Show HN: Dead simple no storage password manager
github.comThis appears to be using the passphrase as an hmac key directly, with the URL.hostname as the value.
Unless the user memorizes a proper randomly generated key, this is going to be brute-forcable based on a single website’s generated password, which would then allow all other websites to be accessed.
Also, if a website ever changes its domain name, you’re going to have trouble.
This appears to be a weekend project, and I don’t want to be overly negative, but do not use this as-is. This is more than dead-simple: this is deadly simple.