Latest in App review

Image credit:

TUAW review and giveaway: KeyGrinder for iPhone. It's PwdHash in an app


Have you ever heard of PwdHash? It's a Stanford University security project that has been implemented in a website, browser extensions, and now an iPhone app -- KeyGrinder for iPhone. This US$0.99 application is from the same people at Massively Overrated who brought you the popular Typewar game.

Many of us are guilty of the same crime against computer security -- using one password across many websites. If someone manages to lift your password from one low-security website, they have a good chance of using that same password at many other sites. PwdHash uses a user-generated password, the URL of the website you're visiting, and a pseudo random function to transparently transform the user's password into a domain-specific hash of the password. If someone steals a password file from a website, they're only getting a hash for that domain -- not the user's actual password. The fact that the hash is generated for a particular domain also acts as an effective defense against phishing scams.

The same function is used across platforms, so regardless of what type of operating system you're using with PwdHash, the same user password will generate the same hash. You can use the Firefox browser extension on your Mac or PC, the website on any computer, or KeyGrinder on iPhone, and your generated hash will open the proverbial gates.

KeyGrinder isn't the most visually attractive app you'll ever see, but it doesn't need to be pretty. To generate your hash, you enter the address of the site you wish to visit and your user-generated password. Press the create button, and the hash code appears, ready for you to enter as a new password for a website. With KeyGrinder, you can enter a number of web addresses and create each of the hashes, then call them up later by using a standard picker to select a site and generate the hash with a single tap.

You can choose to have the app open a website as soon as the hash has been generated. The hash is automatically copied to the iPhone clipboard for pasting into the password field for your favorite site.

Be sure to check out the video at the end of this post to get an idea of how KeyGrinder works. Once you're done checking out the app, enter our giveaway for a chance to win one of ten copies of KeyGrinder. All you need to do is leave us a comment telling us how many keys you have on your keychain (real keychain, not your Mac OS X keychain).

The details of the giveaway are as follows:

  • Open to legal US residents of the 50 United States and the District of Columbia who are 18 and older.
  • To enter, leave a comment tell us how many keys are on your keychain.
  • The comment must be left before Friday, February 19, 2010, 11:59PM Eastern Standard Time.
  • You may enter only once.
  • Ten winners will be selected in a random drawing.
  • Prize: One promo code for a copy of KeyGrinder (Value: US$0.99)
  • Click Here for complete Official Rules.
Now here's that video:

From around the web

ear iconeye icontext filevr