This form can be used for deriving passwords from a master password and a parameter. Unlike random password generators, with this form you don't need to write down the generated passwords, so long as you remember the master password and the parameters.
| Example | Master password | Parameters | Variant passwords |
| You have many web accounts; you do not wish your passwords to be too simple, but you also don't want to have to remember many passwords. Keep your master password secret and use the website name as a variant to generate a password for that website. | abcd1234 |
yahoo hotmail bank |
mALLiLOZ KoipEnh8 eZhMfYGo |
| Your IT dept manages a large number of computers. You want to set up a different root password for each of them but want to avoid to have to store a database of passwords. | ITSharedSecret |
machineID1 machineID2 machineID3 |
JbLETo3Q elEEh1nh 3/hckpx4 |
This form uses JavaScript computation, which is portable across many web browsers and is generally executed locally. The parameter, master password and variant passwords are thus not transmitted on the network, at least not through this page.
The variant password is computed as the first 8 characters of the Base-64 encoding of HMAC-SHA1(master password, parameter) for the regular version, and the full Base-64 encoding (without the usual "equal sign" padding) for the long version.
This form uses the following implementation of HMAC-SHA1:
* A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined * in FIPS PUB 180-1 * Version 2.1 Copyright Paul Johnston 2000 - 2002. * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet * Distributed under the BSD License * See http://pajhome.org.uk/crypt/md5 for details.