Modern cryptography

Hashing: BLAKE3, Keccak-based functions (SHA-3, SHAKE256) or BLAKE2b.

Encryption: XChaCha20-Poly1305, ChaCah20-BLAKE3, or, I would like to see keccak-based AEAD constructions.

Key Exchange: X25519, X448

Digital Signatures: Ed25519, Ed448

Password Hashing / Key Derivation: Argon2id

Conceptually it's very simple: when you signup for a service, you generate a private and public keypair. The private key is stored in your passkey manager [...], and the public key is stored in the database of the service. Then, during a login, the server sends an randomly-generated challenge, your device sign it wit the private key, and the server verify that the signature of the challenge matches the public key.

An alternative to passwords.

what is your mother's maiden name?

Pick random words or another password and store it in the password manager. It's easier that way.

Due to being random and unique per site, it's far more secure.

The scroll-animated graphic is well made. It goes through the different topic step by step.

I use the notes field as a mini-changelog, where I write dated entries to track the history of each account.

If the purpose of an account isn’t obvious, I write a note that explains why I created it.

Keep track of deleted accounts. When the deletion occurred.

and more

Instead of hash functions to store password, use Password-Based Key Derivation Functions (PBKDF) such as Argon2id.

bcrypt should be avoided due to its huge footgun: it truncates inputs longer than 72 characters. Okta AD/LDAP was vulnerable because of it.

Checksum functions such as CRC32 and xxh3 are optimized for pure speed and don't provide any security guarantees about their output, and it's easy to find collisions for a given checksum.

In 2024 based on I/O speed, a hash function with a throughput of 1 GB / s / core is considered fast enough for most use cases.

I skip the speed part because it is not relevant for me: 100MB/s or 1GB/s does not make much difference.

SHA3 and the BLAKE family which produced secures hash functions that are also misuse resistant.

A strength >= 128 bits is considered secure. The security agencies recommendation are a bit different. Hash length ranges from 256 (NIST) to 512 (ECRYPT-CSA).

SHA3 has many functions, SHA2 is vulnerable to length extension attacks (secret || message) but BLAKE3 has none of these issues.

Post-Quantum security from Grover's algorithm divides by 2 the preimage and 2nd-preimage resistance. The BHT algorithm predicts however that a quantum computer can find a collision in $2^{\mathrm{<mfrac><mtext>n</mtext><mtext>3</mtext></mfrac>}}$ operations instead of 2^n/2

So SHA2 for convenience or BLAKE for the rest. There is only C and Rust that have official support for BLAKE though.

Dans son développement, le NIST reconnaît que les règles de composition ont pour ambition d’accroître la difficulté de deviner les mots de passe choisis par l’usager. Cependant, « les recherches ont montré que les utilisateurs réagissent de manière très prévisible aux exigences imposées par les règles de composition », note l’institut.

A collection of websites

Spectre me fait penser à une autre extension de navigateur...

Ah oui: https://crypto.stanford.edu/PwdHash/ et lesspass

Et nous pouvons aller plus loin ! Si le mot de passe configuré par un gestionnaire de mots de passe est plus long que 20 caractères, alors il sera faux lorsqu'il sera entrée. Le mot de passe doit être composé de 20 caractères ou moins, sinon la connexion n'est pas possible.

Merci car tu m'as débloqué l'utilisation de mon gestionnaire de MDP sur ce site.

1. Don’t Disable Copy-Paste For Passwords
2. Don’t Rely on Passwords Alone
3. Drop Strict Password Requirements
4. Social Sign-In Isn’t For Everyone
5. Replace Security Questions With 2FA
6. Users Need Options For Access Recovers

A password generator system based on hash generation. The hash take the website URL and a master password as input, it then generates a hash and returns the first X characters of it.

Tadaa you have your password.

A password generator based on the website URL and a master password. Thus it avoids to have a password generator.

A reboot of https://crypto.stanford.edu/PwdHash/ btw ...
I had the idea last year as the extension of stanford was old ! Here you are doing it LessPass :D

So KeepassXC can be used instead: https://www.keepassx.org/start/index.html

1. Comment sont enregistrés les mots de passes
   1.1 Hashs
   1.2 Fuites des bases de données
2. Conséquences d'un mot de passe qui a fuité si il est réutilisé sur d'autres comptes
3. Conclure sur la pertinence des gestionnaires de mots de passe donc

en tant qu'utilisateur des services numériques

C'était une ancienne recommandation du NIST, qui recommande maintenant d'obliger le changement de mot de passe en cas de suspicion de fuite de mot de passe uniquement.

Que deviennent les mots de passes en cas de décès ? C'est une question qui va devenir de plus en plus importante !
De mon côté, je n'ai encore rien prévu à ce sujet. Il faudra...