Identity/Watchdog/Visual Hashing: Difference between revisions

Jump to navigation Jump to search

Identity/Watchdog/Visual Hashing (view source)

Revision as of 18:58, 16 November 2011

854 bytes added ,  16 November 2011
no edit summary
(Created page with "= Visual Hashing = == Features == Visual hashing modifies the password input widgets on every page across the web by causing the background of the input to change as the user t...")
 
No edit summary
Line 17: Line 17:


== Security Concerns ==
== Security Concerns ==
Visual hashing displays an unsalted SHA1 hash of a user's password. This means screenshots will leak information about a user's password, which can then be used for brute force cracking. For this reason, each RGB value in each color of the colorbar is randomly added to a number from -3 to 2. This means each RGB value can take on a total of 6 different states. That means there are a total of (6^3) ^ 4 possible visual hashes per password. This makes it significantly harder to crack a user's password with only a single screenshot. Of course, these differences are unnoticeable to the eye.
The visual hashing feature does not interface with the password manager in any way, and also does not persist any information to disk. The visual hash is only available to the page the input widget is on. Therefore, it should not pose any other security risk.
Psawaya
22

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/370276"

Navigation menu