views:

48

answers:

1

Just found this website: hashpass.com and here is the JS implementation which they use to encrypt the key-value pair: http://hashapass.com/sha1.js

So, can there be a "simple" and obvious alternative to this?

Thanks

A: 

I'm not sure how secure this is. For one thing, the output is a short Base64 string. Due to its length and restricted character set, it should be easier to brute-force than a regular password that avoids the common and dictionary values while combining alpha, numeric and other.

Steven Sudit
It looks to me like straight SHA-1 and HMAC-SHA1 with base64 encoding. I'm not much of a javascript programmer; can you explain where the "short" part comes in?
GregS
If you go to the top page of the site, it lets you enter a master password and a parameter. After I typed two long values, it spat out: QQl04Flu
Steven Sudit