Jana

Jana is a simple password deriver, much like OnePassword or LastPass. It uses HMAC-SHA256 to convert a secret master key and a keyword into a long pseudo- random string. Although it uses a weak entropy source (a passphrase), it is still better than reusing a single password in multiple places. It doesn't hold up against a targeted attack (single point-of-failure for authentication is never a great thing), but it certainly is good enough for day-to-day use.

For reference, the exact algorithm used to convert between the hash output and the ASCII password is:

language: C
const char *chars =
    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
    "abcdefghijklmnopqrstuvwxyz"
    "0123456789$!@#()*/|{}";
const int chars_length = strlen(chars);
for(int i = 0; i < 32; i ++) {
    password[i] = chars[(unsigned int)hash[i] % chars_length];
}

HMAC-SHA256 was chosen over plain SHA256 due to the former's resistance to extension attacks.

Downloads:

• Chrome extension
• Firefox extension
• Standalone program (uses OpenSSL, ncurses optional)
• Android application (debug build)

---

Unless otherwise specified, all written content is released under a Creative Commons Attribution 3.0 Unported license, and all original source code written by the author is under a 3-clause BSD license. To contact the author, send an email to ethereal, at the canonical domain for this website.

Page generated at Thu Jan 14 21:32:32 2021 UTC.