Is the Bookmarklet Password Generator from SuperGenPass.com safe to use?

Question

I reviewed the 981 lines of code for the current version of http://supergenpass.com and did not find anything, however I could have missed something. I just want to confirm that it does not transmit anything so I can use it and suggest it to others. I already use KeePassX to store passwords and other information. And I like the theory behind using SuperGenPass (and the original script) because it creates a unique password for each site based on the domain and your master password.

Here is a link to the Javascript file: http://supergenpass.com.nyud.net:8090/SGPv4.js

Is the Bookmarklet Password Generator from SuperGenPass.com safe to use?

Answer 1

My concern with SGP is actually not stealth transmission. Once someone suspects you are using SGP (it's pretty obvious if they have any way to see one of your passwords) they know the exact algorithm for how you encode your passwords. If an attacker can get a hold of a single example of an SGP generated password and the site url (e.g. any admin for any site you use SGP with) they have a good foothold for cracking your entire password list. Since the general idea with master passwords is to allow you to use something 'simple' they can start the usual guessing games until they match the hash for the site they know and voila you are completely compromised.

Answer 2

No, it does not transmit anything.

Answer 3

Obviously, you would not want to include the file directly from that site. In that case, it could be changed at any time to record the passwords being handed out.

Answer 4

SuperGenPass is not safe, if you cannot trust the site you use it on completely.

Answer 5

As another answer stated, there is a serious security vulnerability in SGP: http://akibjorklund.com/2009/supergenpass-is-not-that-secure.

However there are steps you can take to make SuperGenPass more secure. This is accomplished by creating your own customized bookmarklet. You can do so at this link: http://supergenpass.com/customize/?advanced.

1) Customize your SGP to a longer default password length (I suggest 11 - 15 ... any longer and you'll run into issues on some websites that limit the password length).

2) Create a stealth password. This is very important for defeating the vulnerability mentioned earlier. This feature automatically adds a "salt" onto the end of your normal master password. This "salt" is not available using the vulnerability.

3) If you're using Chrome, you can get an SGP extension (instead of the bookmarklet). Because Chrome runs extensions in their own environment, it is not accessible from the web site you're visiting and thus not prone to attack.

*) Advanced Users Only: Edit the hashing algorithm in the bookmarklet. Then you'll have your own personal copy of SGP that will only generate hashes for you.

Answer 6

I'm a cryptography researcher and I can state with utmost certainty that SuperGenPass is flawed, insecure and will give users a false sense of security if they use it. Ignoring the obvious lack of security in the bookmarklet scheme itself (addressed above), here are just some cryptographic reasons why you should never use SuperGenPass:

1. MD5 is deprecated and has been for some time. MD5 cannot be relied upon for any form of security.

2. The author states that SuperGenPass is collision resistant (which is completely false, but irrelevant), however the basic security of the SuperGenPass scheme relies on PreImage resistance. It seems the author fails to understand this, citing it as 'other mathematical concerns'. This can easily be defeated even in 128 bit MD5 through use of rainbow tables, much less the author's hacked together 64-bit version. My estimate for the time it would take to crack a SuperGenPass generated password would be roughly 2 days on a home PC, based on current computer hardware.

3. The author of SuperGenPass asserts that security is assured due to hashing an indeterminate number of times. This is blatantly false as the 'indeterminism' is a function of password. Again, rainbow tables easily defeat this.

4. The author completely misunderstands the purpose of a salt. The salt should be randomly generated, not a product of some user-defined 'stealth password' (whatever that means). In this implementation, the 'stealth password' is merely obfuscation and provides no extra cryptographic security. For more information, see [http://en.wikipedia.org/wiki/HMAC#Design_principles]

5. There is no form of key strengthening, it is merely concatenated to the domain. Again, this can be defeated quite easily by rainbow tables.

6. An additional non-cryptographic issue: By limiting to the domain, the author fails to take into account multiple pages on the same domain (think [hostingprovider].com/[user] or [user].[hostingprovider].com style pages). If you have a password with one site there, any site also on there can now impersonate them with no issue.

In conclusion, the author effectively seems to be trying to make a HMAC (Hash-based Message Authentication Code) and applying it to a website domain, but has made a rather kludgy, amateur attempt at it with little regard for well established cryptographic principles. Normally this would be fine, this is how we learn and I would have no issue. When it concerns other users security however, it is not fine as many users will be employing this method thinking that they are secure when they are in fact not. Sure, a forum account stolen here or there is not really such a big deal, but what about banks? Credit cards? Health records? Considering most US banks have the user's SSN on file, this then opens the door to identity theft.

The author is grossly irresponsible and possibly criminally negligent by releasing this software for the purposes of password security without even a cursory attempt to have it assessed by a security expert. It is extremely irresponsible to write software and release it based on the idea of 'thinking' it is secure, especially if you're not an expert in cryptographic constructs or computer security. If anyone has their password stolen while using SuperGenPass, I urge you to speak to a lawyer. You may have a civil case against the author.