[schmooser]

Still don't get it. Knowing that I use SGP gives attacker nothing. On each guess of master password attacker has to generate pass (quick, using hash) and then GO to website and try to login. And this is very slow compared to hash generation using bcrypt, SHA1 or even md5.

[Freaky]

That's assuming every website you use with one of these passwords is secure. In practice sites get hacked, fail to enforce HTTPS, databases get leaked, etc.

[Osmium]

> In practice sites get hacked, fail to enforce HTTPS, databases get leaked, etc.

Exactly. The threat here is that a single SuperGenPass-generated site-specific is leaked somehow (if you use it for a lot of sites, one of them is bound to be storing a password in plaintext, or not using https, or whatever–or, for all I know, the OP is such an important target maybe someone specifically sets up a website to capture a sample site-specific password). Then, using that site-specific password, a determined attacker might be able to recover your master password and then be able to login to all the other websites you use SuperGenPass with. That's the danger of using a 'fast' hash function to generate your site-specific password.

[schmooser]

Ok, I finally get your point, thanks for detailed explanation.