AnyHash

TL;DR: I created a password storage, which does not need files or web servers. You may try it here or look at the code on GitHub.

Passwords leak all the time, as some providers store passwords in an insecure way. One should have a separate password for each service, but this can turn out quite complicated. Either you have to remember ten passwords, invent some kind of schema to mix-in service names into your master password or use a password storage. I did not like the first two approaches, as I - especially as a coder - prefer to have technical solutions for technical problems.

There are many solutions for password storages available, being either server / cloud or file based. Both have their drawbacks. The first centralizes the problem into one instance you have to trust. The second requires you to sync the encrypted password file between devices and a tool is needed to read the file.

While I read about the right way to store passwords, another approach came to my mind. Passwords should be stored hashed and salted. Not all sites implement this, so why not just do it on client side?

I was looking for an installation-free solution, so a website would be ideal, if I could do the hashing and salting in javascript on the client side. I could just do something like:

effective_password = hash( master_password + website_host )

We could use the website host as salt of a password-based key derivation algorithm. The resulting base64-encoded key could be used as password on any site and should be quite secure. I did not find any similar solution at that time. So, I did a prototypical implementation. However, I did not advertise it in any way.

Recently, I discovered js-scrypt, an emscripten compiled version of the scrypt key derivation function, while i was also playing around with AngularJS and PhoneGap.

After 4 hours of hacking, I am happy to present the new version of AnyHash, which is also available as an android app (not in store). If you like to look at the source code, check out the GitHup repo