HashPass – A Stateless Password Manager

As a learning experiment, I recently created a stateless password manager in PHP.

Using the same input of full name, website & master password, HashPass will always return the same secure password. This means you only need to remember your master password to use secure passwords everywhere. You also do not need to store passwords anywhere, ever!

Simply access HashPass whenever you need to recalculate your password.

HashPass uses PBKDF2 with 200,000 iterations for the derivation, hashed with SHA-512, and finally passed through base85. Depending on the master password, generated passwords are between 100 — 128bit entropy.

You can clone and host locally, upload and run it from your own remote server, or you can use the online version.

You can use the online version, or clone and host your own copy. All code is available on GitHub.



About Me

Designer. Developer. Hacker. Senior Reviewer / Content Specialist @envato