pwdhash
Latest
TUAW review and giveaway: KeyGrinder for iPhone. It's PwdHash in an app
Have you ever heard of PwdHash? It's a Stanford University security project that has been implemented in a website, browser extensions, and now an iPhone app -- KeyGrinder for iPhone. This US$0.99 application is from the same people at Massively Overrated who brought you the popular Typewar game. Many of us are guilty of the same crime against computer security -- using one password across many websites. If someone manages to lift your password from one low-security website, they have a good chance of using that same password at many other sites. PwdHash uses a user-generated password, the URL of the website you're visiting, and a pseudo random function to transparently transform the user's password into a domain-specific hash of the password. If someone steals a password file from a website, they're only getting a hash for that domain -- not the user's actual password. The fact that the hash is generated for a particular domain also acts as an effective defense against phishing scams. The same function is used across platforms, so regardless of what type of operating system you're using with PwdHash, the same user password will generate the same hash. You can use the Firefox browser extension on your Mac or PC, the PwdHash.com website on any computer, or KeyGrinder on iPhone, and your generated hash will open the proverbial gates.
