Password Hasher Firefox Extension


Well seen as though we were talking about breaking passwords, here’s a tool for Firefox to help you manage your more secure passwords.

Better security without bursting your brain

Password Hasher is a Firefox security extension for generating site-specific strong passwords from one (or a few) master key(s).

What good security practice demands:

      Strong passwords that are hard to guess.
      Different passwords at each site.
      Periodically changing existing passwords.

Why you probably aren’t practicing good security:

      Strong passwords are difficult to remember.
      Juggling a multitude of passwords is a pain.
      Updating passwords compounds the memorization problem.

How Password Hasher helps:


  • Strong passwords are automatically generated.
  • The same master key produces different passwords at many sites.
  • You can quickly upgrade passwords by “bumping” the site tag.
  • You can upgrade the master key without updating all sites at once.
  • It supports different length passwords.
  • It supports special requirements, such as digit and punctuation characters.
  • All data is saved to the browser’s secure password database.

You can download Password Hasher here:

passhash-1.0.5.xpi

Or read more here.

Posted in: Countermeasures, Security Software

, , , ,


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


14 Responses to Password Hasher Firefox Extension

  1. opserver February 15, 2008 at 8:30 am #

    Never TRUST any Firefox tool bar Extension like the Megaupload one that messed up all your Bookmarks and browsing. So what good is this Password Hasher trying to do?

  2. James C February 15, 2008 at 8:41 am #

    I use Password Safe originally written by Bruce Schneier (famous for the blowfish and twofish ciphers) http://passwordsafe.sourceforge.net/

  3. Darknet February 15, 2008 at 9:31 am #

    The point of this is, most people use the same password for a lot of different sites.

    This extension means you can use the same password or keyphrase, but still have a unique password for each site.

    That means if any of the sites you use get compromised or any of your individual passwords get compromised the rest of the sites are safe, and the original password is still safe as you can’t reverse the hash.

    Tools like password safe are better for password management in a traditional sense, this add-on is for making surfing specifically more secure.

  4. David F February 15, 2008 at 1:16 pm #

    Disagree that Password Safe is not suitable for surfing. I have ~60 passwords in mine, and 45 of them at least are for web-based facilities.

    The problem with Firefox’s password storage is that itself, it is insecure. Password Safe takes measures to scrub its own tracks after operating.

  5. Antoine February 15, 2008 at 1:18 pm #

    But what append if you connect from another computer, without the extension ?

  6. Darknet February 15, 2008 at 1:52 pm #

    David F: Password safe still relies on you choosing the passwords though, rather than creating more secure passwords through auto-generation. I haven’t tried PS since an early version, how’s the Autotype feature? Does it work well for web forms?

    Antoine: The same issue exists with Password Safe or any password management solution. With software though at least you can carry it on a USB drive. But then you can do the same with Portable Firefox.

  7. David F February 15, 2008 at 2:05 pm #

    Not so, I autogenerate 15-character passwords routinely. The only password I cannot autogenerate is the safe key itself. For that I use abstruse sentences and take initial letters of their words.

    Autotype works on most sites. A few seem to be engineered to defeat it. I have yet to encounter a site where BOTH autotype AND paste-from-clipboard are not allowed.

  8. KaBaL February 15, 2008 at 10:25 pm #

    This offers a “Portable Page” option for moving around. Taken from the tool directly:

    The Portable Page

    You can generate a Portable Page to load and run in any browser when this extension is unavailable. It is similar to the online tool, but also knows your site tags and per-site option settings.

    When you select one of your site tags in the drop-down list at the top it applies the appropriate options. The site tags and options known to the page represent a snapshot of what had been saved by the Password Hasher extension prior to generating the page. It serves as a useful of backup for your site tags and options. For security, the master key(s) are never saved in the page.

    Make copies of the generated file to place on USB keys, servers, and other systems. You’ll be able to log in from anywhere, whether or not the Password Hasher is installed, and whether or not you’re running Firefox.

  9. eM3rC February 16, 2008 at 3:51 am #

    I’ll have to check this out. I feel kind of insecure considering I just use normal passwords (for the normal stuff) with the default firefox password saver.

    @Darknet
    Thanks for the post. Everyday I learn something new here :)

    @KaBaL
    Thanks for talking about the portable feature. Makes me want to use it even more.

  10. Louise February 21, 2008 at 12:52 pm #

    You are all making very good points on password security. Password hashers are pretty good at creating personalized passwords but as some of you mentioned, what to do about too many passwords, passwords that you need to access from different computers, security etc etc. Password managers offer:

    *a safe place to store your passwords

    *strong password generators (an alternative to password hashers)

    *AND a place to keep your accounts organized

    Many may not know password managers come in two flavors: offline and online.

    Here

  11. Pantagruel February 21, 2008 at 10:25 pm #

    Thanks for the link Louise

  12. eM3rC February 22, 2008 at 2:31 am #

    Thanks Louise for the post.

    I think most people will be just fine using passwords that use the typical slew of letters, numbers and special characters. For important things like online banking, generated passwords would seem like your best bet because of the level of security they issue (just keep the password written down in a notebook or something). For people such as CEOs or other big shot people, generated passwords seems like the best overall solution because one small leak could lead to bigger more elaborate problems.

    Like some person said (if someone could tell me the source it would be much appreciated) “the safest computer is an unplugged computer”

  13. mgwalks March 12, 2008 at 4:44 am #

    i think i will try this out.

  14. Louise April 3, 2008 at 10:38 am #

    @Pantagruel and eM3rc and mgwalks

    Sorry it has taken me so long to reply but thank you guys for checking us out. Hope you like PassPack!

    Louise