For Mac and PC versions of Safari, Firefox, or Chrome, simply add this link to your bookmarks: Site Password.
For iPhone, iPad, or iPod Touch, you can follow these instructions.
First, you need to decide on a master passphrase. You will use this passphrase to generate all your site passwords, so make it a good one. A sentence that is easy to remember and known only to you is a good choice.
When you need to create a site-specific password, go to that site, click the "Site Password" bookmarklet, enter your passphrase at the prompt, and click OK.
Paste the displayed password into the page's password field.
When you need to log back in later, type in the exact same passphrase while viewing that site, and you will get the same generated password.
Skeleton Key uses the SHA-256 and RFC 2104 HMAC algorithms to combine the site domain and passphrase.
By default, the generated site password will be 14 characters of base 58 encoded text. This carries about 82 bits of entropy and complies with the password rules of most sites.
If you need a shorter password or special characters to satisfy restrictive site rules, just make the change to the generated password before you paste it into the password field. Of course, you can always modify the bookmarklet source code to better suit your needs.
The project includes a build.js file which minifies the Javascript source and then URI encodes it. The script requires Node and UglifyJS.
You can also use the included Python version of the Skeleton Key logic to test the correctness of the compiled bookmarklet.
Javascript cryptographic algorithms are based on the jsSHA library by Brian Turek.
Skeleton Key is released under the BSD license:
Copyright (c) 2011, David Arnold
Portions derived from jsSHA (jssha.sf.net), copyright Brian Turek
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
- Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
- The names of the contributors may not be used to endorse or
promote products derived from this software without specific
prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
You can contact me on Twitter @david_n_arnold
You can download this project in either zip or tar formats.
You can also clone the project with Git by running:
$ git clone git://github.com/davidarnold/skeletonkey