PassLok Privacy, PassLok for Email, SeeOnce, and URSA, both in their standalone and extension versions, have all been updated. Besides the usual bug squashing, there are two more significant enhancements:
- Fewer errors, which now cause the programs to return to the user rather than interrupt execution. A subtle but maybe important difference, especially for the extensions.
- Enhanced password/Key entry. The “Show” checkbox is gone, replaced by a standard “eye” icon on the right of the box. There is also a mnemonic “Hashili” word accompanying the strength score, so users can be reassured that they typed their password or Key correctly.
Read more for a fuller description of Hashili.
Have you ever typed a long passphrase, which is hidden from view by default, only to find out that it was the wrong one? You scan your keyboard to make sure you didn’t accidentally press the Caps Lock key, then retype it ve-ry care-ful-ly, but by now you are somewhat shaken and get it wrong again. You know, somethings typing at the regular fast speed is the only way to get it right, like those people who dictate their phone number so fast that you have to rewind your voice mail over and over again…
And you have only three attempts to get it right before the system locks you out as an intruder. That’s two already. Better get it right this time. Now, don’t get nervous…
This is why I added Hashili to the latest version of most of my encryption apps. I call it that way because it is actually a “hash” that you can read, and it sounds mildly African, like Swahili. As you type your Key or Password, the program takes the SHA512 hash of what you’ve typed (minus leading or trailing spaces), takes the last four bytes of the result, and converts that to a decimal number between 0 and 2^32 = 4,294,967,296. Then it takes the last eight figures and splits it in groups of two. For each one, it generates a syllable consisting of a consonant (B to Z, except Q, which has 20 possible values) followed by a vowel (A to U, with 5 possible values). For instance: 00000000 = “babababa”, 99999999 = “zuzuzuzu”, 21744578 = “vomatuge”, 58555289 = “xunipapo”.
The chances that this would become a real word in any language are next to nil, but more likely than not it will be familiar next time you see it, even though you may not remember it outright. This is all that’s needed to reassure you that you got your password right. Because it is based on SHA512, the Hashili word changes radically with any small change in the password. There are one hundred million different Hashili, which means two things:
- The chances that you get the correct Hashili but your password is wrong are one in a hundred million.
- It’s quite impossible to reconstruct your password from its Hashili, because there are 2^512 = 1.34×10^154 different SHA512 hashes for only one hundred million Hashili. That’s over 10^146 hashes for each Hashili.
I hope you like it. Think of Hashili as some little minion inside the program telling you, in its native tongue, “you’ve got it!”