AnyHash

A secure password solution for the modern, yet insecure (sic!) world.

Configuration


Site options


Password length


Password stretching iterations

Why should I use AnyHash?

Problem

As you might have noticed, many web sites have recently been attacked and many passwords leaked. As soon as that happened, many bad guys tried to use those passwords on other sites to gain access to user accounts. Though we all know, that we should have a separate password for each account, it is hard to impossible to achieve this in practice. Human brains have not evolved to remember randomly generated / meaningless strings.

Other solutions

Of course, there are existing technical solutions, like file or cloud based password stores. Those encrypt the passwords you use with a master key. However, you always have to have the file with you, or, in case of cloud based systems, have to trust another instance.

AnyHash goes a different way:

  • There is no need to save passwords in any way.
  • A password can always be generated from you master password and the site you need it for.
  • As a result, there is no password store, that could fall into the wrong hands or you have to carry with you.
  • The resulting passwords have a high strength, even if your master-password is weak.
  • It is easy and convenient; extensions for browsers and mobile apps may follow to further improve this point.
  • It runs in any browser, which supports JavaScript.

Security note

It is not recommended to use AnyHash for critical sites (e.g. banking, e-mail, webshops with saved bank accounts), as you could loose your master password due to malware running in your browser or on your operating system. For an attacker it is now possible to calculate all your other passwords. However, this can be mitigated by not using the real name of the site, but an easy to remember word or better sentence as site name / token.

How it works

AnyHash combines your master password with the site you need the password for. Based on the combination result, a new password is calculated.

All this is done locally in your browser. So there is no risk that your master password is sniffed from the network. The crypto is done by a quality third-party module (SJCL).

How AnyHash works

About

AnyHash, a password derivation tool.

© Christian Goehl 2012 <christian.goehl@gmx.net>

Licenses:

Disclaimer

All registred trademarks are property of their respective owners.