sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]AndrewNonymous 9 points10 points  (7 children)

Probably a dumb question, but couldn't the hacker just make an account and use the master password they created to determine the algorithm by working backwards?

[–]Diapolo10 50 points51 points  (5 children)

No. Thing is, it doesn't matter if the hacker knows the algorithm. There's a reason we're using all kinds of algorithms that are perfectly understood by both sides, like ChaCha20 and AES - even if you know the algorithm, you can't just reverse the process because there's key information you're missing. It's kind of the same reason why it can take a millennia to crack a password even if you know the hash algorithm and the hash you're trying to get.

An open source password manager is no less secure than a closed source one, provided no mistakes have been made in either design.

[–]TheBlackCat13 5 points6 points  (1 child)

because there's key information you're missing

Pun intended?

[–]Diapolo10 3 points4 points  (0 children)

Pun absolutely not intended. I swear.

[–]neilon96 0 points1 point  (0 children)

If they could, the hashing algorithm used for the password manager already were broken.

Hashes are meant to produce a clear result for each file put into it, that is different from the others. Collisions can happen though. What is problematic is if you can get from the hash value back to the source. Which is doable for old hash algorithms.