可以使用用户名 + 的哈希值吗？ master_password 作为帐户的密码？

发布于 2025-01-17 15:50:38 字数 642 浏览 2 评论 0原文

基本上，如果密码只是按需计算，而无需存储它们，这意味着不需要备份任何内容，该怎么办？无需信任第三方来获取您的密码。

compute_password(website_uri, username, master_password)

这只是一个函数的简化版本，可以添加更多信息，例如密码长度、随机数/计数器等。例如，对于“website.com”，我有一个以“marlybob”作为用户名的帐户我的密码将是该网站上该帐户的密码，该函数返回的内容如下：

compute_password("website.com", "marlybob", "my_secure_master_password")

假设这些输入保持不变，我总是可以计算出我的密码，对吗？

主密码甚至可以是 12 个单词的种子，遵循加密钱包的标准，这样人们就可以使用它，并且需要保留的密码会更少，我知道钱包使用了一个标准。

此外，它不能只是一个哈希值，可以使用输入的哈希值作为生成随机字符串的种子。

不确定这是否是一个新想法，可能不是，我尝试搜索密码管理器，它们都使用基本上相同的想法，即生成随机密码，对其进行加密并存储在云中。这只是我在思考我的学士论文主题想法时想到的，我想我可以尝试一下并在这里询问更多信息。真的很好奇这是否是一件事。

原文

Basically what if passwords were just computed on demand, without having to store them, meaning no need to back up anything. No need to trust a 3rd party for your passwords.

compute_password(website_uri, username, master_password)

this is just a simplified version of a function, could add more like password length, nonce/counter etc. So example for "website.com" I have an account with "marlybob" as username
my password would be for that account on that website is what ever the function returns below:

compute_password("website.com", "marlybob", "my_secure_master_password")

assuming these inputs stays the same I can always compute for my password right?

the master password could even be a 12 word seed, following the standards for cryptowallets so people could use that and will have less passwords to keep, I know wallets uses a standard for that.

Also it could not be just a hash, maybe use the hash of the inputs as seed for generating a random string.

Not sure if this is a new idea, probably not, I tried searching for password managers and all of them uses basically the same idea of generating a random password encrypting it and storing in the cloud. This just came into my mind while thinking for my bachelor thesis topic idea, I thought I could give it a shot and ask here for more info. Really curious if this could be a thing or nah.

分享到QQ

分享到微博