[j_lagof]

I still prefer schemes without any kind of software for my passwords... Something like that:

http://blog.sucuri.net/2009/10/password-security-without-pas...

A javascript app for that would be good, btw :)

[snprbob86]

  echo “qwerty http://www.facebook.com” | md5

That will appear in plain text in your terminal history file. And, if you are on a multi-user machine, even non-privileged users will be able to see your command line.

You should never put any password or private key on a command line (any command line, not just in your terminal). Instead, use the unix-standard getpass function or it's equivalent in your language/library of choice.

[j_lagof]

I agree. What I said is that I do something similar to it, not exactly the same.. I have a little shell script that I run:

./pass-site.sh http://facebook.com

" #!/bin/sh

SITE=$1 stty -echo read UPASS stty echo PASS=`sha1 "$SITE $UPASS"` echo "PASS: $PASS" "

[snprbob86]

I think that is equally insecure. Won't the backticks run that command line with $UPASS exposed as plain text in the process metadata?

[Vitaly]

you can just run md5 alone and pass the "qwerty http://www.facebook.com<Enter><Ctrl-D> at its stdin. And its less to type too (Thats Ctrl-D at the end is to signal end of stream)