Hashapass:

automatically generates strong passwords from a master password and a parameter.

Given the same master password and parameter, Hashapass will always give you the same result.

Useful to keep a sensible security on all those websites (until something like OpenID is more widespread). Works well, but I can’t trust it if I can’t run the code outside the browser.

Here is some java source to scratch that itch. I search for HmacSHA1, HMAC-SHA1, and HMAC/SHA1 in order, as some JCE provider chose to not follow the guidlines for algorithm names.

All you need is there, except a Base64 implementation. I use TSIK Base64 (Java source) but any valid implementation should do (remember to adjust the last line’s Base64.encode() call accordingly.)

import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

public class Hashaspass
{
  public static void main(String[] argv) 
    throws Exception
  {
    if (argv.length != 2) {
      String s="usage: Hashapass parameter master";
      System.err.println(s);
      return;
    }
    String param = argv[0];
    byte[] data = param.getBytes();
    String master = argv[1];
    byte[] b = master.getBytes();
    SecretKeySpec shaMacKey 
      = new SecretKeySpec(b, "HmacSHA1");
    Mac mac = null;
    try { 
      mac = Mac.getInstance("HmacSHA1");
    } catch(NoSuchAlgorithmException nsae) {
      try { 
        mac = Mac.getInstance("HMAC-SHA1");
      } catch(NoSuchAlgorithmException nsae1) {
        // Entrust/IAIK uses "HMAC/SHA"
        mac = Mac.getInstance("HMAC/SHA1");
      }
    }
    if (mac == null) {
      String s="Can't find usable SHA1 HMAC";
      throw new RuntimeException(s);
    }
    mac.init(shaMacKey);
    b = mac.doFinal(data);
    System.out.println(Base64.encode(b)
      .substring(0, 8));
  }
}