This really doesn’t work, not because of any deep crypto or math, but because it doesn’t stop the actual threat model for password cracking, it may even make it worse. There are two main ways of password cracking, online and offline, with offline being much faster since a site can’t throttle you.
For reference a modern securely stored password is the result of a function like hashedPassword = hashSalt + sitesHash(hashSalt, usersPassword)
, assuming sitesHash
is a strong hashing algorithm.
Your scheme looks something like hashedPassword = hashSalt + sitesHash(hashSalt, usesHash(usersPassword, siteDomain))
, effectively usesHash(usersPassword, siteDomain)
replaces the usersPassword
in the old equation. This looks like your sending a unique password to each site, but potentially you aren’t!
Lets assume in the future a scheme like yours became very popular, maybe baked into Chrome, the result would be that some one that compromised a site and got the sites database of hashed passwords would know that for some set of user passwords they are run though that extra step. An attack on those passwords looks something like this:
- make a guess at a password
1.1. also computeusesHash(usersPassword, siteDomain)
as the hashed guess. - for all uncracked passwords compute
hashSalt + sitesHash(hashSalt, passwordGuess)
and check if it matches the stored password. If it is a match we know it is valid for this site and we think it may be valid for other sites.
2.1. also for all uncracked passwords computehashSalt + sitesHash(hashSalt, hashedGuess)
and check if it matches the stored password. If it is a match we know it is valid for this site and we also know it is almost certainly valid on other sites! - if there are still uncracked passwords go back to 1.
So the balance is this, does the cost of hashing the guess and an extra hash per salt off set the idea that you have picked a much simpler password that will be guessed much sooner? Add to that since a correct guess will expose you master password and that the weaker the sites hashing algorithm (possibly plain text!) the more likely you are to have your passwords for all sites exposed.
In the end if this is baked into client software and many people are using the same deterministic system that is still vulnerable to guessing based on human behavior then it will become the primary target of attackers.
tl;dr
As long as we are passing a secret to sites to log in that is derived from human input the only real security factor is the guess-ability of that input. Any deterministic steps we add between that can impact, for better or worse, how long it takes to verify a guess, but it won’t ever stop attackers from making guesses. The only real defense is to remove the human input (randomly generated passwords) or make the human input hard enough to guess that it won’t be guessed in a reasonable time.