Re: Command-line password manager?
Hashing with each web site address does in principle breach the rule of "don't re-use one password on multiple sites", even with variations.
Not really ... the advice not to use the same password on multiple sites is there to prevent someone who discovers your password from trying it on all/any other sites for which you have an account. Clearly, if someone discovers (say) that your password on El Reg is elreg!mysecret they're likely to try linkedin!mysecret to break into your LinedIn account, and so on ... but only because this is a manual attack and the attacker can see at a glance what your method is.
If the passwords you use are actually hashes, you're not reusing the same password or any part of it for multiple sites in any obvious or discernible way -- just reusing some of the input data for a hash -- so the situation is quite different.
If someone discovers the hash you use as a password for El Reg, they are not going to be able to work out what that hash is a hash of (that's kind-of the point of using a hash) so they won't be able to substitute other service names in the same way. If the attacker is able to discover by some means what process you go through to compute the hash then all bets are off ... but given the ways most passwords become compromised that's not very likely, and the hashing method is pretty safe.
Biting the hand that feeds IT
