It seems to be a command-line tool to generate passwords based on the url (domain), username and some master password. The tool has a list of animals to add to the mix, this is probably all hashed somewhat like so pass_gen(domain, user, master_pass, for_each(animal)). You then see the password you can copy-paste into the password field next to the animal's name. You pick the same favorite animal every time and as such will be able to pick the same password every time.
So instead of storing passwords it has a repeatable process for generating hashed passwords for a given host+account+port+master key?
One problem I see is that your favorite animal might result in a password that isn't allowed for a given site. But I assume the paranoid target user would never use such a site.
One point to add for misunderstandings is that listing animal names and passwords mostly protects you from keyloggers.
Even someone knows your master-key and all the details you use, it should monitor what you copy-pasted. Otherwise try/fail would be notified on limited environments if the attacker is not lucky enough.
6 comments
[ 4.4 ms ] story [ 26.0 ms ] threadOne problem I see is that your favorite animal might result in a password that isn't allowed for a given site. But I assume the paranoid target user would never use such a site.
One point to add for misunderstandings is that listing animal names and passwords mostly protects you from keyloggers.
Even someone knows your master-key and all the details you use, it should monitor what you copy-pasted. Otherwise try/fail would be notified on limited environments if the attacker is not lucky enough.