Hey! I CAN use just one password for Everything! (Slaps forehead)
I read the little simple single sign on entry on Sam Ruby’s weblog:
“Jon Udell: Today’s 2.75-minute screencast features Nic Wolff’s ingenious solution to the vexing problem of single sign-on to websites.”
And thought HEY!, DUH!, My God!, that’s nice and easy. I’m going to use that (even though the new word, for me, “screencasting” made me simultaneously snort, roll-my-eyes and be consumed with the jealousy … okay, I wasn’t really that jealous. I still find papercasting funnier but do like the movie thing, for example, I think the little Rails movie that David did was a real factor in Rail’s adoption).
I opened up /Applications/Utilities/Terminal.app and then combined a URL and a password-that-I-love-using-again-and-again and echo’ed it into md5.
jah$ echo jasonhoffman.orgmypasswordthatiloveusing|md5 0f6c2ddcb13b0d51d5ac63fb790dccfd
Then I use jason and 0f6c2ddcb13b0d51d5ac63fb790dccfd for my username and password when logging into jasonhoffman.org. All I have to remember is the URL (come on, must remember that, how did I even get here?), mypasswordthatiloveusing (piece of cake, I’ve been using the same password for 12 years) and my username (that’s usually my name! which I keep on a piece of paper pinned to my shirt: upside-down-to-everyone but right-side-up-for-me).
I can use the above to regenerate my password (which is effectively the hash) whenever I need it.
The hashes are of course unique relative to the URL. Make sure you pay attention to the difference (the fact that they are) between www.jasonhoffman.org and jasonhoffman.org:
jah$ echo www.jasonhoffman.orgmypasswordthatiloveusing|md5 7b4bb0a84b9ff0e226cb87d587330108
And then I can continue on with my other sign-ons:
jah$ echo weblog.textdrive.commypasswordthatilovetouse|md5 b5b3d22b4974508c985436560142f2d7
But then I imagine some geek posting a comment here about how md5 is the not the most secure hash on the planet_, that’s there’s collisions, that the NSA could log into my weblog and falsely post what I_ _had for lunch today. Can’t have that.
Let’s do some SHA then. I’m going to grab the SHA implementation from Allan Saddi.
sudo -s cd /usr/local/src/ curl -O http://files.textdrive.com/sha-1.0.4.tar.gz tar zxvf sha-1.0.4.tar.gz cd sha-1.0.4 ./configure make make install exit rehash
Then I can generate a 41 character (remember there are limits to password length, here they are limited to blowfishes 73 characters) password with SHA-1:
jah$ echo jasonhoffman.orgmypasswordthatiloveusing|sha -1 2bac5f7dea08a788c78594440c38f19316109b85jah$ echo weblog.textdrive.commypasswordthatilovetouse|sha -1 240efd3b3738894256b7a60333e610b88bdb43b6
And before you link to this let me go on up to a 129 character SHA-5 hash
jah$ echo www.jasonhoffman.orgmypasswordthatiloveusing|sha -5 b515ba9b524d117373cf57c57a2aef7f3260fe4f3b74e0b45079b0b940afe1024d2346d8f92cfc360e74dd768620e78bbbf26b777e5be4ee7757a42580f69289
Fun.
Now who’s building a widget?
·:· Posted 24 May 2005, 00:42 by Jason Hoffman to Server geek |
© Copyright 2004–2005 TextDrive Inc. · TextDrive™ is a trademark of Joyent Inc.
Acceptable Use ·
Terms of Service ·
Privacy ·
Safe Harbor ·
All prices in US$
— Scott Becker 24 May 2005, 03:59 #
— matt lyon 24 May 2005, 04:29 #
— Jason Hoffman 24 May 2005, 07:34 #
— Andrew Ho 24 May 2005, 19:11 #
— Andy
— Andrew Ho 24 May 2005, 19:33 #
http://www.apple.com/downloads/macosx/dashboard/ladycrypt.html
— Grant 25 May 2005, 02:38 #
— Jason Hoffman 25 May 2005, 22:30 #
If anyone wanted to upgrade it to SHA1, there’s always some javascript helpers for the task.
Also, I just posted a ruby script that turns a hex digest to a base-80 string to textsnippets
— matt lyon 26 May 2005, 04:42 #