|
|
|
What for ? |
|
Most people have several service registrations (Gmail, del.icio.us etc.), each of which requires username and p/w.
Usually people use all of these services with the same username & p/w. It takes only one webmaster or any other person to get hold of that p/w and through it take over your entire internet identity.
phash lets you generate various p/w by typing your base p/w (can be that one p/w you've typed in anywhere until now) and then by typing service name (gmail etc.), a new p/w is generated. This ensures you'll have a different p/w for each service, a p/w that is easily generated from your base p/w.
All password calculations are done client-side. That means that no p/w information is transmitted through the internet. This can be verified by using a packet sniffer such as Etherreal.
phash uses SHA256 to generate your p/w. This ensures that no one can reverse engineer your generated p/w to the original service name and base p/w.In case you use cookie support phash uses AES to encrypt your base p/w and store it on the computer. This ensures no one can reveal your base p/w.
After generation, your password is stored in the clipboard (on IE) for a specified amount of time (10sec), afterwhich, the password is automatically cleared from the clipboard.
|
©2007 Dov Sheinker
|