ali001's comments

ali001 | 15 years ago | on: Write your passwords down

Actually, that's not true. Look at the encoding section of the PwdHash USENIX paper. PwdHash returns an ASCII representation (not a hex or base64 encoded string) of the hashed domain name + master password. PwdHash also applies a number of constraints to the returned hash to ensure that the special characters that it does use are legal at most websites.

A typical PwdHash password, with domain name google.com and master password "LetMeIn+123456?" looks like this:

6+LYoE/C0wP8dGPoO

Try it yourself at the pwdhash website.

ali001 | 15 years ago | on: Write your passwords down

I think that a better solution is to use pwdhash. Check it out here:

http://pwdhash.com

It's a browser extension for Chrome and for Firefox that seamlessly hashes the concatenation of your master password and the domain name of the site you're logging into. This produces a different password for each site, and requires you to remember only your master password.

The extensions were created by Blake Ross (big name in the firefox community), as well as Collin Jackson and Dan Boneh who are highly regarded security experts at Stanford.

Also, if you're interested, I've created a command line utility for Mac OS X that exposes the same functionality: https://github.com/ali01/pwdhash.py