-
Notifications
You must be signed in to change notification settings - Fork 8
/
index.html
105 lines (89 loc) · 5.07 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<!DOCTYPE html>
<html manifest="manifest.appcache">
<head>
<title>Password Generator</title>
<meta name="viewport" content="width=device-width">
<script src="js/analytics.js" type="text/javascript"></script>
<link rel="stylesheet" href="css/main.css">
<link rel="stylesheet" href="css/web.css">
<link rel="stylesheet" media="(min-width: 400px)" href="css/wide.css">
<link rel="stylesheet" media="(max-width: 400px)" href="css/narrow.css">
</head>
<body class="web">
<div id="content">
<h1>Password Generator</h1>
<div class="menu">
<span class="menuitem">About</span>
<a href="generate.html">Generate</a>
<a href="options.html">Settings</a>
</div>
<a href="https://chrome.google.com/webstore/detail/password-generator/klfojgipmkdgfmikjfdhhkjlfeboaoij"><img src="images/ChromeWebStore_BadgeWBorder_v2_206x58.png" class="webstore"></a>
<p>This service generates unique passwords for each website you use,
based on website domain and one master password. It is available
<a href="generate.html">online</a> and as a
<a href="https://chrome.google.com/webstore/detail/password-generator/klfojgipmkdgfmikjfdhhkjlfeboaoij">Chrome extension</a>.</p>
<p>Many people use the same one or two passwords for every website and
service. This is not very secure, since when just one of those websites is
hacked, or turns evil, or is pressured by KGB, you lose your password for
all other services as well. One solution is to use a password manager, that
stores all the passwords. But what to do if you switch the computer? Either
you have to manually copy the passwords, or store the passwords online (see
above).</p>
<p>Another solution is to generate passwords for each website according to
simple rules, based on one master password (<i>that rules them all</i>) and
the website domain. One required condition is for these rules not to be
reversible, so that website couldn't guess the master password from their
domain-specific passwords. This is how it works:</p>
<img src="images/diagram.svg" id="about-diagram">
<p>The idea of generating passwords by such algorithm is taken from
<a href="http://www.passwordmaker.org/">PasswordMaker</a>, and passwords,
generated by Password Generator are mostly compatible with ones from
PasswordMaker. One difference is that this implementation is created to be
as simple to use as possible, and for that reason it intentionally excludes
some of the more advanced settings of PasswordMaker.</p>
<p>Password Generator is open source. Here is its
<a href="https://github.com/eterevsky/passwordgen">repository on GitHub</a></p>
<h2>Features</h2>
<ul>
<li>SHA256, SHA1 and MD5 can be used as hash function.</li>
<li>There is an option to make sure the password contains at least one
symbol of each type (upper/lower case letters, digits, punctuation).</li>
<li>Several profiles can be created with different settings and master
passwords.</li>
<li>Master password can be stored in memory, permanently (not
recommended), or not at all.</li>
<li>In Chrome extension version the settings (but not master password) are
synchronized across Chrome instances.</li>
<li>Online version does not store any data on the server. As a matter of
fact it is hosted on <a href="http://pages.github.com/">GitHub Pages</a>,
that allow only static content.</li>
<li>Remember profile used for each domain.</li>
</ul>
<h2>Frequently Asked Questions</h2>
<dl>
<dt>Why should I trust this service? Can't my passwords be silently sent
to some evil organization?</dt>
<dd>The website and extension are open source. No code is obfuscated.
Also, the Chrome Extension version does not actually has
<a href="https://github.com/eterevsky/passwordgen/blob/gh-pages/manifest.json">permissions</a>
to access any server.</dd>
<dt>Is there an Android/iOS version?</dt>
<dd>Currently no. But the online version is optimized to work well in
mobile browsers.</dd>
<dt>What to do if my password for one websites was compromised?</dt>
<dd>If your password for <kbd>example.com</kbd> was compromised, in future
use <kbd>example.com1</kbd> to generate password for this website. The
Chrome extension version will remember this substitution and will
automatically use this new string instead of the domain.</dd>
<dt>Wouldn't using <a href="http://en.wikipedia.org/wiki/Hash-based_message_authentication_code">HMAC</a>
to generate passwords be more secure?</dt>
<dd>In most cases using HMAC will not make much difference for generating
passwords. Still, HMAC will be implemented in Password Generator soon.</dd>
<dt>Where to send bug reports and feature requests?</dt>
<dd>If you have a GitHub account, please create an issue
<a href="https://github.com/eterevsky/passwordgen">on GitHub</a>. You can
also send me an email: <a href="mailto:oleg@eterevsky.com">oleg@eterevsky.com</a>.</dd>
</dl>
</div>
</body>
</html>