Chroma-Hash: A Belated Introduction
Hey, go check out the more recent blog post about Chroma-Hash for a better and more up-to-date explanation of everything.
Yesterday, I posted Chroma-Hash, an experiment in how to visualize the live-input of secure fields, such as a password on a login screen. So far, I’ve received a lot of great feedback, as well as a number of questions that I thought deserved a proper response.
Before I go into any details, I invite you to check out the live demo, (if you haven’t seen it already), so you can get a clear idea of what Chroma-Hash does.
The Concept
When you type something into a secure field, each character is displayed as a •. Good news for people who don’t want others to see their password; Bad news for anyone who has a long or difficult password (or is bad at typing). How could we improve the experience of secure text input so that the user entering information could have an idea of what they entered, without anyone else knowing it?
Chroma-Hash approaches this problem using an ambient color representation of the input as it is being typed.
Use Case 1: Login Check
If your password normally is represented as “red, purple, orange”, and after you’ve finished typing you see “pink, green, grey”, you’ll know you mistyped it somewhere along the way. This avoids a potentially long wait for the server to respond with a “failed login” notice.
Use Case 2: Password Confirmation
When you sign up for a web service, you often have to type your password twice to make sure that you entered what you wanted correctly. As in the demo, a user will be able to confirm that two fields are the same visually. There are, of course, many alternatives for live-input validation of password confirmation, but this is another viable use case for Chroma-Hash.
Security Concerns
Under the scrutiny of the sharp minds on proggit and Hacker News, it’s only natural that some really good concerns were raised. As an experiment, this is the best kind of input I could ask for, because it challenges the viability of this as a visual metaphor, and works to improve the usability of the project as a whole.
“It’s Not Non-Reversible”
By all accounts, I would not, in fact, bet on Chroma-Hash being unbreakable. At least in its current iteration.
One of the common arguments is that by showing the colors as you type, one could step through and guess along each way. chaosmachine on Hacker News explained it this way:
Because you can see the color code at each step, it’s easy to compare results very quickly, even by hand. Did I get letter 1 right? Ok, move on to letter two, try each key until the colors match the recording. Do this for each step. At most, you have to try about 64 key presses to crack each letter.
Theoretically, this is definitely a concern. One of the ways I tried to prevent this was to animate transitions between the color sequences as they were being typed, so intermediary colors were never shown. Given a sufficiently slow typist, though, all bets are off in Chroma-Hash’s current state.
Another consideration, however, is how exactly someone would be able to tell what the colors are, at least in common use-cases. As a color expressed in Hex, there are 16,777,215 possible colors for each bar. Eye-balling it wouldn’t be enough to get an exact color value—the difference between #952A08 and #952A09 is nearly imperceptible, but represent an completely different hash input. Unless you get a really good look, it would be pretty hard to tell. And at that point, you might as well be looking at the person typing it instead 
MD5 is Weak
Another concern was the use of MD5 rather than a stronger hashing algorithm, like SHA-1. For this first release, MD5 was a choice of convenience. MD5 is marginally faster, and with live-validation, I wanted to make sure that the animation was smooth and didn’t interfere with user input.
One of the ideas behind the project was that by using one hashing algorithm, a user could expect the same color on any website that implemented Chroma-Hash. This is not a central concept to this visualization, and may prove to be a bad idea. For the next iteration, I’m considering adding support for SHA-1 as an alternative hashing algorithm that can be passed in as a parameter.
Iterative Improvement
Weighing in these concerns, I believe that this kind of visualization can become a viable UI metaphor—all it would take are a few minor improvements. Here are a few suggestions that I am currently considering for the next version:
Adding A Time Delay To Live Input
To avoid the possibility of exploiting information as the user types their input, a short time delay could be added before the colors are displayed.[1] [2] [3] [4] This way, all a potential attacker could know is a portion of the password’s hash, which is not nearly as useful.
Using A Stronger Hashing Algorithm
As stated before, I may add an option to use SHA-1 instead of MD5 in the next version. This is pending research into the potential gains and the concerns of maintaining a fluid user experience.[1] [2]
Using a Salt
A salt “Salt on Wikipedia”) based on other field inputs or a server-defined constant, for instance, would further increase the security of the hashing algorithm. The only downside is that this approach would force the user to remember different color combinations for each site, which as I mentioned above, may not be such a bad thing.
Once again, I’d like to thank everyone who’s given me so much useful feedback and encouragement. I’m really excited to take Chroma-Hash to the next level, and as such, I extend you to continue this conversation on possible uses and security considerations.
Photo Credit: binarycoco
Comments
Sorry, the comment form is closed at this time.
I like it for the register page but not so much for the log in page.
Now to log in I have to remember my password AND a color combination?
But then again on the register page you can just compare the fields to see if they match fairly quickly using js.
Personally I prefer to bypass the whole thing and register/login with facebook, twitter or some other open id provider.
It’s pretty damn cool technology but I am not sure what problem it is solving.
The MD5 algorithm only has breaks for finding a pair of texts that hash to the same thing. For this example, its more than secure enough.
The problem with showing the colours for every key-press is if I can remember or record the sequence of the even the last colour bar, even approximately, I can massively reduce the search space for a brute forcing algorithm.
Also, the lack of a salt (which is desirable for multi-site use) makes the phrase “rainbow table” take on a whole new meaning
Very interesting component! Groundbreaking in fact.
Some concerns raised on reddit and hackernews are not valid.
Use of SHA-1 vs. MD5: It makes no difference, since you are not displaying the full output of the MD5 hash (only 24bits x 3). MD5 is not recommended because of the amount of collisions, which is good for your project. The more collision you get, the less reversible the password is. The underlying website needs proper hashing but your visualisation does not.
Adding a salt is necessary, as you could learn common color-palettes for common password and be able to guess them. The best salt would be the username + a site specific salt. That way it would be truly unique.
The difference between #952A08 and #952A09 may be nearly imperceptible to a person, but if you were viewing a screencast you might be able to easily discern between the two colors with a little computer assistance (like gimp’s color picker tool).
Awesome work, Matt. Hook this up so I can see my gravatar being generated as I enter my e-mail address, please.
–Kent
@chopps - you dont need to remember, but you can check if it matches ;]
If it dont matches, you just know it’s wrong and dont even click ‘login’.
It’s more like you get used to it and just notice the colors when they are different.
Really awesome.
A few thoughts though:
I like how if you choose 1 color, it’s the first color of the group of 3. It’s small, but it keeps colors consistant across implementations.
You could attempt to fool image-capture software by randomly nudging the values of each channel in each color by +/-4. I really think it’s a non-issue, though. Any javascript that can read off the colors could also just read the value of the textbox.
As you mentioned, having different salts is a bad idea because the colors are no longer consistant. As Vincent mentioned, people will begin to realize the combo for “password” & “12345″. Having a username-specific salt would be nice, but it might destroy the cross-site consistancy.
It might be worth looking into a hash that has incredibly high collisions. (Maybe a 4-8 byte hash?) You’ll only be able to display 1 or 2 colors, and you lose accuracy, but you gain a lot of security. It should also be a lot quicker to compute & have a smaller codesize.
I really like how the colors are displayed, but if there’s only 1 color, it could possibly be the border color of the textbox or something. It might just look like crap, but it’d be worth experimenting.
I’m thinking of toying around with a greasemonkey script. Once again, great demo.
how about blinds?
I’m still not sure exactly which problem you’re trying to solve here - there seem to be two.
1 - Recognising you’ve typed the correct password on a login page. This is the “security concern” mode and I’m not sure of it’s usefulness. You either need a hash with high collisions, as suggested above, or a random element where the colours keep animating until, say, 1/2 a second after you’ve stopped typing.
2 - Ensuring two passwords match on a registration page. This, to me, is the best application. The colours don’t need to consistently match for the same password (i.e. random salt) as long as the two sets of colours match.
Nice work though - I applaud your innovation!
Very great idea.
Lotus Notes uses exactly the same idea, except it has keys with like 5 different shaped badges which may have like few different colors also, therefore when I enter my pass I know I’m expecting red badge if I entered password correct. Idea is good indeed, but not something new.
Also to improve security Lotus Notes shows default icon until you reach minimum password length, therefore in the first iteration you got a lot of combinations already that could match key state.
Mobile devices? I don’t know about the latest devices but on my old hp ipaq I can’t get all the colors, the closest one is displayed. But this won’t bu much of a problem.
A good use of this is to display the preview chrome on the login page for convenience. I use a 6 letter password for most of the time, however on certain sites I would need to use an 8 lettered password, it’s often difficult to remember where I need the 6 lettered password and where I need the 8 lettered password. I think this is a great concept and is sure to be useful. I’m just going to go and port this onto the server-side :D.
[...] Chroma-Hash An interesting experiment (using jQuery) to create secure visual feedback for password fields. [...]
Oh and by the way, here’s a python port of Chroma-Hash - useful for serving out the chroma-hash to the end user so they could make sure that their passwords are correct
http://github.com/leegao/pyChroma
excuse me for being dumb but how can i check if my passsword matches on login?
The service has no idea who I am and can not possibly present me with a 3 bar color sequence to match???
[...] http://mattt.me/2009/07/chroma-hash-a-belated-introduction/ [...]
Great idea, but it might confuse the average user. Guess I’ll have to run an A/B split test
@chopps
The basic concept is that the client sends an asynchronous request to a predefined url with one of the parameters being the username, the server then gets the password (or salted hash depending on how the authentication information is stored) and the colors are then returned to the client, which may or may not display the color depending on how difficult the password is. It’s merely a convenience.
Here’s a sample integration for python
http://github.com/leegao/pyChroma/tree/master
Of course it’s impossible to fully integrate this with the major sites due to the fact that most sites prefer a sha1 or a salted md5 hash over either pure md5 or untempered password for storing the authentication data. In this case I surely hope that mattt can:
1. Incorporate SHA1 into his specification for chroma-has
2. Allow extendability to the algorithm for calculating the hashes.
@Vincent @Zach Good points about hash collisions. For most applications, it’s kind of counter-intuitive to want collisions, but now it makes sense. I’ll shop around for a few hashing functions and either choose the best or offer a few options. As for salts, I’ll be adding that as an optional parameter, unless there’s a convincing argument to enforce best practices by default.
@Elhana Yeah, it’s interesting to see how long this kind of approach has been around, and how relevant that solution still is. In a way, it reminds me of the generative avatar system I’m using on WordPress. Nice find.
@Lee I really dig your Python port—kudos on that! I’m looking forward to seeing where it goes.
[...] (пока, скорее всего, не технически) идея (уно, дуо, демо) визуализировать содержимое полей ввода [...]
I think this is a great idea. Certainly for the matching confirm password, but with the required safety measures taken, I think it could be a valuable part of the login as well.
I have an implementation concern about using labels though. Ending up with 4 labels for an input, is that valid html? In any case, the inline css needs a little tweak to be compatible with existing css for the actual labels. Adding it to my page gave me weirdly sized colour bars.
Anyways, thanks for great idea and for sharing it.
The most common security risk after the script kiddies is social engineering.
You’ve just provided a potential *known* attacker :
- far more information than the length displayed in asterisks would
- an offline method of ‘brute forcing’ the password
I watch Joe type his in, and take a glimpse at the screen before he punches the enter button.
I can now hit that site and sit there typing in Joe’s dog’s name, his wife’s, kid’s etc. etc. with a reasonable guess based on length, and I never hit a barrier until I have a potential match. There’s no ‘Oh dear, you tried 5 times in 15 minutes, 12h lockout’. No security flags being raised.
In the end, all security is through obscurity, and *any* further information provided above the bare minimum is too much.
I like it.
What if?;
On the login page as I type the username it shows seemingly random colour combo until it matches against a real user, then at that point it shows the colour combination you should get connected with their password.
When you type your password it then will match the one beside the username when the password is correct.
What would have to happen to make this work though:
1. A random salt connected to each pageload.
2. Only allow the user a certain amount of key presses. e.g 200 or whatever so its not restrictive but still stops anyone trying a brute force. They would have to reload the page which would of course cause the salt to change again.
It does mean you have different colour combo each time you go to the site but it gives you a very quick indication if you have the right password in.
Not sure how useful it is but I said I’d throw the idea out there anyhow.
Any security holes i missed on this?
Is this based on HashMask? It’s pretty similar, except hashmask uses a sparkline.
http://blog.arc90.com/2009/07/newer_in_the_lab_hashmask_-_an.php
I think this method is a bit more visually attractive.
[...] Then you can check out Chroma-Hash: A Belated Introduction. [...]
This is definitely visually attractive! But security would be a big problem.Hackers would be really pleased to get this info too!
Love the design, but not so sure about the accessibility of your color choices.
Here’s the background - depending on who you ask, between 14 and 20% of your visitors are going to have some problem distinguishing subtle color differences. For example, about 7% of all males have mild-to-severe problems distinguishing between red and green.
You can read all the hairy details at http://www.w3.org/TR/WCAG20/, but it all boils down to ”pick colors that have sufficient contrast when placed next to one another”.
Chroma-Hash looks great, but the subtle shade changes you offer kinda suck as far as accessibility goes.
I’d suggest that you take a look at @snookca’s Color Contrast Tool (http://snook.ca/technical/colour_contrast/colour.html) and the underlying W3C contrast algorithm (http://www.w3.org/TR/AERT#color-contrast)
With those in hand, you should be able to generate triplets of color swatches that will be readily ‘readable’ by anyone.
@alkemann Labels make the most semantic sense in my opinion, as the color bars point to the element they’re visualizing with the for attribute. The HTML 4 spec, at least, allows for multiple label elements for the same input
@Matthew Excellent points. I’m currently writing up another follow-up for this project taking a look at security from the perspective of information leaks, and the two concerns you raised are really the two most important ones to deal with before it’s ready for production.
@Derek A random salt each payload, while very secure, would ultimately make Chroma-Hash pure eye-candy for the Login use-case: the user would not be able to predict the colors for their correct password, and thus know if they typed it correctly the first time.
@Zach Yes, this project was inspired in part by HashMask. I credited them in the README available on GitHub, but did not mention this in my blog post.
@Will I also consider accessibility a primary consideration in design, and I’m glad to see others who value its importance as well. This first cut was more of a visual experiment, seeing if the use cases made sense before I implement it with all other usability concerns addressed. Thanks for the links—I’ve already started implementing this as an optional parameter for the next version.
Nice and creative approach.
I feel that it’s too complicated. I think that presenting a light hint message that notifies whether or not you’ve entered correct data should be fine. I’m not sure about comparing two color palettes, it looks too complicated and not enough intuitive.
I like the fresh idea though, thanks for sharing!
If you really mean the colour bars to be memorable to average end users, they have to be compatible with colourblind people. For that, use the Brewer palette. You still have tens of thousands of colours to mix and match.
If that isn’t what you really mean, carry on unimpeded. But please don’t think this system will work for end users without accommodation.
I’ve updated pyChroma to go a bit out of way of it’s existing functionality. Basically pyChroma now also returns a front-end js with all of the necessary components for validation (including a salt and the function to duplicate the hashing algorithm used by specific backend) and also includes support for django and vbulletin backends.
The problem now of course is security. The salt has to be exposed publicly otherwise the server and client’s chroma-hash won’t match (which will defeat the purpose of having it sit on the server side).
But then again, it’s not like every day that we choose a collision prone password so it shouldn’t be that much of a big deal.
Git Repo: http://github.com/leegao/pyChroma/tree/master
Wow, this was really fun to work on
Great concept! Since you are using MD5 hashes, it opens up alternative visualisations.
For example:
Identicon - http://en.wikipedia.org/wiki/Identicon
MonsterID - http://www.splitbrain.org/projects/monsterid
Wavatar - http://www.shamusyoung.com/twentysidedtale/?p=1462
Simple visual identification that your password is correct.
I think that it is very interesting from UX perspective. You have bypassed the problem of not seeing what you are typing and making sure that it matches. I am pretty sure that by reflecting on the security issues others have addressed, you can create a useful strategy. I’d like to test it more: have you done some user testing?
ciao
@Joe Clark, like so many things, this would work great for the 99% (well, ~98.7%) of users who aren’t color blind, but admittedly isn’t fully accessible to those who are. The Brewer colors looks interesting, but it would likely add a large amount of complexity to the implementation.
I’ve implemented a version of this is YUI3, and posted it to http://github.com/foxxtrot/Chroma-Hash/tree/yui, which I intend to keep feature-compatible with the jQuery version Mattt’s put together. The only reason I bothered reimplementing is because I don’t want to have jQuery and YUI on the same page (even though they wouldn’t interact).
I’ve been debating rolling this out to users in a new version of the logon page for the University Administration system I maintain, but haven’t done so yet, for fear of unnecessarily confusing users. I might roll it out using split A-B testing methods to see how a small portion of the userbase responds.
I think this is such a creative idea. But I think it may raise more questions with people than provide useful feedback.
I like the idea of this more on a login page than a registration page. On a registration page I feel you should assume the user will enter in the password confirmation correctly, and provide proper feedback if they didn’t.
On the login page though, the first time someone encounters it I have to think that everyone’s initial question would be “what is this?” which forces a delay in accomplishing their task of logging in that most likely would have been successful anyway.
It seems to me its usefulness would only be discovered after multiple logins, but it’s definitely an interesting problem to think about.
I’m not colorblind, but I don’t think colorblindness would be as much of an impediment to using this as some people claim. Whatever your colorblindness, you still perceive the Chroma-Hash in some way. A “failure” only occurs when
a) You mistype your password, and
b) The Chroma-Hash looks enough like what you’re expecting that you can’t tell the difference.
As you’ve already pointed out, even people with above-average perception of color have a hard time distinguishing between #952A08 and #952A09. But how likely is it that the difference between someone’s password and their typo is so subtle? I’m sure we can find more than one password with the same or similar Chroma-Hash, particularly as perceived by the colorblind. But I doubt the one password would be a likely typo of the other.
Version 0.2 is now live, and it incorporates 2 key features that improve security and overall sexiness:
[...] After reading the chroma-hash blog post I realize that many of my ideas were already expressed there. Go [...]
Too many comments so I am not sure if anyone suggested this but it might be helpful to add a minimum character limit which must be reached BEFORE the colors are displayed. For example, I require 6 minimum chars on my sites for passwords thus, I will not display any colors until the user typed in at least 6 chars. This would prevent the key by key comparison of colors mentioned in some comments.
In addition to this awesome approach we could provide the user with the “show password” checkbox. If the user is at home or is 200% sure that no one is near and looking over his/her shoulder then it makes no sense to hide the password from him and make him guess what he typed or memorize colors.
In public places like internet cafes the Chroma-Hash ROCKS.
So, BOTH approaches together is probably the best solution and most usable!
UPS
Nice job!
Now I noticed that the first 5 chars are gray
I still like the “show pwd” checkbox as an additional helper
@Predrag Thanks! Glad you like it
There is a project by Matt Todd that does the show-password functionality quite nicely. Check it out!
@Matt, I got interested in the discussion of Chroma-Hash leaking hash information and ended up writing a potential solution. You can find my fork at and the wordy blog post explaining my take on the issue at . Hope you like it!
Doh! Links didn’t make it into the last post.
Github: http://github.com/youngian/Chroma-Hash
Blog: http://blog.iangreenleaf.com/2009/08/making-chroma-hash-less-leaky.html
[...] information here and a Python version is available [...]
http://percentmobile.com/mobileanalytics/register
added it here. great idea. lets see what people think.
questions:
1.) how can i say that the hash group should have a certain right padding towards the right side of the textfield?
2.) jquery-ui: is it possible to have a bundled build that *only includes* the jquery-ui parts acutally used for chroma-hash? i find the lib rather large. hard to justify that the page weight just increased by over 100K
great work!!
[...] umschreibt die Idee dahinter in diesem Blogpost und geht dabei auch auf einige Sicherheits-Aspekte [...]
Version 0.3 was just dropped like it was hot. Here’s what’s new:
Hello.
Firts of all thank you for chroma hash i really find it very useful.
i’ve noticed that the newest version uses gray scale colors for the 5 first characters. it would be nice to have the ‘old’ behavior maybe as an optional feature.
Cheers.
bueno gente… soy de Honduras y no entendi nada XD
@David The grayscale behavior is based on the “minimum” parameter for Chroma-Hash. if you want something like the first iteration, just set that to 0. I wouldn’t suggest that, though, because it has the potential to significantly compromise security.
@dedalo Está bien. Gracias por el comentario. Saludos desde Tokio!
I had the same idea as Predrag: just don’t show anything until a minimum number of characters have been types (say 5) and you’ll reduce the ease of doing a reversable attack, but it would still be there. I suppose people might end up having almost literal “rainbow tables” then!
No disrespect to those raising the concerns (they are absolutely valid points to explore), but I wouldn’t be massively concerned about those who say this isn’t accessible - it’s an *optional* extra, not the core to entering a password (since if you can’t see it, all you have is the existing system). Remember too that the accessibility concern is really only for those who have vision that is completely or severely impaired; for those who are colourblind, it will still work in a way, as the final colour combination will always look the same, but they will simply have more potential collisions (eg lots of the green combinations might look similar to lots of red combinations for red/green colourblind people). It would be a matter of testing if the colourblind induced collisions for were too common for similar passwords to allow this to work effectively.
However, whilst thinking about that, you could even consider a sonic version - I haven’t investigated, but I bet you’d find a simple harmony of three notes easy to recognise (where each note is equivalent to a colour band) - might be wise to have this option inactive by default before we all annoy our office neighbours!
Thank you very much.
I think i’m leaving it just as you recommend.
Congrats for the new CHSecureTextField n_n
It’s relatively simple to greatly improve the hashing security.
If you used SHA-1 instead of MD5, and then implemented HMAC (which is relatively simple, actually), you could use a universal salt (like ‘f0v0uqYzSolIAqi’ or thereabouts) and make it a lot more difficult to crack the hash, whilst still keeping the colors the same across all websites.
Well done though, it seems like a really cool project and it would be great to see this used in a lot of websites.
Although it’s pretty much incredibly secure at the moment anyway. Especially now that colors are rounded.
[...] En savoir plus… [...]
i really like the idea but…
maybe there is a security problem: while typing,the colors change (for every typed key). so if someone does not type very fast and someone else is recording the whole scene with a camera, he later can reverse the whole thing and type the first character till he found the right color combination, then the next character and so on…
nice concept, but not secure
[...] 密码输入框,或者说表单是我们普通网民需要经常接触的网页元素之一。但是密码输入框的用户易用性却一直没有没有列入到设计者的考虑中去。 我今天介绍这2个jQuery插件分别是Chroma-Hash以及跟iPhone一样的密码输入框,他们功能不同,但却一样提升了密码输入的易用性。 [...]
[...] forme de trois barres colorées. Ainsi, on voit du premier coup d’oeil si on a tapé le bon. L’auteur explique ici comment ça fonctionne, Infosthetics aussi. Allez essayer la demo, pour être convaincus de [...]
Love the idea.. I’m not sure if its just me - but if you type your password quite fast, tab to the next box, and repeat the password, again, quite fast.
The colours end up different. Shift-Tab /Tab back and forth a few times and they “realign”…
Bug?
and yes - I’m 100% sure I typed the same password twice!
@Kiall Thanks for pointing this out. I had an issue with this before, but added a trigger for onblur. It works for me in Safari and Firefox on the Mac; didn’t know it was still a problem. I’ll look into it.
Hi i have used its demo it is cool but it color combination in password field and confirm password does not match check it for admin password and admin confirm password while you have admin username
@shahgeb I haven’t been able to reproduce that… Check again, to make sure you typed everything in right. Technically, none of the Form elements really know about each other, so the same input will always yield the same output, no matter where.
Another possible use case:
If the hash was salted with a secret key based on the site + user combination, this could also serve as the site’s authentication to the user: When the user types their password into the field and sees the wrong colors come up, they can tell there’s a problem - it could be a phishing site.
Just a thought. An innovative idea, thanks for the sample implementation too!
@TravisM
Though I’m not colorblind I have it on good authority from a co-worker who is that many of the matches which uses colors next to grays, or similar shades of colors are indistinguishable from each other.
That aside, if I move my browser window from my LCD to my Laptop display, I can’t physically distinguish between the colors used for “passwordconfirmatior” and “passwordconfirmatioe”. This problem is made even worse if you’re in an area with uneven direct lighting.
While this is an interesting idea, I think there needs to be some method to make sure that the color bars used have enough of a contrast distinction that slight variations in the user’s abilities (colorblindness) and the environment (lighting/screen setup) don’t diminish or remove the ability of someone to use the system. Then again, limiting colors by contrast difference would greatly reduce your color pallet and likely require the addition of more bars of color to represent the hash.
HMAC with SHA-256 is the way to go.
I love the idea. Is it patent pending? Can I use it freely
Very cool idea and implementation. As a web app developer working in the federal governement, I have to be concerned with 508 compliance (color-blind or blind users). It’s a pain at times and limits us from doing some cool things like this, but I imagine this could be extended by using sounds instead of colors for these users.
Super cool visualization. Profs to you.
I’d leave a real comment ( MD5 isn’t so bad, but this does make a little bit more vulnerable to brute force and also colorblindness is an issue )but every thing that I’d say is already said in the above. Not perfect, but my my, that is really nice. Good job.
Fantastic way, I liked the way.
When can we use it on our site? Please mention it.
[...] Based on a resurgence of interest in Chroma-Hash (hi reddit!), I thought it’d be useful to revisit this oft-misunderstood project. [...]
A really nice idea. It adds a little to the security and a little more to the aesthetics. Please open source the code.
Now, as to the drawbacks… clearly you need to salt each separate site, that’s zero big deal. But what about the attack where you reproduce the password a character at a time?
Let’s pessimistically assume for the sake of argument that the attacker is actually videoing the person typing the password and has a perfect ability to recognize colours.
If the attacker “walks in” after the first four or five characters, they’re more or less out of luck. The issue is those first 6 or so characters.
IMHO, the way to do it is simply to display a lot less information on the first few chroma-hashes (good name, I think you should spell it chromahash).
The CH for a one-character string could be just black or white - giving the attacker at least 13 choices even if the password is lowercase alpha only. For two characters, 4 choices, black, white and two grays; three might introduce colours to get to 8 choices; four might introduce a second bar; five a third bar.
IF you kept the site’s salt secret, it would mean that an attacker would have to hit your program millions of times to deduce a 6-character password.
I’ve been thinking about an audio hash password! Reading about your idea is very revelatory. On the other hand, the ear is much better at perceiving sequences than the eye is - you almost don’t need chords at all because you’ll note that the “tune” doesn’t come out.
[...] gives a new way of confirming passwords Nov 9 Development I have stumbled across a unique way of confirming passwords on web forms written by a guy who goes by the name of [...]
[...] 密码输入框,或者说表单是我们普通网民需要经常接触的网页元素之一。但是密码输入框的用户易用性却一直没有没有列入到设计者的考虑中去。 我今天介绍这2个jQuery插件分别是Chroma-Hash以及跟iPhone一样的密码输入框,他们功能不同,但却一样提升了密码输入的易用性。 [...]