 3.5.6

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-17156 asaens Fri, 02 Apr 2010 22:36:25 +0000 http://akibjorklund.com/?p=1497#comment-17156 correction: cut and paste with a mouse correction: cut and paste with a mouse

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-17155 asaens Fri, 02 Apr 2010 22:34:20 +0000 http://akibjorklund.com/?p=1497#comment-17155 for whatever it's worth: I cut and paste some text to the end of the master password as a form of salt ... doesn't help the hard-core keyboard users but might help others for whatever it’s worth: I cut and paste some text to the end of the master password as a form of salt … doesn’t help the hard-core keyboard users but might help others

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-16739 Martin Thu, 04 Mar 2010 13:22:16 +0000 http://akibjorklund.com/?p=1497#comment-16739 I've tried the advanced version of the bookmarklet generator (http://supergenpass.com/customize/?advanced) which adds a "stealth" password as salt in the hash. The salted bookmarklet still shows the Master password in Aki's demo pages but the stealth password and the added salt appear immune. Or have I missed something? Adding your own salt seems to address the point George was (indirectly) trying to make. I’ve tried the advanced version of the bookmarklet generator (http://supergenpass.com/customize/?advanced) which adds a “stealth” password as salt in the hash. The salted bookmarklet still shows the Master password in Aki’s demo pages but the stealth password and the added salt appear immune. Or have I missed something? Adding your own salt seems to address the point George was (indirectly) trying to make.

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-16702 YinYanger Tue, 02 Mar 2010 13:35:23 +0000 http://akibjorklund.com/?p=1497#comment-16702 Hi! I've found why your demos didn't work on my Opera! I'm using a little UserJS for ad-blocking from Thomas von Frommannshausen at http://www.miurasoft.de/opera/docInspector/blog/ As I'm not a java script programmer, I don't know why it has this effect on your demos. Just a coincidence, maybe? If you want to take a look to the file: http://files.myopera.com/YinYanger/files/adBlocking.js Hi!
I’ve found why your demos didn’t work on my Opera!
I’m using a little UserJS for ad-blocking from Thomas von Frommannshausen at http://www.miurasoft.de/opera/docInspector/blog/
As I’m not a java script programmer, I don’t know why it has this effect on your demos. Just a coincidence, maybe?
If you want to take a look to the file: http://files.myopera.com/YinYanger/files/adBlocking.js

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-16698 Andres Riofrio Tue, 02 Mar 2010 03:05:33 +0000 http://akibjorklund.com/?p=1497#comment-16698 I think probably the best way to circumvent this is to use an iframe with a data: URL. I haven't tested it, but I think that major browsers will see any access to this iframe as a XSS violation and forbid it, thus making the SuperGenPass form secure. I think probably the best way to circumvent this is to use an iframe with a data: URL. I haven’t tested it, but I think that major browsers will see any access to this iframe as a XSS violation and forbid it, thus making the SuperGenPass form secure.

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-16126 Tim Anderson Sun, 31 Jan 2010 04:20:03 +0000 http://akibjorklund.com/?p=1497#comment-16126 I have created a bookmarklet version of SuperGenPass that only stores your password in a modal pop-up. As the pop-up is modal, all JavaScript in the host page is stopped and thus it cannot read the master password. It is availiable <a href='http://www.timando.net/sgpbkmk/' rel="nofollow">here</a>. I have created a bookmarklet version of SuperGenPass that only stores your password in a modal pop-up. As the pop-up is modal, all JavaScript in the host page is stopped and thus it cannot read the master password. It is availiable here.

]]> http://akibjorklund.com/2009/supergenpass-is-not-that-secure#comment-15941 Michael Gough Wed, 13 Jan 2010 14:17:57 +0000 http://akibjorklund.com/?p=1497#comment-15941 That is why many of us use and LOVE No Script... so any malicious scripts while we logon to a website do NOT affect things like SuperGenPass That is why many of us use and LOVE No Script… so any malicious scripts while we logon to a website do NOT affect things like SuperGenPass

]]>