It is recommended to use different passwords for different accounts. However it is difficult to remember complex password for each website.
This is a chrome extension which generates a hash from your common password and a random/chosen 4 digit number (salt). The generated hash can be used as password for different websites. It is recommended to keep different salt for different sites (You only need to memorize 4 or less digit number).
To crack the password an attacker needs to know 4 things.
- Common Password
- Salt
- Hashing algorithm
- Salting Method
Let's say the common password is attacked by an attacker using dictionary attacks and tries to find salt with brute-force. Each dictionary password will be checked against 9000 salts. Which will make it difficult to crack. Apart from this the attacker will have to know the salting method. Identifying the hashing algorithm is simple though. As the salting and hashing is done on server, attacker has to get access to the server to know the exact hashing algorithm or the salting method. He can also use the extension to get hash value, so he doesn't need to know the hashing algorithm and salting method, but this is infeasible as he has to send requests on server which will slow down the checking process. Also as an advanced security feature, multiple requests from same IP can be blocked on server.
Download the code and store it in a folder.
- Visit chrome://extensions (via omnibox or menu -> More Tools -> Extensions).
- Enable Developer mode by ticking the checkbox in the upper-right corner.
- Click on the "Load unpacked extension..." button.
- Select the folder containing the code.
The extension will be added to you chrome browser. Click on extension.
You will have two input one for you common password and one for salt.
You can choose salt randomly by clicking "Get a Random Salt!"
Finally click on "Get Hash!" and profit!