Password generation/management in JavaScript

Details behind this page (experiment fearlessly with made-up passwords; read this before entering real, non-pretend passwords or sensitive information into this form). Hit Ctrl-U to see the underlying Javascript.

Enter any message to generate passwords

Message abc
E-mail
Amazon
cPanel (mixed-case letters and numbers only)
Facebook
GitHub (must have at least one 'special' and one digit)
Google
PayPal®
Root
Router
Skype™
Twitter
Wifi
Yahoo!
15-digit PIN
10-letter uppercase-only
SHA256
Note SHA-256 hash of ‘abc’ should be: ba7816bf 8f01cfea 414140de 5dae2223 b00361a3 96177a9c b410ff61 f20015ad

Notes: This works by taking the 'message' (master password) you have entered, concatenating it with a random 'salt' phrase, and running it through the SHA256 hashing algorithm. As a test, enter the message 'abc'; the SHA256 hash of it should be as shown above.

The process is repeated, with different salts, for each password. The resulting SHA256 hashes are then encoded as uppercase letters, or mixed-case, or digits, or special characters, of the desired length.

Sites with requirements such as 'must contain at least one number and one special character' posed difficulties. For the GitHub password generated above, one special character and one digit are generated first. The rest of the password may not have any specials or digits in it, but we've at least met the minimum requirement. In principle, this really ought to be handled by generating passwords until the requirement is met; that way, an attacker won't start out knowing that the first character is special and that the second one is a digit. But I'm not much of a Javascript programmer.

Site names above are illustrative only.

As the source code shows (hit Ctrl-U to see it), you can specify the 'special' characters for each password. Many sites will object to specific characters, so you really need that ability.