PwdHash is a technology developed by Stanford University that generates theft-resistant passwords. The official project website is at http://crypto.stanford.edu/PwdHash/.

At this page you can download a User JavaScript implementation of PwdHash for use in Opera, reusing existing code from Remote PwdHash as libraries (for domain extraction and the actual password hashing). This script “only” adds the integration into Opera. The original script was created by Patrick Schmidt. I have just updated his script to work with the latest versions of Opera.

Please be aware that (being just a JavaScript) this implementation can’t protect you against phishing like the plug-ins for Internet Explorer and FireFox can. Any malicious page could compromise this User Script by using JavaScript itself.

Download

The code can be downloaded here. Tested with Opera version 11.01 for Mac, Linux and Windows.

Installation

First you have to extract the archive. I suggest somewhere within your Opera folder, e.g.: YourOperaFolder\userjs\PwdHash\

Now you have to open Opera’s Preferences dialog and select the Advanced tab. In the left list select ‘Content’ and there press the ‘JavaScript options…’ button. At the bottom of the dialog is a text field labeled ‘User JavaScript Folder’. Here you have to enter the path to those JavaScript files. You should enter an absolute path because relative paths won’t always work. According to the suggested directory above you would enter: \userjs\PwdHash.

The next step is to enable the User Javascript for HTTPS so that you can use PwdHash on HTTPS login pages (Most websites now use HTTPS to protect the login page). Click on this link or type “opera:config#User JavaScript on HTTPS” without the quotes on your Opera browser. On the page that opens add a tick to the box and click Save.

Restart Opera to make sure that all the changes have been applied. Now the first time you visit an HTTPS page a message box will popup and ask you whether you want to allow User Scripts on encrypted pages. You should click Yes to enable PwdHash for all encrypted pages. Opera will remember your choice for this session but if you restart the browser it will ask you again. It is kind of annoying but it is the only way to enable HTTPS PwdHash for now.

Usage

This implementation works mostly as described at http://crypto.stanford.edu/PwdHash/. To activate the hashing you either have to prepend your password with ‘@@’ (two ats) or press F6 (instead of F2) while the password field is focused. When hashing is activated the background of the password field will turn to a very bright yellow. Once you leave the password field or press enter to submit the form the password will be hashed. This is indicated by a bright green background.

You can deactivate the hashing by pressing F6 again which will also restore the password field’s original background color. Hashing can even be activated for regular text fields.

comments powered by Disqus