0
I made an app (for iPhone & iPod Touch) called "BYOSalt" (as in, "Bring Your Own Salt
). If there is interest, I can port it to OS X, Windows, BlackBerry, etc. without much difficulty.Basically, you enter the site's URL, your username, email address, and password. Then, you click "Generate Code." It calculates the hash (using bCrypt), and implements a salt. You end up with a long alphanumeric string, from which you can choose the length of your password.
In theory, say I (or someone) ported it to Windows/OS X/etc, you'd have no need to shorten the password at all. So while it omits symbols from the password, it does provide a password long enough that brute-forcing is unlikely.
The main advantage to this app is that, even if your password is stored in plaintext by the site, the underlying password is protected (so if you DO use the same master password across multiple sites, if one site is breached, you don't have to worry about the other sites as the URL is part of the plaintext before it is hashed -- it acts as part of the per-site salt... meaning your actual password is never exposed).
I just put it together today. If I'm on to something, or if there is interest, I'll improve it and add features. If it's a stupid idea, I'll just trash the project as I don't have much investment in it at this point.
Let me know what you all think
P.S. I'm not much of a UI designer... So, forgive the ugliness
