waldyrious / hash-my-pass

A bookmarklet to generate unique passwords per website, based on a single master password.
http://waldyrious.github.io/hash-my-pass/bookmarklet.min.html
Other
17 stars 4 forks source link

Improve SHA1 code #10

Closed waldyrious closed 9 years ago

waldyrious commented 10 years ago

Understand the algorithm and implement the code in a cleaner and more readable way.

small codebases to build from:

code to understand the algorithm:

waldyrious commented 10 years ago

Note that the current version, based on Nic's uses base64 encoding rather than base 16 (hex). So maybe the code can't be that simplified, but we shall see.

waldyrious commented 9 years ago

Note: the original code (b3c6bb2) is based on Nic's "1a" version (which ensures there's a lowercase letter and a number in the password). The non-1a version, besides the obvious difference, also uses a SHA1-based HMAC rather than SHA1 directly (see diff) but HMAC doesn't make sense since it's for message authentication, and in this case the message (website url + password) isn't being passed on the clear. The website domain is known, sure, but any tampering would change the hash (hence not produce the correct password), so using raw SHA1 suffices for our purposes.

waldyrious commented 9 years ago

"Fixed" in #16