What is this Tool?
This tool let your generate secure passwords that are uncrackable using typical methods. You have the option to create 8 - 128 Character passwords with lowercase characters, uppercase characters, symbols and numbers.
Each password generated is converted to a MD5 and SHA256 hash and attempted to be reversed from hash value to plaintext using online rainbow tables from various sources. If the random password was
reversed successfully, than the generated password is disgarded and a new password is generated and put through the same process. Once the algorithm generates a password that cannot be reversed to
plaintext, it is shown to the user.
How does this tool keep me safe?
When you register to an online service, your password is not actually sent and stored on the website as the password you typed, however instead as a value created by running your password through an algorithm.
When you then want to login to an online service, your password is put through this algorithm and compared against the value in the database and if they match, then the password is the same and therefore you are
able to login.
This is called hashing and is used to protect users in the event of a databreach as hackers don't then get the password that you typed into the website. These Hashing algorithms are
designed to be one-way, and therefore irreversable- although hackers have still found ways to reverse passwords using Rainbow Tables and Dictionary Attacks which compare your hashes
to attackers generated hashes in the attempt to create the same hash and therefore uncover your password.
This tool keeps you safe because it creates passwords that have not been un-hashed before and therefore prevents attackers using typical and fast methods from finding out your password.
Real life Example.
Lets say we have two passwords 'aaron431' which has been created by someone and '8ddpdng9' which has been created by this generator. From the outside you may think that both passwords are safe, although 'aaron431' is actually extremely worse. Lets see why.
- We hash both values using sha256
aaron431 = 37a199c360ae9f91285e88bdded7f041025a0954f5984891d280e2419b176dd4
8ddpdng9 = ea47ff2b39a8880d902d1f7cbb672f321a081cd402646080e48c3e604d236396
- An attacker compromises a database using one of many methods and is able to obtain our hash value
Phishing, SQL Injection, Brute Force, Insider Threat, Malware
- Attacker attempts to find password from hashes
An attacker grabs a list of the most common passwords from 2018 - 2020 and
creates a hashes for each password on the list for them to then compare against each hashed password from the database.
- Attacker is able to get one of the passwords!!
As 'aaron431' is the 18th most used password within 2018 and the attacker has created a hash value for it, he was able to find the text value for
the hash and therefore determine the password was 'aaron431'. Although, as '8ddpdng9' was randomly generated, is not a popular password, and does contains words,
it's almost imposible that the attacker will be able to reverse this hash and find the text value of the password. Even if the attacker looks on the internet
he is very unlikely to find the plaintext of this password as this generator has already scraped the internet for the text value of this password and it was
unable to find it.