Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I am working on a replacement for password managers. Type a password, then [Ctrl] + double click the field to hash it. Even if the database is compromised, an attacker is unlikely to assume your plaintext password is a base64 hash. http://deckar01.github.io/SHA512JS/


Personally, I suspect the Right Way to do this is for W3C to standardize a special input field something like:

    <input type="passhash"/>
which looks like a normal password entry field but automatically does some clever hashing on the client to create a per-site password.

Of course, you can still get keylogged if you use a public computer or whatever.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: