hshwd

hshwd is an open-source offline tool that generates strong, unique passwords from weak ones in a deterministic way, using the properties of hash functions. It is the successor of pwgen.

How it works (short version)

The basic principle is very simple: you input an easy-to-remember password, and the app hashes it to make it long and random-looking (in our case, hshwd uses SHA-256).
Hashing is very interesting in this context because of the following properties:

Hashing is deterministic: given a same input, you will always obtain the same output (so you can generate back your strong password whenever you need it)
Hashing is not reversible: an infinite number of inputs map to the same output, therefore it is impossible to know what the original input was given a single output (so if one of your generated passwords is exposed, it provides no information about the "seed" password you used)
The slightest change in the input changes the output completely: this is useful for creating unique passwords that seem unrelated to each other

However, hashing alone is not enough to defend against dictionary attacks because a hash takes negligible time to compute in the case of SHA-256.

To defend against this, hshwd iterates the hashing step multiple times to make it slower for an attacker to compute password candidates, and salts each iteration to add yet another unknown variable. The number of iterations and the salt are chosen by the user so that an attacker has no idea how many times they need to iterate the hashing step and what they need to salt each iteration with, which makes it virtually impossible to guess the "seed" password given a generated password.

If you want to learn more about the inner workings of hshwd, you can read the release blog post or check the source code.

Usage

The intended use case of hshwd is creating many unique passwords for your online accounts.

As mentioned in the previous section, to generate a strong password with hshwd you need to choose:

A random number, preferably 5 digits long or more (the larger the number, the slower it is to generate a password)
A random salt (anything will do)

Then, type whatever you want as a "seed" password and append a unique string of characters related to the service you're creating a password for (you can, for instance, write the name of the website). This is to ensure that all your passwords are different.

Example:
Let's create a strong password for our Netflix account, based on the "seed" password '1234' (which is bad, don't do this).
With 11.257 iterations and 'salty' as the salt, the input:

1234+netflix

will output the following:

8/5B9`ec95RNu_EjLCq1mDNE~nsieL"`

Let's now create a password for our Gmail account with the same parameters:

1234+gmail

will output the following:

\I|fo$fB#'8_'VKe;5Z>!N#@Bo{B_lH#

A same combination of inputs (number of iterations, salt and password) will always produce the same output, so you don't have to memorize the generated password as you can generate it back every time you need it.

Note: It is strongly recommended that you use a strong password as input (not one from this list, and not one that you have used before).

FAQ

See the Release of hshwd blog post.

Downloads

hshwd is open-source and distributed under the MIT License.
It is available on desktop as a command line tool (in Rust), and on mobile as an app (made with Godot Engine).