Reputation: 11
SHA-256 password generator
i saw a javascript implementation of sha-256. i waana ask if it is safe (pros/cons wathever) to use sha-256 (using javascript implementation or maybe python standard modules) alogrithm as a password generator:
i remember one password, put it in followed(etc) by the website address and use the generated text as the password for that website. repeat process every time i need password same for other websites
Upvotes: 1
Views: 1646
Answers (2)
Reputation: 262814
I think you are describing the approach used by SuperGenPass:
Take a master password (same for every site), concatenate it with the site's domain name, and then hash the thing.
Yes, SHA-256 would be secure for that, likely more secure than when SuperGenPass uses. However, you will end up with very long passwords, too long for many sites to accept, and also not guaranteed to contain numbers and letters and special characters at the same time, which some sites require.
Also, the general problem remains that if somehow (not by breaking the algorithm, but by other means) your master password does get leaked, all your passwords are belong to us.
Completely random passwords are most secure (if we ignore the problem of storing them securely somewhere).
Upvotes: 1
Reputation: 799310
SHA-256 generates very long strings. You're better off using random.choice() with a string a fixed number of times.
Upvotes: 0
Related Questions
- sha-256 hashing in python
- How to create Base64 encode SHA256 string in Javascript?
- SHA-256 implementation in Python
- Equivalent JavaScript code to generate SHA256 hash
- How to create SHA256 hash from byte array in JavaScript?
- How do I make the same SHA256 encoded string in Javascript that I do in Python 3?
- What's wrong in this SHA-256 Javascript code?
- Hash sha1 in Python and JavaScript
- How to do a basic sha256 encryption that matches the results on (website in description)
- Generating SHA-256 hash in Python 2.4 using M2Crypto