Hashapass/Hashapass web

<x id="START_PARAGRAPH" /><x id="START_SPAN" />Caution!<x id="END_SPAN" /> Most systems will keep a history of recently-typed commands. You probably do not want to use the above template directly, but rather inside of a shell script that will prompt you for your master password.<x id="END_PARAGRAPH" /><x id="START_PARAGRAPH" />Simon Elmir contributed just such a script:<x id="END_PARAGRAPH" />

<x id="START_PARAGRAPH" />You don’t have to store your generated passwords anywhere: just remember the master password and the parameter, and type them here.<x id="END_PARAGRAPH" /><x id="START_PARAGRAPH" />If you want to access your generated passwords even when you're not connected to the Internet, or in the rare event when this website isn't available, you can install the <x id="START_LINK_1" />bookmarklet for Firefox and Chrome<x id="END_LINK" />, the <x id="START_LINK_2" />widget for Mac OS X<x id="END_LINK" /> or the <x id="START_LINK_3" />gadget for Windows<x id="END_LINK" />; you can also <x id="START_LINK_4" />download the app for Android phones<x id="END_LINK" />.  They are compatible with this website (the same combination of master password and parameter will produce the same generated password).<x id="END_PARAGRAPH" />

Stay informed about Hashapass!

<x id="START_DIV" /><x id="IMAGE_1" /><x id="END_DIV" /><x id="START_H2" />Gadget for Windows Vista Sidebar<x id="END_H2" /><x id="START_PARAGRAPH_1" />Get easy, safe offline access to Hashapass directly on your Windows Vista desktop by downloading our Gadget for Windows Vista Sidebar!<x id="END_PARAGRAPH" /><x id="START_PARAGRAPH_2" /><x id="START_LINK" /><x id="IMAGE_2" /><x id="END_LINK" /><x id="BREAK" /><x id="START_LINK" />Download<x id="END_LINK" /><x id="BREAK" /><x id="BREAK" /><x id="BREAK" /><x id="START_SPAN" />Microsoft Windows Vista or later is required.<x id="END_SPAN" /><x id="END_PARAGRAPH" />

<x id="START_H2" />About Hashapass<x id="END_H2" /><x id="START_PARAGRAPH" />Hashapass is a password generator which uses a mathematic formula to create new passwords based on a "master" password and a parameter.<x id="END_PARAGRAPH" /><x id="START_PARAGRAPH" />The formula is calculated in the safety of your web browser, without any information being transmitted over the Internet.<x id="END_PARAGRAPH" /><x id="START_PARAGRAPH" />The generated password is computed as the first 8 characters of the Base64 encoding of HMAC-SHA1(master password, parameter).  HMAC-SHA1 is defined on byte arrays, so only the lowest-significant byte of the Unicode code point for each character of the master password and parameter is used in the calculation of the HMAC-SHA1.<x id="END_PARAGRAPH" /><x id="START_PARAGRAPH" />There's no secret to this formula: <x id="START_LINK_1" />SHA1<x id="END_LINK" />, <x id="START_LINK_2" />HMAC<x id="END_LINK" /> and <x id="START_LINK_3" />Base64<x id="END_LINK" /> are all well-known algorithms, which guarantees that other people can implement products that are compatible with Hashapass.<x id="END_PARAGRAPH" />

Windows gadget

command line

 Master password 

 Parameter 

mobile web

Android

<x id="START_H2" />Hashapass on the command line<x id="END_H2" /><x id="START_PARAGRAPH" />Hashapass passwords can easily be generated on almost any modern Unix-like system using the following command line pattern:<x id="END_PARAGRAPH" />

Gadget for Windows

<x id="START_PARAGRAPH" />If you're like most people, you reuse the same password in many different places.<x id="END_PARAGRAPH" /><x id="START_PARAGRAPH" />Unfortunately evil people know that.  Once hackers break into just one insecure website, they steal passwords, and (knowing that most people reuse their passwords) they use it to log in other places. When they get in to all your accounts, it gets ugly.<x id="END_PARAGRAPH" /><x id="START_PARAGRAPH" />But who can really remember a different password for every website? That's where hashapass comes in.<x id="END_PARAGRAPH" /><x id="START_PARAGRAPH" />Hashapass lets you remember just one password, and use it to generate a different password for every website or service.<x id="END_PARAGRAPH" />

<x id="START_H2" />Bookmarklet for Firefox and Chrome<x id="END_H2" /><x id="START_PARAGRAPH" />Drag this bookmarklet to your bookmarks bar:

<x id="START_PARAGRAPH" />First, choose a "master password". Make it hard to guess.  It could be a password that you already use, or a new one -- or even a long pass phrase -- but do make sure that you remember it.<x id="END_PARAGRAPH" /><x id="START_PARAGRAPH" />To generate new passwords, choose an easy-to-remember parameter, like the name of the website that you're creating a password for. Hashapass will then generate a password based on your master password and the parameter. <x id="START_EMPHASIS" />The passwords are never transmitted to our server<x id="END_EMPHASIS" />.<x id="END_PARAGRAPH" /><x id="START_PARAGRAPH" />When you need that password again, just enter the same master password and parameter. The generated password will be the same every time. Given the same master password and parameter, Hashapass will <x id="START_EMPHASIS" />always give you the same result<x id="END_EMPHASIS" />.<x id="END_PARAGRAPH" />

Why use Hashapass?

Widget for Apple Dashboard

<x id="START_PARAGRAPH" /><x id="START_EMPHASIS" />Don't see a bookmarks bar?<x id="END_EMPHASIS" /> On Chrome, go to the settings menu, then "Bookmarks", then "Show bookmarks bar". On Firefox, go to the View menu, then "Toolbars", then "Bookmarks toolbar".<x id="END_PARAGRAPH" /><x id="START_PARAGRAPH" /><x id="START_EMPHASIS" />How to use it:<x id="END_EMPHASIS" /> when you are on a website that asks for your password, click on the Hashapass bookmark. It will pop open a little window next to the password field, where you can type in your master password and parameter.  Once you've filled it out, click "Hashapass" or press Enter, and your password will automatically be filled in.<x id="END_PARAGRAPH" />

password generator