. Bitcoin Apps Net . Smart

Board . Games . Pony

Scrypt Password Generator (Like 1Password) . FAQ . Apps . Bitcoin Utils


Service provided with No Warranty Terms of Service. Open source code for this Password Hasher and Bitcoin tools available http://ba.net/bitcoin/src


Scrypt Password Hasher BA.net creates secure passwords by running a SCRYPT hash of a general parameter (Gmail, Yahoo!, etc) and a "master password" provided by the user. This generates passwords that are safe from dictionary-based attacks.

App works client-side, so no information is transferred to any server. You can use it in multiple devices without syncing and you have to remember only one password.

Your Master Password is protected against brute force attacks by the Script Hashing Function.


Why use SPH Most people use the same password at every Web site. This is convenient, but also risky. If just one of the accounts got hacked, someone could gain access to all of your accounts across the Web.

Enter SPH. It works right from your Web browser and Apps for Mac, iPhone and iPad. You remember one password (your "master password"), and SPH uses it to generate unique, complex passwords for the Web sites you visit. Your generated passwords are never stored or transmitted, so you can use SPH on as many computers as you like without having to "sync" anything.


How does SPH work ? SPH uses your master password and the domain name of the Web site you are visiting as the "seed" for a one-way hash algorithm (base-64 SCRYPT). The output of this algorithm is your generated password. If either your master password or the domain name of the Web site changes, even by one character, the generated password will be drastically different.


Is SPH safe ? No one should ever consider their online activity safe. SPH provides security benefits but, like any software, it should never be considered invulnerable. More than any other factor, a weak master password will endanger a user, so be sure to choose a strong master password, and change it regularly.


Will I need to change all of my passwords ? Yes, you will need to change the passwords for your existing Web site accounts to match what SPH generates. It is worth it.


How complex are the generated passwords? In order to resist dictionary attacks while retaining compatibility with most Web site password requirements, all passwords generated by SPH:

  • Consist of Latin alphanumerics (A-Z, a-z, 0-9)
  • Always contain at least one lowercase letter of the Latin alphabet
  • Always contain at least one uppercase letter of the Latin alphabet
  • Always contain at least one numeral
  • Can be any length from 8 to 22 characters (default: 10)


    Site X has different password requirements! SPH is designed to comply with the password requirements of the vast majority of Web sites. However, there will always be a small number of exceptions.

    To get around this problem, some SPH users memorize a short suffix to append to their generated passwords that satisfies extra requirements. For example, if Site X requires your password to contain three numerals and at least one character from !@#$%^&*()-+, you could manually append 67% to your generated password before logging in.


    Site Y requires me to change my password every month! This is actually a great use for SuperGenPass. Most sites like this compare your new password to your previous passwords, so using a counter (e.g., password1, password2) will not work. But with SuperGenPass, using a counter suffix with your master password works beautifully to generate drastically different passwords that will pass any comparison test.


    Do I have to type my master password every time I use SPH? Yes! Entering your master password each time is the only way to take full advantage of the security benefits that SPH offers.


    Why should I trust SPH? What happens if your site goes down? As an algorithm, SPH is completely agnostic towards the input (your master password) and output (your generated passwords). All calculations and actions are performed locally by your Web browser; SPH does not transmit data or does not store your master password or generated passwords.

    You can download SPH and run it locally as an App for Mac, iPhone or iPad. You can also run SPH locally on your web browser.


    Technical details Password Hasher BA.net uses the scrypt key derivation function to generate passwords. Your parameter inputs are concatenated and used as the salt for the scrypt function.

    The process is as follows (pseudocode):

  • key = scrypt(passphrase, salt, N=213, r=8, p=1, dkLen=32)
  • keypair = generate_bitcoin_keypair(sha256(key))
  • Scrypt is a memory-intensive function that is deliberately slow to frustrate brute-force attacks. Performance may vary depending on your hardware


    License Terms No Warranty You should only use HashPass if you understand how it works, including its benefits and its limitations. Code is Open Source GPL provided with NO Warranty.


    Service provided with No Warranty Terms of Service. Open source code for this Bitcoin wallet and tools available http://ba.net/bitcoin/src

    Send us some satoshis
    1DqacfdHTKmJQ8MfUDCHmqFXYzj49XBbVH




    Scrypt Password Generator (Like 1Password) . FAQ . Apps . Bitcoin Utils



    New Address . Multisig . Wallet

    ฿alance . Send Bitcoin . My Address

    Price . new . Help . Menu . PRO