blog post 'hshwd release' + hshwd project page
This commit is contained in:
141
projects/hshwd/index.html
Normal file
141
projects/hshwd/index.html
Normal file
@@ -0,0 +1,141 @@
|
||||
<!DOCTYPE html>
|
||||
|
||||
<html lang="en">
|
||||
|
||||
<head>
|
||||
<meta charset="utf-8" />
|
||||
<title>hshwd – Ailyaut's blog</title>
|
||||
<link rel="icon" type="image/png" href="../../media/icons/favicon-16x16.png" sizes="16x16">
|
||||
<link rel="stylesheet" href="../../style.css" />
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
|
||||
<meta property="og:title" content="hshwd – Ailyaut's blog" />
|
||||
<meta property="og:type" content="blog" />
|
||||
<meta property="og:url" content="https://ailyaut.com/" />
|
||||
<meta property="og:image" content="https://ailyaut.com/media/preview.png" />
|
||||
<meta property="og:description" content="Hi! I'm Ailyaut, a 25-year-old everything-designer with a particular interest in open source and card games." />
|
||||
<meta property="og:locale" content="en_US" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<header>
|
||||
<div id="header_box">
|
||||
<div>
|
||||
<a href="../../index.html" id="header_title">Ailyaut's blog</a>
|
||||
</div>
|
||||
<nav id="header_nav">
|
||||
<a href="../../blog.html" class="nav_button">Blog</a>
|
||||
<a href="../../gallery.html" class="nav_button">Gallery</a>
|
||||
<a href="../../projects.html" class="nav_button_active">Projects</a>
|
||||
<a href="../../about.html" class="nav_button">About</a>
|
||||
</nav>
|
||||
</div>
|
||||
</header>
|
||||
|
||||
<main>
|
||||
<div class="box" style="justify-content: space-between; gap: 2em;">
|
||||
<div class="column" style="--custom_width: 60%;">
|
||||
<h1>hshwd</h1>
|
||||
<p>hshwd is an open-source offline tool that generates strong, unique passwords from weak ones in a deterministic way, using the properties of hash functions. It is the successor of <a href="../pwgen/index.html">pwgen</a>.</p>
|
||||
<p>Related blog post: <a href="../../blog/hshwd_release.html">Release of hshwd</a></p>
|
||||
<h2>Table of contents</h2>
|
||||
<p>
|
||||
<a href="#howitworks">How it works</a><br>
|
||||
<a href="#usage">Usage</a><br>
|
||||
<a href="#faq">FAQ</a><br>
|
||||
<a href="#downloads">Downloads</a><br>
|
||||
</p>
|
||||
<h2 id="howitworks">How it works (short version)</h2>
|
||||
<p>The basic principle is very simple: you input an easy-to-remember password, and the app hashes it to make it long and random-looking (in our case, hshwd uses SHA-256). <br>
|
||||
Hashing is very interesting in this context because of the following properties:</p>
|
||||
<ol>
|
||||
<li>Hashing is deterministic: given a same input, you will always obtain the same output (so you can generate back your strong password whenever you need it)</li>
|
||||
<li>Hashing is not reversible: an infinite number of inputs map to the same output, therefore it is impossible to know what the original input was given a single output (so if one of your generated passwords is exposed, it provides no information about the "seed" password you used)</li>
|
||||
<li>The slightest change in the input changes the output completely: this is useful for creating unique passwords that seem unrelated to each other</li>
|
||||
</ol>
|
||||
<p>However, hashing alone is not enough to defend against dictionary attacks because a hash takes negligible time to compute in the case of SHA-256.</p>
|
||||
<p>To defend against this, hshwd iterates the hashing step multiple times to make it slower for an attacker to compute password candidates, and salts each iteration to add yet another unknown variable. The number of iterations and the salt are chosen by the user so that an attacker has no idea how many times they need to iterate the hashing step and what they need to salt each iteration with, which makes it virtually impossible to guess the "seed" password given a generated password.</p>
|
||||
<p>If you want to learn more about the inner workings of hshwd, you can read the <a href="../../blog/hshwd_release.html">release blog post</a> or check the <a target="_blank" href="https://codeberg.org/ailyaut/hshwd_rust">source code</a>.</p>
|
||||
<h2 id="usage">Usage</h2>
|
||||
<p>The intended use case of hshwd is creating many unique passwords for your online accounts.</p>
|
||||
<p>As mentioned in the previous section, to generate a strong password with hshwd you need to choose:</p>
|
||||
<ol>
|
||||
<li>A random number, preferably 5 digits long or more (the larger the number, the slower it is to generate a password)</li>
|
||||
<li>A random salt (anything will do)</li>
|
||||
</ol>
|
||||
<p>Then, type whatever you want as a "seed" password and append a unique string of characters related to the service you're creating a password for (you can, for instance, write the name of the website). This is to ensure that all your passwords are different.</p>
|
||||
<p><span class="bold">Example:</span> <br>
|
||||
Let's create a strong password for our Netflix account, based on the "seed" password '1234' (which is bad, don't do this).<br>
|
||||
With 11.257 iterations and 'salty' as the salt, the input:
|
||||
</p>
|
||||
<p class="monospace">1234+netflix</p>
|
||||
<p>will output the following:</p>
|
||||
<p class="monospace">8/5B9`ec95RNu_EjLCq1mDNE~nsieL"`</p>
|
||||
<p>Let's now create a password for our Gmail account with the same parameters:</p>
|
||||
<p class="monospace">1234+gmail</p>
|
||||
<p>will output the following:</p>
|
||||
<p class="monospace">\I|fo$fB#'8_'VKe;5Z>!N#@Bo{B_lH#</p>
|
||||
<p>A same combination of inputs (number of iterations, salt and password) will always produce the same output, so you don't have to memorize the generated password as you can generate it back every time you need it.</p>
|
||||
<p><span class="bold">Note:</span> It is strongly recommended that you use a strong password as input (not one from <a target="_blank" href="https://en.wikipedia.org/wiki/List_of_the_most_common_passwords">this list</a>, and not one that you have used before).</p>
|
||||
<h2 id="faq">FAQ</h2>
|
||||
<p>See the <a href="../../blog/hshwd_release.html#faq">Release of hshwd</a> blog post.</p>
|
||||
<h2 id="downloads">Downloads</h2>
|
||||
<p>hshwd is open-source and distributed under the MIT License.<br>
|
||||
It is available on desktop as a command line tool (in Rust), and on mobile as an app (made with Godot Engine).
|
||||
</p>
|
||||
|
||||
<div><a target="_blank" href="https://codeberg.org/ailyaut/hshwd_godot/releases/download/v1.0/hshwd-android-debug-arm64-1.0.apk" class="button" style="gap: 0.5em; width: fit-content; margin-bottom: 0.5em;">
|
||||
<img class="icon" src="../../media/icons/os-android.png" />
|
||||
Download for Android<span class="light">ARM64 · 27,8MB</span>
|
||||
</a></div>
|
||||
<p><span class="bold">Checksum: </span>e00d5af04b23d69e4c8bd551ca3bbc311dcaba7b0cfc693dd9468566c97712b1<br>
|
||||
<a target="_blank" href="https://codeberg.org/ailyaut/hshwd_godot">Source code</a>
|
||||
</p>
|
||||
<div class="spacer" style="--size: 0.5em;"></div>
|
||||
<a target="_blank" href="https://codeberg.org/ailyaut/hshwd_rust/releases/download/v1.0/hshwd-linux-x64-cli-1.0" class="button" style="gap: 0.5em; width: fit-content; margin-bottom: 0.5em;">
|
||||
<img class="icon" src="../../media/icons/os-linux.png" />
|
||||
Download for Linux<span class="light">x64 · 1,7MB</span>
|
||||
</a>
|
||||
<p><span class="bold">Checksum: </span>b3b3a7a180d7b19d3be4e085945fb588244ca2dd3f3705cf281792949feabdcc<br>
|
||||
<a target="_blank" href="https://codeberg.org/ailyaut/hshwd_rust">Source code</a>
|
||||
</p>
|
||||
|
||||
<p>Need it on another platform? Both Rust and Godot Engine let you target multiple platforms easily.</p>
|
||||
<p><span class="bold">Additional content: </span><a target="_blank" href="https://codeberg.org/ailyaut/hshwd_python">Python implementation</a></p>
|
||||
|
||||
</div>
|
||||
<div class="column" style="--custom_width: 30%;">
|
||||
<img style="border-radius: 1em;" src="thumb.png"/>
|
||||
<h3 style="margin-bottom: 0.5em;">My role</h3>
|
||||
<p style="margin-bottom: 0;">Programming, UI/UX design</p>
|
||||
<h3>Software used</h3>
|
||||
<p>Rust, Python, Godot Engine, Inkscape</p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="spacer" style="--size: 2em"></div>
|
||||
<a href="#" class="btt"><img class="bttimg" src="../../media/icons/arrow_upward.png"/></a>
|
||||
</main>
|
||||
|
||||
<footer>
|
||||
<div id="footer_box">
|
||||
<div class="footer_item">
|
||||
<p>Copyright © 2026 Ailyaut</p>
|
||||
</div>
|
||||
<div class="footer_item">
|
||||
<a target="_blank" href="https://digitalbeacon.co/report/ailyaut-com" style="text-decoration: none;">
|
||||
<p style="color: black; background-color: var(--accent); padding: 0.2em 0.6em 0.2em 0.6em ; border-radius: 1em;">
|
||||
0.01g of CO₂/view
|
||||
</p>
|
||||
</a>
|
||||
</div>
|
||||
<div class="footer_item" style="justify-content: flex-end; gap: 1.75em;">
|
||||
<a rel="me" href="https://mastodon.online/@ailyaut" target="_blank"><img src="../../media/icons/mastodon.png" class="icon" alt="Mastodon" title="Mastodon"/></a>
|
||||
<a href="https://www.youtube.com/@ailyaut" target="_blank"><img src="../../media/icons/youtube.png" class="icon" alt="YouTube" title="YouTube"/></a>
|
||||
<a href="https://ailyaut.bandcamp.com/" target="_blank"><img src="../../media/icons/bandcamp.png" class="icon" alt="Bandcamp" title="Bandcamp"/></a>
|
||||
<a href="https://codeberg.org/ailyaut" target="_blank"><img src="../../media/icons/git.png" class="icon" alt="Git" title="Git"/></a>
|
||||
<a href="../../rss.xml"><img src="../../media/icons/rss.png" class="icon" alt="RSS feed" title="RSS feed"/></a>
|
||||
</div>
|
||||
</div>
|
||||
</footer>
|
||||
</body>
|
||||
BIN
projects/hshwd/thumb.png
Normal file
BIN
projects/hshwd/thumb.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 21 KiB |
Reference in New Issue
Block a user