[j_lagof]

I agree. What I said is that I do something similar to it, not exactly the same.. I have a little shell script that I run:

./pass-site.sh http://facebook.com

" #!/bin/sh

SITE=$1 stty -echo read UPASS stty echo PASS=`sha1 "$SITE $UPASS"` echo "PASS: $PASS" "

[snprbob86]

I think that is equally insecure. Won't the backticks run that command line with $UPASS exposed as plain text in the process metadata?