How Steemit Generates Secure Random Passwords

in #steemit8 years ago

Some users have expressed concern over how secure the random password generator is.

The foundation of our random password generator is the secure-random npm package. This package normalizes the behavior used by CryptoCoinJS and BitcoinJS.

We combine this with data unique to each browser / session including the date, screen resolution, and result of a quick performance benchmark. After all of this data is collected we hash it with sha256 to generate the password.

This means the security of Steemit’s password generation algorithm is as secure as other platforms. In the future we will also add in entropy from mouse movements.

Sort:  

Sweet. This password business has definitely spooked a ton of users

That's for sure

The secure-random is designed to find window.crypto and use it (you guessed it, Internet Explorer does not use the standard location) .. This is an HTML spec for providing:

cryptographically strong pseudo-random number generator seeded with truly random values

If the browser does not provide window.crypto, a key will not be generated. Because there have been poor implementations of window.crypto in the past, (mostly as Bitcoin was coming of age), we do what most people do and combine the data with the other sources described above and hash it all together to create the key.

Steemit needs Two-factor.

I feel pretty safe after changing all my keys. I just use the posting key day to day, the active one very briefly when doing market transfers and will not have to touch my owner key password which is ridiculously long and random.

Maybe I'm fooling myself.. I don't know

I've never heard of basing data collected by mouse movement into generating a password. Including entropy....wow I'm actually mind blown.

very good my password 32 karakter

Coin Marketplace

STEEM 0.19
TRX 0.15
JST 0.029
BTC 63342.09
ETH 2658.68
USDT 1.00
SBD 2.81