ailyaut/ailyaut.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
ailyaut
2025-05-15 16:06:00 +01:00
commit e8cf8acbbc
129 changed files with 3796 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
projects/pwgen/index.html Normal file
View File

@@ -0,0 +1,119 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>pwgen Ailyaut's blog</title>
<link rel="icon" type="image/png" href="../../media/icons/favicon-16x16.png" sizes="16x16">
<link rel="stylesheet" href="../../style.css" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta property="og:title" content="pwgen Ailyaut's blog" />
<meta property="og:type" content="blog" />
<meta property="og:url" content="https://ailyaut.com/" />
<meta property="og:image" content="https://ailyaut.com/media/preview.png" />
<meta property="og:description" content="Hi! I'm Ailyaut, a 24-year-old everything-designer with a particular interest in open source and card games." />
<meta property="og:locale" content="en_US" />
</head>
<body>
<header>
<div id="header_box">
<div>
<a href="../../index.html" id="header_title">Ailyaut's blog</a>
</div>
<nav id="header_nav">
<a href="../../blog.html" class="nav_button">Blog</a>
<a href="../../gallery.html" class="nav_button">Gallery</a>
<a href="../../projects.html" class="nav_button_active">Projects</a>
<a href="../../about.html" class="nav_button">About</a>
</nav>
</div>
</header>
<main>
<div class="box" style="justify-content: space-between; gap: 2em;">
<div class="column" style="--custom_width: 60%;">
<h1>pwgen</h1>
<p class="light">Disclaimer 1: this is not <a target="_blank" href="https://manpages.debian.org/bullseye/pwgen/pwgen.1.en.html">pwgen</a>, sorry for the confusing name, I will change it.<br>
Disclaimer 2: I wrote this in 2023. What I consider "secure" has changed a lot since then.</p>
<p class="italic">'An easy to use secure password generator.'<br> me in 2023</p>
<h2>Why?</h2>
<p>In 2022, a site on which I had an account was hacked. A lot of user information was stolen, including email addresses, IP addresses and passwords. Unfortunately I was the kind of person who always uses the same password on all sites, and that password had just been compromised.<br>
The obvious solution would have been to use a password manager, but I wasn't comfortable with the idea that all my passwords would be protected by one single master password.<br>
So I came up with a solution that allows me to always use extremely strong passwords, all unique, without having to memorize anything complicated.</p>
<h2>How does it work?</h2>
<p>The principle is ridiculously simple.</p>
<p>The application just creates a hash of what the user enters with the SHA-1 algorithm. Since the slightest change in input gives a completely different result, it is very easy to create unique passwords. For example, you can start with a very bad password, like “1234”, and then add the name of the service you are creating an account for, like Netflix.</p>
<p>The result of the following input: </p>
<p class="monospace">1234+netflix</p>
<p>will be:</p>
<p class="monospace">84b55c61cb905355057e2995c13ae833ba7d2850</p>
<p>Which is quite strong!</p>
<p>Now lets say we want to create a password for Gmail.<br>
We can input the following: </p>
<p class="monospace">1234+gmail</p>
<p>which gives us:</p>
<p class="monospace">77b4f11c48a113adf628bf55510d5cbe5af1e15d</p>
<p>A completely different result, even though we started with the same simple password.<br>
Moreover, there is no need to worry about a password being compromised anymore: it is impossible to recover the original input from the hash, so the simple password “1234” can never be guessed by an attacker in order to deduce your other passwords. </p>
<h2>How would I remember such a long password?</h2>
<p>Thats the best part! You dont!<br>
Each time you need to log into an account, you can launch the app and type your simple password, like “1234+gmail”. The output will be exactly the same as when you first generated it! This is one of the proprieties of a hash: a same input will always give the same output. </p>
<h2>Limitations</h2>
<p class="light">----- 2025 edit start -----</p>
<p>Hashes only use a very limited set of characters (1-9 and a-f), which makes it easier to brute force the password despite the string being 40 characters long if the attacker knows that the password is just a hash.</p>
<p>I am no cryptography expert, but I see two ways of attacking such a password:</p>
<ol>
<li>Guessing the input password using social engineering or other compromised passwords and then hashing it to try it (still more expensive than just trying passwords directly).</li>
<li>Brute forcing the final password directly, knowing that it has only a very limited set of characters.</li>
</ol>
<p>To improve on the current design, I could use each two-character sequence of the hash as a hex code for an ASCII character and create a new string that would be the addition of those ASCII characters.
This way, the password wouldn't look like a hash if it got exposed (so the use of this application wouldn't be as obvious, and the attack #1 wouldn't be attempted),
and it would also be computationally more expensive to try passwords by guessing the input string if there are more steps than just hashing (this would make attack #1 more difficult).
It also solves the problem of attack #2 by using a much wider set of characters.</p>
<p class="light">----- 2025 edit end -----</p>
<h2>Try it!</h2>
<p>You can try the current version for yourself!<br>
I made a GUI application for Android, Windows and Linux (X11) using Godot Engine.<br>
There are also 2 CLI versions in Rust and Golang, because I tried to learn these languages at some point.<br>
I decline any responsibility in case something bad happens with this app. Use it at your own risk.</p>
<p class="light">Downloads will be available later.</p>
</div>
<div class="column" style="--custom_width: 30%;">
<img style="border-radius: 1em;" src="thumb.png"/>
<h3 style="margin-bottom: 0.5em;">My role</h3>
<p style="margin-bottom: 0;">Programming, UI</p>
<h3>Software used</h3>
<p>Godot Engine (for GUI version)</p>
</div>
</div>
<div class="spacer" style="--size: 2em"></div>
<a href="#" class="btt"><img class="bttimg" src="../../media/icons/arrow_upward.png"/></a>
</main>
<footer>
<div id="footer_box">
<div class="footer_item">
<p>Copyright © 2025 Ailyaut</p>
</div>
<div class="footer_item">
<a target="_blank" href="https://www.websitecarbon.com/website/ailyaut-robotfumeur-fr-index-html/" style="text-decoration: none;">
<p style="color: black; background-color: var(--accent); padding: 0.2em 0.6em 0.2em 0.6em ; border-radius: 1em;">
0.02g of CO₂/view
</p>
</a>
</div>
<div class="footer_item" style="justify-content: flex-end; gap: 1.75em;">
<a rel="me" href="https://mastodon.online/@ailyaut" target="_blank"><img src="../../media/icons/mastodon.png" class="icon" alt="Mastodon" title="Mastodon"/></a>
<a href="https://www.youtube.com/@ailyaut" target="_blank"><img src="../../media/icons/youtube.png" class="icon" alt="YouTube" title="YouTube"/></a>
<a href="https://ailyaut.bandcamp.com/" target="_blank"><img src="../../media/icons/bandcamp.png" class="icon" alt="Bandcamp" title="Bandcamp"/></a>
<a href="https://codeberg.org/ailyaut" target="_blank"><img src="../../media/icons/git.png" class="icon" alt="Git" title="Git"/></a>
<a href="../../rss.xml"><img src="../../media/icons/rss.png" class="icon" alt="RSS feed" title="RSS feed"/></a>
</div>
</div>
</footer>
</body>