The password manager that does not save your passwords.
rehash is a password manager that generates your passwords on the fly based on your master password, the site you're saving the password for and your username.
This allows you to generate a seemingly random password for every site, while also being able to access that same password from other devices without having to upload it into the cloud.
rehash is based on PwdHash, an approach to eliminate password reuse that was published at Stanford University. It extends on this approach and packages it in a beautiful, modern web application.
Your password is generated using a cryptographic hash function, a one-way mapping from any input data to a unique identifier of that data.
Here are some examples:
| Password | Site | Username | Generated Password |
|---|---|---|---|
| hunter2 | www.google.com | jondoe@gmail.com | h5cTlQyD0lyC42l2A6im6evdb4PAlTNS |
| hunter2 | www.google.com | janedoe2@gmail.com | Dzy7WnDSccyfYlQ1D5zZa3ug+2T/6q/L |
| hunter2 | www.github.com | jondoe@gmail.com | fnKBaQWSKiogGfyq4IzramxB8bgxY/B/ |
| correct-horse-battery-staple | www.github.com | jondoe@gmail.com | d29xR+GYDQFLswzxDyjYI/ZVZ/ws9wqj |
It is ensured that there is no computationally feasible way to get from the output (generated password) of the hash function to the input (password, site and username).
rehash uses the Argon2id function to generate the hash.
A cloud password manager is the way to go for most intents and purposes. I highly recommend Bitwarden.
The major drawbacks of rehash are:
- Changing the master password changes all your passwords.
- Changing a single password is difficult (password generations exist, but have to be remembered)
- It is not as secure as a password manager with truly randomly generated passwords.
rehash tries to fit the niche of people who:
- Do not want their passwords stored in the cloud
- Yet use many different devices, so using a traditional offline password manager like KeePass is unviable