How does the password generation work?

The password generation is based on several cryptographic primitives which in combination generate the actual output. Please take care of the order in which the parameters are supplied. After listing the primitives the algorithm of the password generation is shown in the form of pseudocode.

Primitives:

arc4(input, password) - encrypt with Arc4-drop1024
alphanum(input) - remove special characters
base64(input) - encode with Base64
check(input) - check for numbers and characters
concat(left, right) - concatenate strings
hash(input) - hash with SHA-1
hmac(input, password) - HMAC based on SHA-1
strip(input, length) - shorten the length of the input

For the password generation the following assumptions are made: The entered information was split into its single parts. checkAlphaNum contains the information whether the password has to be alphanumeric or not. info[] contains the service-dependent information, pass[] contains the master password, outLength contains the requested password length and specials[] contains the list of the requested special characters. The characters in specials[] are sorted by their position according to ISO-8859-1 and duplicates are not removed.

Sequence:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
function generatePass(info[], pass[], checkAlphaNum, outLength, specials[]) {
  if (checkAlphaNum) {
    index = 0;
    do {
      temp = concat(index, info);

      result = singlePass(temp, pass, outLength, specials);
      if (check(result)) {
        break;
      } else {
        result = "";
        index++;
      }
    } while (index < 255);
  } else {
    result = singlePass(info, pass, outLength, specials);
  }

  return result;
}

function singlePass(information[], password[], len, specialChars[]) {
  hmacPassword = hmac(information, password);
  hmacInformation = "";

  tempInput = hash(hmacPassword);
  tempOutput = hmac(tempInput, information);
  hmacInformation = concat(hmacInformation, tempOutput);

  tempInput = tempOutput;
  tempOutput = hmac(tempInput, information);
  hmacInformation = concat(hmacInformation, tempOutput);

  tempInput = tempOutput;
  tempOutput = hmac(tempInput, information);
  hmacInformation = concat(hmacInformation, tempOutput);

  result = arc4(hmacInformation, hmacPassword);
  result = base64(result);
  result = alphanum(result);
  result = strip(result, len);

  specialCharIndex = 0;
  specialCharPos = 0;
  for (index = 0; index < length(hmacPassword); index++) {
    if (index < length(hmacPassword) / 2) {
      specialCharIndex ^= hmacPassword[index];
    } else {
      specialCharPos ^= hmacPassword[index];
    }
  }
  specialCharIndex = (specialCharIndex % length(specialChars));
  specialCharPos = (specialCharPos % (len - 2)) + 1;

  result[specialCharPos] = specialChars[specialCharIndex];

  return result;
}

Content:

  1. Why calc.pw?
  2. How does calc.pw work?
  3. How do I have to enter the information?
  4. How does the password generation work?
  5. How was calc.pw built?
  6. How was calc.pw programmed?
  7. What is that about these keyboard layouts?
  8. Who is the person behind calc.pw?
  9. Downloads
© 2013-2017 Kenneth Newwood (@weizenspreu)
no-www.org extra-www.org IPv6 ready
Datenbank: 25 Abfragen | Generierung: 0,24766 Sekunden Top