Fwd: confirm 9a85e83e9531356d37cfd8581573d167b99c16f8

[Graham Fawcett]

On Friday, 11 April 2014 at 16:42:30 UTC, Walter Bright wrote:
> On 4/11/2014 5:18 AM, Steven Schveighoffer wrote:
>> If, after the last year of hacking, and the heartbleed bug, 
>> people are not using
>> password tracker/generators, you haven't learned anything :)
>
> But those pw managers are a single point of failure. One 
> mistake and you've compromised or lost everything. If your 
> machine it is installed on is stolen, you've lost all your 
> passwords. Etc.

For less critical passwords, I use a JavaScript bookmarklet with 
the code below. It's mostly an MD5 implementation. It takes the 
base URL of the current page, concatenates a salt, and then 
MD5-hashes the result. Then it pops up a dialog box containing 
the hash, and that's my password for that site.

It doesn't work on crappy sites with silly restrictions (so many 
numbers, no more than X characters -- that last one especially 
makes my blood boil, because you *know* they aren't properly 
hashing your password), but most modern sites accept it just fine.

Please don't use this yourself without changing the salt to 
something very un-guessable. And please don't hack my system, 
grab my bookmark settings, and figure out my salt...

I don't remember where I found the MD5 implementation. It's not 
mine, and I didn't keep a reference.

Graham

javascript:var host=document.location.host; var hexcase = 0;  /* 
hex output format. 0 - lowercase; 1 - uppercase        */ var 
b64pad  = ""; /* base-64 pad character. "=" for strict RFC 
compliance   */ var chrsz   = 8;  /* bits per input character. 8 
- ASCII; 16 - Unicode      */  function hex_md5(s){ return 
binl2hex(core_md5(str2binl(s), s.length * chrsz));}  function 
b64_md5(s){ return binl2b64(core_md5(str2binl(s), s.length * 
chrsz));} function str_md5(s){ return 
binl2str(core_md5(str2binl(s), s.length * chrsz));} function 
hex_hmac_md5(key, data) { return binl2hex(core_hmac_md5(key, 
data)); } function b64_hmac_md5(key, data) { return 
binl2b64(core_hmac_md5(key, data)); } function str_hmac_md5(key, 
data) { return binl2str(core_hmac_md5(key, data)); }  /*  * 
Perform a simple self-test to see if the VM is working  */ 
function md5_vm_test() {   return hex_md5("abc") == 
"900150983cd24fb0d6963f7d28e17f72"; }  /*  * Calculate the MD5 of 
an array of little-endian words, and a bit length  */ function 
core_md5(x, len) {   /* append padding */   x[len >> 5] |= 0x80 
<< ((len) %25 32);   x[(((len + 64) >>> 9) << 4) + 14] = len;    
var a =  1732584193;   var b = -271733879;   var c = -1732584194; 
   var d =  271733878;    for(var i = 0; i < x.length; i += 16)   
{     var olda = a;     var oldb = b;     var oldc = c;     var 
oldd = d;      a = md5_ff(a, b, c, d, x[i+ 0], 7 , -680876936);   
   d = md5_ff(d, a, b, c, x[i+ 1], 12, -389564586);     c = 
md5_ff(c, d, a, b, x[i+ 2], 17,  606105819);     b = md5_ff(b, c, 
d, a, x[i+ 3], 22, -1044525330);     a = md5_ff(a, b, c, d, x[i+ 
4], 7 , -176418897);     d = md5_ff(d, a, b, c, x[i+ 5], 12,  
1200080426);     c = md5_ff(c, d, a, b, x[i+ 6], 17, 
-1473231341);     b = md5_ff(b, c, d, a, x[i+ 7], 22, -45705983); 
     a = md5_ff(a, b, c, d, x[i+ 8], 7 ,  1770035416);     d = 
md5_ff(d, a, b, c, x[i+ 9], 12, -1958414417);     c = md5_ff(c, 
d, a, b, x[i+10], 17, -42063);     b = md5_ff(b, c, d, a, 
x[i+11], 22, -1990404162);     a = md5_ff(a, b, c, d, x[i+12], 7 
,  1804603682);     d = md5_ff(d, a, b, c, x[i+13], 12, 
-40341101);     c = md5_ff(c, d, a, b, x[i+14], 17, -1502002290); 
     b = md5_ff(b, c, d, a, x[i+15], 22,  1236535329);      a = 
md5_gg(a, b, c, d, x[i+ 1], 5 , -165796510);     d = md5_gg(d, a, 
b, c, x[i+ 6], 9 , -1069501632);     c = md5_gg(c, d, a, b, 
x[i+11], 14,  643717713);     b = md5_gg(b, c, d, a, x[i+ 0], 20, 
-373897302);     a = md5_gg(a, b, c, d, x[i+ 5], 5 , -701558691); 
     d = md5_gg(d, a, b, c, x[i+10], 9 ,  38016083);     c = 
md5_gg(c, d, a, b, x[i+15], 14, -660478335);     b = md5_gg(b, c, 
d, a, x[i+ 4], 20, -405537848);     a = md5_gg(a, b, c, d, x[i+ 
9], 5 ,  568446438);     d = md5_gg(d, a, b, c, x[i+14], 9 , 
-1019803690);     c = md5_gg(c, d, a, b, x[i+ 3], 14, 
-187363961);     b = md5_gg(b, c, d, a, x[i+ 8], 20,  
1163531501);     a = md5_gg(a, b, c, d, x[i+13], 5 , 
-1444681467);     d = md5_gg(d, a, b, c, x[i+ 2], 9 , -51403784); 
     c = md5_gg(c, d, a, b, x[i+ 7], 14,  1735328473);     b = 
md5_gg(b, c, d, a, x[i+12], 20, -1926607734);      a = md5_hh(a, 
b, c, d, x[i+ 5], 4 , -378558);     d = md5_hh(d, a, b, c, x[i+ 
8], 11, -2022574463);     c = md5_hh(c, d, a, b, x[i+11], 16,  
1839030562);     b = md5_hh(b, c, d, a, x[i+14], 23, -35309556);  
    a = md5_hh(a, b, c, d, x[i+ 1], 4 , -1530992060);     d = 
md5_hh(d, a, b, c, x[i+ 4], 11,  1272893353);     c = md5_hh(c, 
d, a, b, x[i+ 7], 16, -155497632);     b = md5_hh(b, c, d, a, 
x[i+10], 23, -1094730640);     a = md5_hh(a, b, c, d, x[i+13], 4 
,  681279174);     d = md5_hh(d, a, b, c, x[i+ 0], 11, 
-358537222);     c = md5_hh(c, d, a, b, x[i+ 3], 16, -722521979); 
     b = md5_hh(b, c, d, a, x[i+ 6], 23,  76029189);     a = 
md5_hh(a, b, c, d, x[i+ 9], 4 , -640364487);     d = md5_hh(d, a, 
b, c, x[i+12], 11, -421815835);     c = md5_hh(c, d, a, b, 
x[i+15], 16,  530742520);     b = md5_hh(b, c, d, a, x[i+ 2], 23, 
-995338651);      a = md5_ii(a, b, c, d, x[i+ 0], 6 , 
-198630844);     d = md5_ii(d, a, b, c, x[i+ 7], 10,  
1126891415);     c = md5_ii(c, d, a, b, x[i+14], 15, 
-1416354905);     b = md5_ii(b, c, d, a, x[i+ 5], 21, -57434055); 
     a = md5_ii(a, b, c, d, x[i+12], 6 ,  1700485571);     d = 
md5_ii(d, a, b, c, x[i+ 3], 10, -1894986606);     c = md5_ii(c, 
d, a, b, x[i+10], 15, -1051523);     b = md5_ii(b, c, d, a, x[i+ 
1], 21, -2054922799);     a = md5_ii(a, b, c, d, x[i+ 8], 6 ,  
1873313359);     d = md5_ii(d, a, b, c, x[i+15], 10, -30611744);  
    c = md5_ii(c, d, a, b, x[i+ 6], 15, -1560198380);     b = 
md5_ii(b, c, d, a, x[i+13], 21,  1309151649);     a = md5_ii(a, 
b, c, d, x[i+ 4], 6 , -145523070);     d = md5_ii(d, a, b, c, 
x[i+11], 10, -1120210379);     c = md5_ii(c, d, a, b, x[i+ 2], 
15,  718787259);     b = md5_ii(b, c, d, a, x[i+ 9], 21, 
-343485551);      a = safe_add(a, olda);     b = safe_add(b, 
oldb);     c = safe_add(c, oldc);     d = safe_add(d, oldd);   }  
  return Array(a, b, c, d);  }  /*  * These functions implement 
the four basic operations the algorithm uses.  */ function 
md5_cmn(q, a, b, x, s, t) {   return 
safe_add(bit_rol(safe_add(safe_add(a, q), safe_add(x, t)), s),b); 
} function md5_ff(a, b, c, d, x, s, t) {   return md5_cmn((b & c) 
| ((~b) & d), a, b, x, s, t); } function md5_gg(a, b, c, d, x, s, 
t) {   return md5_cmn((b & d) | (c & (~d)), a, b, x, s, t); } 
function md5_hh(a, b, c, d, x, s, t) {   return md5_cmn(b ^ c ^ 
d, a, b, x, s, t); } function md5_ii(a, b, c, d, x, s, t) {   
return md5_cmn(c ^ (b | (~d)), a, b, x, s, t); }  /*  * Calculate 
the HMAC-MD5, of a key and some data  */ function 
core_hmac_md5(key, data) {   var bkey = str2binl(key);   
if(bkey.length > 16) bkey = core_md5(bkey, key.length * chrsz);   
  var ipad = Array(16), opad = Array(16);   for(var i = 0; i < 16; 
i++)   {     ipad[i] = bkey[i] ^ 0x36363636;     opad[i] = 
bkey[i] ^ 0x5C5C5C5C;   }    var hash = 
core_md5(ipad.concat(str2binl(data)), 512 + data.length * chrsz); 
   return core_md5(opad.concat(hash), 512 + 128); }  /*  * Add 
integers, wrapping at 2^32. This uses 16-bit operations 
internally  * to work around bugs in some JS interpreters.  */ 
function safe_add(x, y) {   var lsw = (x & 0xFFFF) + (y & 
0xFFFF);   var msw = (x >> 16) + (y >> 16) + (lsw >> 16);   
return (msw << 16) | (lsw & 0xFFFF); }  /*  * Bitwise rotate a 
32-bit number to the left.  */ function bit_rol(num, cnt) {   
return (num << cnt) | (num >>> (32 - cnt)); }  /*  * Convert a 
string to an array of little-endian words  * If chrsz is ASCII, 
characters >255 have their hi-byte silently ignored.  */ function 
str2binl(str) {   var bin = Array();   var mask = (1 << chrsz) - 
1;   for(var i = 0; i < str.length * chrsz; i += chrsz)     
bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (i%25 32);   
return bin; }  /*  * Convert an array of little-endian words to a 
string  */ function binl2str(bin) {   var str = "";   var mask = 
(1 << chrsz) - 1;   for(var i = 0; i < bin.length * 32; i += 
chrsz)     str += String.fromCharCode((bin[i>>5] >>> (i %25 32)) 
& mask);   return str; }  /*  * Convert an array of little-endian 
words to a hex string.  */ function binl2hex(binarray) {   var 
hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";   
var str = "";   for(var i = 0; i < binarray.length * 4; i++)   {  
    str += hex_tab.charAt((binarray[i>>2] >> ((i%25 4)*8+4)) & 
0xF) +            hex_tab.charAt((binarray[i>>2] >> ((i%25 4)*8  
)) & 0xF);   }   return str; }  /*  * Convert an array of 
little-endian words to a base-64 string  */ function 
binl2b64(binarray) {   var tab = 
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 
   var str = "";   for(var i = 0; i < binarray.length * 4; i += 3) 
   {     var triplet = (((binarray[i   >> 2] >> 8 * ( i   %25 4)) 
& 0xFF) << 16)                 | (((binarray[i+1 >> 2] >> 8 * 
((i+1)%25 4)) & 0xFF) << 8 )                 |  ((binarray[i+2 >> 
2] >> 8 * ((i+2)%25 4)) & 0xFF);     for(var j = 0; j < 4; j++)   
   {       if(i * 8 + j * 6 > binarray.length * 32) str += b64pad; 
       else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);     }  
  }   return str; }  ; var SALT='YOUR_SALT_GOES_HERE'; 
prompt('result for ' + host + ':', (b64_md5(SALT + 
':&#*$'%20+%20host)));%20void(0);