
Show HN: Dead simple no storage password manager - sepisoad
https://github.com/sepisoad/passmass
======
mcpherrinm
This appears to be using the passphrase as an hmac key directly, with the
URL.hostname as the value.

Unless the user memorizes a proper randomly generated key, this is going to be
brute-forcable based on a single website’s generated password, which would
then allow all other websites to be accessed.

Also, if a website ever changes its domain name, you’re going to have trouble.

This appears to be a weekend project, and I don’t want to be overly negative,
but do not use this as-is. This is more than dead-simple: this is deadly
simple.

