In every of those cases it is highly dangerous for users, since lack of security in here can cause the new owner of their private data to crack their passwords, thus be able to steal their identity on other places of teh interwebz. Good, strong, and different passwords for any website could solve this problem, but who would be able to memorize that… That’s why I have created this little web app, called Password generator.

Application can be found on this permanent URL: password.darsain.net

What problem is this solving

The functionality is simple. You need only one master password, and the domain name of a website you want to get your new password for, and it will generate you a 64 letters long unbreakable hash, which you can use as a password (for funny webs with max password length requirements, there are 40, and 16 letters long versions). If password like this will be again hashed into random website database, it is not important if they are salting or not, hash from such password can not be broken (I reserve 10 years long expiration date for this statement :P ).

Of course, when hacker have already got the access to database, you can’t do anything about protecting your account from being hacked on this hypothetical website. But you can minimize the damage from such event. Imagine, that he would get to your password you are using on every place on the Internet. Pretty awesome situation, isn’t it? :) And exactly the damage out of the boundaries of this hypothetical website is the issue that this Password generator is solving.

How is it working

I would like to think, that the UI of this little application is self explanatory :) The background, however, is not.

That is why you should always beware such websites, as they are pretty often used for phishing. To ensure the security, the whole generation and algorithms are done in your browser by JavaScript. No data whatsoever are send to any server, or simply everywhere else except your monitor screen.

The only disadvantage is, that – from some reason – I could shut this web application down, and you will be unable to regenerate your passwords. For issue like this, as everything is done with JavaScript and HTML (+ a little bit of unimportant flash), you can just simply save the whole website to your hard drive and run it from there without any problems. Well, there is one little issue with flash player permissions when running on localhost, so Copy to clipboard button may not work, unless you’ll set this flash player setting to Always allow.

If you don’t know hot to save whole website so it will be actually working, here are the downloads for you.

Single mht file for Opera and IE

255.77KB 145x

Archive with all application files

121.28KB 148x

Update:

Guys, do not use this. This password system idea is great, convenient, but in real world highly counter-productive, even useless. The security of websites on the internets is so bad, that they will simply not let you to have secure passwords like this. Almost every website out there have some restrictions, like having short passwords (max 16~ chars long), consisting only from alphanumeric characters, etcetera… From everywhere I’ve tried this, the only place where it worked was Google!

The best thing to do right now, is not to have any account anywhere at all… if a website is forcing you to register to download or view something they are offering for free, than just flip the finger, and either close the tab, register with some one time account, or in case of Firefox users -> download the spectacular BugMeNot plugin.