Hacker News new | ask | show | jobs
by gfxmonk 4539 days ago
Have you seen SuperGenPass? It's much the same concept, and has been around for years (including browser extensions, etc).

http://supergenpass.com/

For the justifiably paranoid, a web service is not going to cut it (lack of https is just the start - relying on any web service is a _lot_ of trust to put in such an Important Thing). Even if you are as trustworthy as I'd hope, it's foolish to even allow the possibility of you (or your service) being compromised to affect the safety of my passwords.

Personally, I use a command-line implementation of SuperGenPass that a friend of mine wrote (and I host at github:gfxmonk/supergenpass). It avoids all sorts of spoofing / browser vulnerabilities, and is reasonably convenient with something like Guake.

I'm not trying to diss the concept at all - I love this kind of thing, and honestly can't understand why it isn't more widely used / encouraged. But It's worth pointing out what already exists in the space.
2 comments
nicwolff 4539 days ago
SuperGenPass credits me as the originator of the idea, my page is still up at http://angel.net/~nic/passwd.html.

NullPass isn't a Web service, it's a one-page Javascript app like mine and SuperGenPass. But it loads a bunch of libraries, so it can't as easily be copied for safe offline or local use.

link
adammacleod 4539 days ago
Neat! Yours looks very nice.

I never realised there were so many implementations of this floating around. It might be a neat idea to inline/reduce the libraries I used to more easily distribute for offline. Although I have to say that I don't feel this is any less safe because it can't run locally :)

Thanks for your input :)

link
adammacleod 4539 days ago
Oh cool, I did some quick googling but hadn't come across supergenpass. I will have a better look at their implementation.

Thanks!

link