HashPass – A Stateless Password Manager.

HashPass – A Stateless Password Manager.

As a learning experiment, I recently created a stateless password manager in PHP.

Using the same input of full name, website & master password, HashPass will always return the same secure password. This means you only need to remember your master password to use secure passwords everywhere. You also do not need to store passwords anywhere, ever!

Simply access HashPass whenever you need to recalculate a password.

HashPass uses PBKDF2 with 200,000 iterations for the derivation, hashed with SHA-512, and finally passed through base85. Depending on the master password, generated passwords are between 100 — 128bit entropy.

You can clone and host locally, upload and run it from your own remote server, or you can use the online version.

You can use the online version, or clone and host your own copy. All code is available on GitHub.


About the Author

Designer. Developer. Hacker. OSCP trainee. Reviewer @Envato. Interested in InfoSec, CyberSec and Privacy.