The application name is the name of the website or service you are logging into. This can be any name you want, but it should be descriptive enough to help you remember what the password is for. If you always set the other parameters the same, this name will be the variable that makes the generated passwords unique to that website or service.

A use case that shows how CarryPass can be used for password creation.

Let's suppose you want to log into the https://quotes.toscrape.com site, where you registered earlier with the password created with CarryPass.

You type the following:

Application name: Quotes
Master password: LoV3DoNuT5#FeaR:STHeM:ND-K:||eR

You decide to leave the next two parameters on factory setting.
Password length: 21
Counter: 21000

You click on Use Salt
Salt: VKYVTWZCHVT2VCHOKXTJQUTWVDOVSVTS

You click on Create a [a2B-4cD] type Password

CarryPass creates the main password V2aEM9u-83fWo9F-GYBIeSQ and copies it to the clipboard so you can paste it in the password field on the login page of 'Quotes'.

CarryPass also creates 5 additional passwords, so they are available if a password change is required.

As long as the parameters are the same you always get back the same passwords, and while you do not have to remember their complexity, they stay private using CarryPass. CarryPass does not store passwords or any data generated or entered on this site.

Password length plays a significant role in determining its security because longer passwords generally provide stronger protection against various types of attacks, including brute-force and dictionary attacks.

Here's how password length affects security:
Brute-force attacks: These attacks involve trying all possible combinations of characters until the correct password is found. Longer passwords increase the number of possible combinations, making brute-force attacks exponentially more difficult and time-consuming.
Dictionary attacks: In these attacks, attackers use precompiled lists of commonly used passwords or words from dictionaries to guess passwords. Longer passwords that include a mix of uppercase and lowercase letters, numbers, and special characters are less likely to be found in these lists.
Entropy: Password entropy refers to the measure of randomness or uncertainty in a password. Longer passwords typically have higher entropy, meaning they are more unpredictable and harder to crack.
Resistance to password cracking tools: Password cracking tools rely on algorithms to guess passwords by trying various combinations. Longer passwords increase the time and computational resources required to crack them, making them more resistant to these tools.

In summary, longer passwords are generally more secure because they increase the complexity and difficulty of guessing or cracking them, thereby enhancing the overall security of your accounts. However, it's essential to balance length with other factors such as randomness and diversity of characters to create strong and resilient passwords.

CarryPass uses a key-stretching algorithm PBKDF2 (Password-Based Key Derivation Function 2) to generate the base for the password creation process. By changing the iteration count value you change the created passwords even if all other parameters remain unchanged.

The iteration count in PBKDF2 is a parameter that determines the number of times a cryptographic hash function is iterated during the key derivation process. This parameter is crucial for strengthening the security of derived keys, particularly in the context of password hashing.

Here's why the iteration count is important:
Key Strengthening: Increasing the iteration count increases the computational effort required to derive the key from the password. This effectively slows down the key derivation process, making it more resistant to brute-force and dictionary attacks. Each additional iteration exponentially increases the time and resources required to derive the key, thereby enhancing security.
Resistance to Attacks: A higher iteration count makes it significantly more difficult for attackers to guess passwords through exhaustive search or dictionary-based attacks. Even if an attacker obtains a hashed password, they would need to expend considerable computational resources to derive the original password through brute force, especially if a sufficiently high iteration count is used.
Adaptability to Hardware Improvements: As computing power increases over time due to advancements in hardware technology, what constitutes a secure iteration count may change. By adjusting the iteration count based on current hardware capabilities, PBKDF2 can maintain its effectiveness against evolving threats.

In summary, the iteration count in PBKDF2 is essential for enhancing the security of derived keys by increasing the computational cost of key derivation, thereby making it more challenging for attackers to compromise passwords through brute-force or dictionary attacks.

In PBKDF2 (Password-Based Key Derivation Function 2), a salt is a random value that is combined with the password before hashing. The purpose of using a salt is to defend against various cryptographic attacks, particularly rainbow table attacks.
For convenience's sake CarryPass generates a salt using the application name and the master password provided by you. This process does not produce a random value, but still adds complexity to the password creation process. If you are willing to sacrifice convenience for security, you can use your own random salt. If you want the best of both worlds you can use a long password as salt. This should be different from your master password, kept secret, not used in any other application, and should be unique for each application that you create passwords for.

Here's why salt is important in PBKDF2:
Protection Against Rainbow Table Attacks: A rainbow table is a precomputed table of hash values for commonly used passwords. Attackers can use rainbow tables to quickly look up the hash of a known password and find the corresponding plaintext password. By adding a salt to each password before hashing it, even if two users have the same password, their hashed passwords will be different due to the unique salts. This prevents attackers from using precomputed tables effectively, as they would need to generate new tables for each salt value.
Increased Complexity: Salting increases the complexity of the hashing process for attackers. Each unique salt requires attackers to perform a separate brute-force or dictionary attack for each hashed password, significantly increasing the computational effort required to crack passwords.
Protection of Identical Passwords: Without salt, identical passwords would result in identical hash values. This means if an attacker compromises one hashed password, they could potentially gain access to all accounts using the same password. Salting ensures that even identical passwords produce different hash values, mitigating this risk.
Enhanced Security: By using a salt, PBKDF2 provides an additional layer of security for password storage in the application you use it to log into, making it more resilient to various cryptographic attacks.

In summary, the use of salt in PBKDF2 is crucial for defending against rainbow table attacks, increasing the complexity of password cracking, protecting identical passwords, and enhancing overall security in password-based systems.