06 August 2007

PwdHash - One password to rule them all

So little time - so many sites which need a password when you (have to) register yourself.

Admit it, you use the same password for different sites - don't you ?!, and if possible the same (set of) user-id's

Well, same password on different sites are not a good idea, each time you register yourself there's an increasing possibility the security on one of the sites will be comprised and a hacker obtain access to your password and user-id ......... and with those leaked there's free access to try them out everywhere else.

PwdHash - a password encryption plugin from Standford security lab solves this problem

PwdHash takes your password combines it with url for the website and generates a unique hashed password for each website from the same master password.

With PwdHash you can use the same initial password for different sites and let pwdHash generate the final unique password

Illustration of how PwdHash enhances the security by generating a unique password for each website from the same user-password

"PwdHash is an browser extension that transparently converts a user's password into a domain-specific password. The user can activate this hashing by choosing passwords that start with a special prefix (@@) or by pressing a special password key (F2). PwdHash automatically replaces the contents of these password fields with a one-way hash of the pair (password, domain-name). As a result, the site only sees a domain-specific hash of the password, as opposed to the password itself. A break-in at a low security site exposes password hashes rather than an actual password. We emphasize that the hash function we use is public and can be computed on any machine which enables users to login to their web accounts from any machine in the world. Hashing is done using a Pseudo Random Function (PRF)."

It's not a solve all solution - your master password must not be given out, otherwise it would be possible for another person to use the PwdHash algoritm and compute the hashed password

I guess a simple solution and improvement to PwdHash would be to add a user configuration for PwdHash, with the option to provide a unique randomizing factor to the algoritm, e.g. a string (sentence) entered by the user at installation time.

Final advice; Don't use only one master password - use a minimum of 2 or 3
  1. One password + PwdHash for newsletter and website registration
  2. Another password + PwdHash for website that have your creditcard on detail (e.g. amazon, phonecompany etc.)
  3. A third password + PwdHash for the most critical places (e.g bank account, paypal etc.)
Idea is to differentiate between websites without financial info (class 1) and those with financial info (class 2 and 3).
For websites belonging to class 2 and 3 you do not use auto-login or remember password features and even more carefully about the master password.

Hey, that's only 2 or 3 password to remember !

Get PwdHash - the password encryption plugin from Standford security lab

Review verdict: 4 keyholes out of 5

It works !, though missing the ability to add an individual hashing factor to the algoritm

May your password(s) be with you !

Liked this post ?! - check out other post about extensions

05 August 2007

Lorem Ipsum generator

Lorem Ipsum
Originally uploaded by hjortholm

Ever wondered about the Lorem Ipsum text used in templates and demo's ?!

Lorem Ipsum is simply the dummy text of the printing and typesetting industry, the purpose is to provide a text acting as pure place holder, demonstrating the graphical elements of a document or visual presentation, such as font, typography and layout without distracting attention from the overall look and feel.

Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged .......

You find a good Lorem Ipsum generator at www.lipsum.com together with some interesting background information about Lorem Ipsum you can impress your diner date with (or maybe not).

Lorem Ipsum comes from a book about the theory of ethics, very popular during the Renaissance "de Finibus Bonorum et Malorum" (The Extremes of Good and Evil) by Cicero, written in 45 BC.

Anyway, the Lorem Ipsum webservice above uses a dictionary of over 200 Latin words, combined with a handful of model sentence structures, to generate Lorem Ipsum which looks reasonable - ready to grab and copy into your web template.

04 August 2007

Group brainstorming is a good idea - when done right

Marc Andreessen quote Frans Johansson's book "The Medici Effect" citing group brainstorming are no more effective that working alone .... Well, I've read "The Medici Effect" and lot of other books related to innovation - and did disagree with "The Medici Effect" on that point back then and still does

Sidenote: had a one-year assignment at my work, being a part of a group intended to help improve innovation in company, I were a part of the 12-person team chosen partly because I privately had spend quite some time diving into innovation theory and tools - what my (still partial) booklist at librarything somewhat shows

Anyway, this research paper "A review om brainstorming research" review 50 study related to brainstorming, among those the study reference in "The Medici Effect" noting the study have been misused quite a lot as argument for not doing group brainstorming.

Most research haven't followed the original guidelines for brainstorming, among those the need for a trained facilitator, some training and preparation for the group, different kind of experiences in the group and more ..... also noting that group brainstorming were originally suggested as a tool together with individual work

The above finding match my own empirical experience developing an innovation workshop and conduction brainstorming sessions; brainstorming group should cover different angles of subject area - facilitated by a person skilled in method and tools for brainstorming.

I'll do the exploration workshop we developed any time and guarantee we end up with better result brainstorming together compared with working alone.

How flat is the world ? Very flat!

Just finished watching a MIT lecture with Thomas L. Friedman, author of "the world is flat", entertaining, enjoyable and thought provoking video, loved the closing remark "export hope - not fear" as response to how to keep an open flat world society secure.

The world is flat
It is a flat world !, looking at my own life;

A friend of mine need some drawings for a book, I suggested posting the gig at Elance - turns out the the estimated cost will be around 30% compared to getting the work done here in Denmark.

My company have started outsourcing software maintenance to India.

Bought myself a meizu mp3-player at Ebay (none available at amazon at that time), delivered from Hong Kong ! - the sound rocks, much better than the iPod nano.

Ordered some hard to obtain books recently via Abebooks, delivered from india.

I'm currently working on launching a website, it's based on a open source framework - baseprice zero.
I might need some add-ons and some additional tools, but will be able to go live for less than 700 Euro.
Royaltyfree photo bought at iStockphoto, icons either bought or obtained free at IconBuffet


02 August 2007

Gapminder/trendanalyzer coming to google analytics

well, at least I hope

After seeing this TED talk by Hans Rosling on "Debunking third-world myths with the best stats you've ever seen" - I would love to get access to this kind of visualisation tool.

Gapminder's Trendalyzer software and team got acquired by google in march 2007 - I think they made a very wise investment there.

Update march 2008: Gapminder Trendanalyzer availabe in limited form in Google docs (spreadsheets) and as a gadget - check this updated post about Gapminder's Trendanalyzer in Google clothing.

01 August 2007

Speed up your web pages with YSlow

Found Yslow via Yahoo developer network;

YSlow analyzes web pages and tells you why they're slow based on the rules for high performance web sites. YSlow is a Firefox add-on integrated with the popular Firebug web development tool. YSlow gives you:

  • Performance report card
  • HTTP/HTML summary
  • List of components in the page
  • Tools including JSLint
Yslow takes the guessing out of the performance equation, help you optimize the overall performance for your website and reduce page load time.