Last week, I was glad to be a supergenpass user: gawker.com was hacked and a huge number of their username/password hashes was exposed. While I am not happy with the fact my email was part of the leak and I've stopped reading anything from them, I know there are very little chances for me to get problems with that, because the password I used on their site was not reused elsewhere.
But supergenpass is not that secure. Any script executed in the same page as supergenpass is able to see your master password. If the webmaster of the site you are visiting is evil, he could grab your master password and hack all your accounts. If you are a vimperator/pentadactyl user, it is easy to fix that, by executing supergenpass as a shell command (What follows is from my pentadactylrc):
map -modes=n,v <C-F6> y:!~/.scripts/supergenpass<Space>'<S-Insert>'<Return><Esc>2gi<S-Insert><Return> map -modes=i <C-F6> <Esc><C-F6>
~/.scripts/supergenpass is a python supergenpass script I
customized for my needs (it uses the gtk-based ssh-askpass program to get
the password, instead of using the python getpass library, which is
command line based). You'll find it in my
Original version from Michael
A little explanation:
CTRL-F6is the shortcut to trigger the script (I've been using it for ages, it is originally the default shortcut used in the password hasher firefox extension).
yyanks the url,
:!~/.scripts/supergenpass<Space>'<S-Insert>'<Return>will call the program
~/.scripts/supergenpasswith the content of the clipboard (using
<Esc>2giwill then focus the second field (I usually call it once I've filled my login)
<S-Insert>will paste the clipboard (now filled with the generated password) in this focused field.