Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What's your opinion on SuperGenPass and the like? I'm sure it would still get cracked, but I feel that it would take a lot of effort to crack the provider's hash, even if it were md5, and then less effort to crack the SuperGenPass hash, so hopefully nobody would recognise it or bother...


Not entirely on-topic but SuperGenPass and probably similar bookmarklets has a security problem:

http://akibjorklund.com/2009/supergenpass-is-not-that-secure


Ah, I hadn't considered that... That's a shame...


Just wanted to point out that any implementation as a browser extension (as opposed to bookmarklet) is safe from DOM manipulation; searching on Google for "supergenpass extension" returns results for at least Chrome, Firefox and Opera.


I'm not so sure, the extension still appends DOM elements, I'm sure those are just as susceptible to sniffing...


I haven't looked at the code or even used it that much, but it seems like it only uses content scripts to insert the password into the field, and everything else is dealt with by the popup/background page, which websites don't have access to.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: