[D-Nice]

Vaults, self-hosting, all these needless complications imo for what should be simple. Just give me a secure deterministic password from a website address + master pass combo.

That's exactly what my project, https://app.srspass.com aims to do.

Even though I have a super redundant NAS setup, I'd really hate to depend on a vault and have it all disappear due to some disaster. With SrsPass, I just remember one password, have a recovery/backup phrase written somewhere that it gives me which adds 128-bit of entropy to each generated password and boom, that's my password manager. Stateless, deterministic, and by using argon2id, PHC winner, on the client side it is doing what most password backends should be, but often aren't doing, which is strong memory-hard password hashing.

[kdmdndnsk]

I'm sorry, maybe I'm just dense, but how can the output of your generator be deterministic if you add entropy?

Further, if it's deterministic, how is this different from just running your password through a hashing algorithm and then using the hash as your password? The only extra information an attacker has to figure out is what hashing algorithm you used and he can generate all of your passwords from your memorized one.

Right? That or I don't understand what you are describing.

[mormegil]

I think there should be (and probably already is) an FAQ page explaining why a "stateless password manager" is not a great idea for a common user. I guess the answers to this SE question might be a good start: https://security.stackexchange.com/q/214301/2530