Password Hashing Revisited

Sam Ruby and Jon Udell points to Nic Wolff's password generator as a simple ingenious simple single sign-on (SSO) solution. It's a neat technique but the core idea is definitely not a new one.

For example, Dan Boneh and Stanford students used it in PwdHash, an IE plugin, as an anti-phishing solution. Applying the technique on the password generation side reduces some weaknesses in the PwdHash solution but there are still significant user experience and security issues remaining.

Also, countless lazy yet paranoid users have practiced the technique manually ever since the password input box was invented. Please don't remind me how long ago that was. Not on my birthday.