Your passphrase (and optional second component) + service name + version are combined into a single string. That string is hashed through SHA-256 — the same cryptographic function used in Bitcoin, TLS, and digital signatures. The hash is then re-hashed through multiple rounds to deepen the derivation, making brute-force exponentially harder.
The engine accepts one or two knowledge components. The output looks identical regardless of which mode was used. An attacker looking at a leaked password has no way to determine whether it was derived from a single passphrase or a split-knowledge pair. This forces them to attack both strategies simultaneously — the search space includes all single-phrase possibilities AND all two-component combinations. The uncertainty itself is a defense layer.
The engine runs SHA-256 for multiple rounds (key stretching). Even a simple passphrase is hardened through repeated hashing before producing the final password. Each round multiplies the computational cost of brute-force.
For maximum security, split your secret into two independent components — a phrase and a personal fact. Neither is useful alone. An attacker who knows one component, the algorithm, and the service name still can't derive your password without the other.
Password managers store encrypted vaults — that's a target. This engine stores nothing. The password is regenerated from your memory each time. No database = no breach target.
If a service forces a password change, increment the version (1 → 2). New password, same inputs.
Everything happens in your browser. JavaScript's Web Crypto API performs the SHA-256. Zero network requests. No data leaves your machine. View the source to verify.